misc updates

2021-08-29 14:44:12 +05:30 · 2021-08-29 14:44:12 +05:30 · ac68ef0e9a
parent 47b2395031
commit ac68ef0e9a
6 changed files with 13 additions and 13 deletions
--- a/cves/2018/CVE-2018-17254.yaml
+++ b/cves/2018/CVE-2018-17254.yaml
@ -6,7 +6,7 @@ info:
  description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
  severity: high
  tags: joomla,sqli,cve,cve2018
-  reference: |
+  reference:
    - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
    - https://www.exploit-db.com/exploits/45423/

--- a/cves/2018/CVE-2018-18777.yaml
+++ b/cves/2018/CVE-2018-18777.yaml
@ -5,8 +5,8 @@ info:
  author: 0x_Akoko
  severity: high
  description: |
-    Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) 
-    allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. 
+    Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage)
+    allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
    (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
  reference: https://www.exploit-db.com/exploits/45755
  tags: microstrategy,lfi
--- a/cves/2018/CVE-2018-9995.yaml
+++ b/cves/2018/CVE-2018-9995.yaml
@ -4,9 +4,9 @@ info:
  author: princechaddha
  severity: high
  description: |
-    TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and 
-    MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass 
-    authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides 
+    TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and
+    MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass
+    authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides
    credentials within JSON data in a response.
  reference:
    - http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
--- a/cves/2021/CVE-2021-24210.yaml
+++ b/cves/2021/CVE-2021-24210.yaml
@ -4,9 +4,9 @@ info:
  name: PhastPress < 1.111 - Open Redirect
  author: 0x_Akoko
  description: |
-    There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page 
-    with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year 
-    ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only 
+    There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page
+    with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year
+    ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only
    go to whitelisted pages but it's possible to redirect the victim to any domain.
  reference: https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb
  severity: low
--- a/cves/2021/CVE-2021-24387.yaml
+++ b/cves/2021/CVE-2021-24387.yaml
@ -4,8 +4,8 @@ info:
  name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
  author: suman_kar
  description: |
-    The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter 
-    in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which 
+    The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
+    in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
    can be triggered in both unauthenticated or authenticated user context
  severity: medium
  tags: cve,cve2021,xss,wordpress
--- a/cves/2021/CVE-2021-35464.yaml
+++ b/cves/2021/CVE-2021-35464.yaml
@ -5,8 +5,8 @@ info:
  name: Pre-auth RCE in ForgeRock OpenAM
  description: |
    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
-    The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted 
-    /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) 
+    The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted
+    /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)
    found in versions of Java 8 or earlier
  severity: critical
  tags: cve,cve2021,openam,rce,java