Description and referenes

2021-03-30 15:10:17 +03:00 · 2021-03-30 15:10:17 +03:00 · c20d89466a
parent 98fd86e313
commit c20d89466a
13 changed files with 47 additions and 15 deletions
--- a/cves/2019/CVE-2019-18394.yaml
+++ b/cves/2019/CVE-2019-18394.yaml
@ -4,7 +4,10 @@ info:
  name: Openfire Full Read SSRF
  author: pdteam - nuclei.projectdiscovery.io
  severity: critical
-  refrense: https://swarm.ptsecurity.com/openfire-admin-console/
+  description: A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
+  refrense: |
+    - https://swarm.ptsecurity.com/openfire-admin-console/
+    - https://github.com/igniterealtime/Openfire/pull/1497
  tags: cve,cve2019,ssrf

 requests:
--- a/cves/2019/CVE-2019-19368.yaml
+++ b/cves/2019/CVE-2019-19368.yaml
@ -4,6 +4,8 @@ info:
  name: Rumpus FTP Web File Manager 8.2.9.1 XSS
  author: madrobot
  severity: medium
+  description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
+  reference: https://github.com/harshit-shukla/CVE-2019-19368/
  tags: cve,cve2019,xss

 requests:
--- a/cves/2019/CVE-2019-19908.yaml
+++ b/cves/2019/CVE-2019-19908.yaml
@ -4,6 +4,8 @@ info:
  name: phpMyChat-Plus XSS
  author: madrobot
  severity: medium
+  description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  reference: https://cinzinga.github.io/CVE-2019-19908/
  tags: cve,cve2019,xss

 requests:
--- a/cves/2019/CVE-2019-19985.yaml
+++ b/cves/2019/CVE-2019-19985.yaml
@ -4,6 +4,7 @@ info:
  name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
  author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
  severity: medium
+  description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
  refrense: https://www.exploit-db.com/exploits/48698
  tags: cve,cve2019,wordpress,wp-plugin

--- a/cves/2019/CVE-2019-2725.yaml
+++ b/cves/2019/CVE-2019-2725.yaml
@ -5,15 +5,12 @@ info:
  author: dwisiswant0
  severity: critical
  tags: cve,cve2019,oracle,weblogic,rce
-
-  # Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
-  # Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
-  # Easily exploitable vulnerability allows unauthenticated attacker
-  # with network access via HTTP to compromise Oracle WebLogic Server.
-  # Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
-  # --
-  # References:
-  # > https://paper.seebug.org/910/
+  description: |
+    Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+  reference: |
+    - https://paper.seebug.org/910/
+    - https://www.exploit-db.com/exploits/46780/
+    - https://www.oracle.com/security-alerts/cpujan2020.html

 requests:
  - method: POST
--- a/cves/2019/CVE-2019-3799.yaml
+++ b/cves/2019/CVE-2019-3799.yaml
@ -3,6 +3,10 @@ info:
  name: Spring-Cloud-Config-Server Directory Traversal
  author: madrobot
  severity: high
+  description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
+  reference: |
+    - https://github.com/mpgn/CVE-2019-3799
+    - https://pivotal.io/security/cve-2019-3799
  tags: cve,cve2019,lfi

 requests:
--- a/cves/2019/CVE-2019-5127.yaml
+++ b/cves/2019/CVE-2019-5127.yaml
@ -4,7 +4,8 @@ info:
  name: YouPHPTube Encoder RCE
  author: pikpikcu
  severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
+  description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
+  reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
  tags: cve,cve2019,rce

 requests:
--- a/cves/2019/CVE-2019-5418.yaml
+++ b/cves/2019/CVE-2019-5418.yaml
@ -4,7 +4,10 @@ info:
  name: File Content Disclosure on Rails
  author: omarkurt
  severity: medium
-  reference: https://github.com/omarkurt/CVE-2019-5418
+  description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
+  reference: |
+    - https://github.com/omarkurt/CVE-2019-5418
+    - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
  tags: cve,cve2019,rails,lfi

 requests:
--- a/cves/2019/CVE-2019-7219.yaml
+++ b/cves/2019/CVE-2019-7219.yaml
@ -4,6 +4,11 @@ info:
  name: Zarafa WebApp Reflected XSS
  author: pd-team
  severity: low
+  description: |
+    Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
+  reference: |
+    - https://github.com/verifysecurity/CVE-2019-7219
+    - https://stash.kopano.io/repos?visibility=public
  tags: cve,cve2019,zarafa,xss

 requests:
--- a/cves/2019/CVE-2019-7609.yaml
+++ b/cves/2019/CVE-2019-7609.yaml
@ -4,7 +4,10 @@ info:
  name: Kibana Timelion Arbitrary Code Execution
  author: dwisiswant0
  severity: critical
-  reference: https://github.com/mpgn/CVE-2019-7609
+  description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  reference: |
+    - https://github.com/mpgn/CVE-2019-7609
+    - https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
  tags: cve,cve2019,kibana,rce

  # Kibana versions before 5.6.15 and 6.6.1
--- a/cves/2019/CVE-2019-8449.yaml
+++ b/cves/2019/CVE-2019-8449.yaml
@ -4,7 +4,10 @@ info:
  name: JIRA Unauthenticated Sensitive Information Disclosure
  author: Harsh Bothra
  severity: medium
-  reference: https://www.doyler.net/security-not-included/more-jira-enumeration
+  description: The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
+  reference: |
+    - https://www.doyler.net/security-not-included/more-jira-enumeration
+    - https://jira.atlassian.com/browse/JRASERVER-69796
  tags: cve,cve2019,atlassian,jira

 requests:
--- a/cves/2019/CVE-2019-8451.yaml
+++ b/cves/2019/CVE-2019-8451.yaml
@ -4,7 +4,10 @@ info:
  name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
  author: TechbrunchFR
  severity: medium
-  reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
+  description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
+  reference: |
+    - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
+    - https://jira.atlassian.com/browse/JRASERVER-69793
  tags: cve,cve2019,atlassian,jira,ssrf

 requests:
--- a/cves/2019/CVE-2019-8903.yaml
+++ b/cves/2019/CVE-2019-8903.yaml
@ -4,6 +4,11 @@ info:
  name: Totaljs - Unathenticated Directory Traversal
  author: madrobot
  severity: high
+  description: index.js in Total.js Platform before 3.2.3 allows path traversal.
+  reference: |
+    - https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
+    - https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
+    - https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
  tags: cve,cve2019,totaljs,lfi

 requests: