Auto Generated cves.json [Thu Feb 16 08:59:42 UTC 2023] 🤖
parent
bce8259fea
commit
b3cce7e2a1
10
cves.json
10
cves.json
|
@ -342,7 +342,7 @@
|
|||
{"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-0929.yaml"}
|
||||
{"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000028.yaml"}
|
||||
{"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000029.yaml"}
|
||||
{"ID":"CVE-2017-1000163","Info":{"Name":"The Phoenix Framework versions 1.0.0 - Open redirect","Severity":"medium","Description":"The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-1000163.yaml"}
|
||||
{"ID":"CVE-2017-1000163","Info":{"Name":"Phoenix Framework - Open Redirect","Severity":"medium","Description":"Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-1000163.yaml"}
|
||||
{"ID":"CVE-2017-1000170","Info":{"Name":"WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion","Severity":"high","Description":"WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000170.yaml"}
|
||||
{"ID":"CVE-2017-1000486","Info":{"Name":"Primetek Primefaces 5.x - Remote Code Execution","Severity":"critical","Description":"Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-1000486.yaml"}
|
||||
{"ID":"CVE-2017-10075","Info":{"Name":"Oracle Content Server - Cross-Site Scripting","Severity":"high","Description":"Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2017/CVE-2017-10075.yaml"}
|
||||
|
@ -729,7 +729,7 @@
|
|||
{"ID":"CVE-2020-12720","Info":{"Name":"vBulletin SQL Injection","Severity":"critical","Description":"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-12720.yaml"}
|
||||
{"ID":"CVE-2020-12800","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.3.3 - Remote Code Execution","Severity":"critical","Description":"WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-12800.yaml"}
|
||||
{"ID":"CVE-2020-13117","Info":{"Name":"Wavlink Multiple AP - Remote Command Injection","Severity":"critical","Description":"Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the \"key\" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-13117.yaml"}
|
||||
{"ID":"CVE-2020-13121","Info":{"Name":"Submitty 20.04.01 - Open redirect","Severity":"medium","Description":"Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.","Classification":{"CVSSScore":"6.10"}},"file_path":"cves/2020/CVE-2020-13121.yaml"}
|
||||
{"ID":"CVE-2020-13121","Info":{"Name":"Submitty \u003c= 20.04.01 - Open Redirect","Severity":"medium","Description":"Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.10"}},"file_path":"cves/2020/CVE-2020-13121.yaml"}
|
||||
{"ID":"CVE-2020-13158","Info":{"Name":"Artica Proxy Community Edition \u003c4.30.000000 - Local File Inclusion","Severity":"high","Description":"Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-13158.yaml"}
|
||||
{"ID":"CVE-2020-13167","Info":{"Name":"Netsweeper \u003c=6.4.3 - Python Code Injection","Severity":"critical","Description":"Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-13167.yaml"}
|
||||
{"ID":"CVE-2020-13258","Info":{"Name":"Contentful \u003c=2020-05-21 - Cross-Site Scripting","Severity":"medium","Description":"Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-13258.yaml"}
|
||||
|
@ -1101,7 +1101,7 @@
|
|||
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}
|
||||
{"ID":"CVE-2021-30049","Info":{"Name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30049.yaml"}
|
||||
{"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30128.yaml"}
|
||||
{"ID":"CVE-2021-30134","Info":{"Name":"php-mod/curl Library - Cross-Site Scripting","Severity":"medium","Description":"php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
|
||||
{"ID":"CVE-2021-30134","Info":{"Name":"php-mod/curl Library - Cross-Site Scripting","Severity":"medium","Description":"php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
|
||||
{"ID":"CVE-2021-30151","Info":{"Name":"Sidekiq \u003c=6.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30151.yaml"}
|
||||
{"ID":"CVE-2021-3017","Info":{"Name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","Severity":"high","Description":"Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3017.yaml"}
|
||||
{"ID":"CVE-2021-3019","Info":{"Name":"ffay lanproxy Directory Traversal","Severity":"high","Description":"ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3019.yaml"}
|
||||
|
@ -1574,12 +1574,12 @@
|
|||
{"ID":"CVE-2022-4447","Info":{"Name":"Fontsy \u003c= 1.8.6 - Unauthenticated SQLi","Severity":"critical","Description":"The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
|
||||
{"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
|
||||
{"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
|
||||
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning platform \u003c= 7.15 - Open Redirect","Severity":"medium","Description":"ILIAS before 7.16 has an Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
|
||||
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
|
||||
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45933.yaml"}
|
||||
{"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c= 1.2.22 Unauthenticated Command Injection","Severity":"critical","Description":"The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-46169.yaml"}
|
||||
{"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46381.yaml"}
|
||||
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47945.yaml"}
|
||||
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47966.yaml"}
|
||||
{"ID":"CVE-2022-47986","Info":{"Name":"Pre-Auth RCE in Aspera Faspex","Severity":"critical","Description":"IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47986.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"critical","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian - Host Header Injection","Severity":"medium","Description":"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24044.yaml"}
|
||||
|
|
Loading…
Reference in New Issue