parent
1d46aaea83
commit
c5a7d79f5a
|
@ -1,12 +1,16 @@
|
|||
id: CNVD-2020-23735
|
||||
|
||||
info:
|
||||
name: Xxunchi Local File read
|
||||
name: Xxunchi CMS - Local File Inclusion
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/2025171
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-22
|
||||
tags: xunchi,lfi,cnvd,cnvd2020
|
||||
|
||||
requests:
|
||||
|
@ -26,3 +30,5 @@ requests:
|
|||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
id: CNVD-2020-62422
|
||||
|
||||
info:
|
||||
name: Seeyon - Arbitrary File Retrieval
|
||||
name: Seeyon - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Seeyon is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://blog.csdn.net/m0_46257936/article/details/113150699
|
||||
tags: lfi,cnvd,cnvd2020,seeyon
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
words:
|
||||
- "ctpDataSource.password"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2008-5587
|
||||
|
||||
info:
|
||||
name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
|
||||
name: phpPgAdmin <=4.2.1 - Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
|
||||
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/7363
|
||||
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
|
||||
- http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
|
||||
- http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-5587
|
||||
classification:
|
||||
cve-id: CVE-2008-5587
|
||||
metadata:
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cvss-score: 10.0
|
||||
cve-id: CVE-2009-1151
|
||||
cwe-id: CWE-77
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization,kev
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2015-4666
|
||||
|
||||
info:
|
||||
name: Xceedium Xsuite 2.4.4.5 - Directory Traversal
|
||||
name: Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files in the logFile parameter.
|
||||
description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.
|
||||
reference:
|
||||
- https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4666
|
||||
- http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html
|
||||
- http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4666
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -31,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -4,12 +4,12 @@ info:
|
|||
name: Novius OS 5.0.1-elche - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
|
||||
description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
|
||||
- https://vuldb.com/?id.76181
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-5354
|
||||
- http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
|
||||
- https://nvd.nist.gov/vul n/detail/CVE-2015-5354
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -27,3 +27,5 @@ requests:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2015-7780
|
||||
|
||||
info:
|
||||
name: ManageEngine Firewall Analyzer 8.0 - Directory Traversal
|
||||
name: ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
|
||||
description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35933
|
||||
- https://www.cvedetails.com/cve/CVE-2015-7780/
|
||||
- http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html
|
||||
- http://jvn.jp/en/jp/JVN21968837/index.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7780
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -39,3 +40,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "application/xml"
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2018-1271
|
||||
|
||||
info:
|
||||
name: Spring MVC Directory Traversal Vulnerability
|
||||
name: Spring MVC Framework - Local File Inclusion
|
||||
author: hetroublemakr
|
||||
severity: medium
|
||||
description: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
reference:
|
||||
- https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
|
||||
- https://pivotal.io/security/cve-2018-1271
|
||||
- http://web.archive.org/web/20210518132800/https://www.securityfocus.com/bid/103699
|
||||
- https://access.redhat.com/errata/RHSA-2018:1320
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1271
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.9
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -5,13 +5,13 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
|
||||
remediation: Upgrade to Tika 1.18.
|
||||
reference:
|
||||
- https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
|
||||
- https://www.exploit-db.com/exploits/47208
|
||||
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
|
||||
- http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1335
|
||||
remediation: Upgrade to Tika 1.18.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2018-13980
|
||||
|
||||
info:
|
||||
name: Zeta Producer Desktop CMS 14.2.0 - Arbitrary File Retrieval
|
||||
name: Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
|
||||
author: wisnupramoedya
|
||||
severity: medium
|
||||
description: The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
|
||||
description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45016
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-13980
|
||||
- https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/
|
||||
- http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-13980
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Responsive FileManager <9.13.4 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Responsive FileManager before version 9.13.4 is susceptible to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory. Instead, because it does not properly neutralize get_file sequences such as ".." can resolve to a location that is outside of that directory, aka local file inclusion.
|
||||
description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45271
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15535
|
||||
|
@ -33,4 +33,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/07
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2018-16059
|
||||
|
||||
info:
|
||||
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
||||
name: WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
|
||||
description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
||||
- https://www.exploit-db.com/exploits/45342
|
||||
- https://www.exploit-db.com/exploits/45342/
|
||||
- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -33,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2018-16133
|
||||
|
||||
info:
|
||||
name: Cybrotech CyBroHttpServer 1.0.3 Directory Traversal
|
||||
name: Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal in the URI.
|
||||
description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html
|
||||
- http://www.cybrotech.com/
|
||||
- https://www.cvedetails.com/cve/CVE-2018-16133
|
||||
- https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16133
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2018-18775
|
||||
|
||||
info:
|
||||
name: Cross Site Scripting in Microstrategy Web version 7
|
||||
name: Microstrategy Web 7 - Cross-Site Scripting
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter
|
||||
description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45755
|
||||
- http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/45755/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18775
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,17 +1,15 @@
|
|||
id: CVE-2018-18777
|
||||
|
||||
info:
|
||||
name: Path traversal vulnerability in Microstrategy Web version 7
|
||||
name: Microstrategy Web 7 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: |
|
||||
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage)
|
||||
allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
|
||||
(slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
|
||||
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45755
|
||||
- http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/45755/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18777
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 4.3
|
||||
|
@ -34,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2018-18778
|
||||
|
||||
info:
|
||||
name: mini_httpd Path Traversal
|
||||
name: ACME mini_httpd <1.30 - Local File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: ACME mini_httpd before 1.30 lets remote users read arbitrary files.
|
||||
description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/
|
||||
- http://www.acme.com/software/mini_httpd/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18778
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,17 +1,18 @@
|
|||
id: CVE-2018-2392
|
||||
|
||||
info:
|
||||
name: SAP Internet Graphics Server (IGS) XML External Entity
|
||||
name: SAP Internet Graphics Server (IGS) - XML External Entity Injection
|
||||
author: _generic_human_
|
||||
severity: high
|
||||
description: |
|
||||
SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.
|
||||
SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.
|
||||
reference:
|
||||
- https://launchpad.support.sap.com/#/notes/2525222
|
||||
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
|
||||
- https://www.rapid7.com/db/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe/
|
||||
- https://troopers.de/troopers18/agenda/3r38lr/
|
||||
- https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-2392
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
|
@ -87,3 +88,5 @@ requests:
|
|||
- "SAP Internet Graphics Server"
|
||||
part: header
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
id: CVE-2018-3714
|
||||
|
||||
info:
|
||||
name: node-srv Path Traversal
|
||||
name: node-srv - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
|
||||
description: node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path.
|
||||
reference:
|
||||
- https://hackerone.com/reports/309124
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-3714
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -27,3 +28,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
id: CVE-2018-3760
|
||||
|
||||
info:
|
||||
name: Ruby On Rails Path Traversal
|
||||
name: Ruby On Rails - Local File Inclusion
|
||||
author: 0xrudra,pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Ruby On Rails is a well-known Ruby Web development framework, which uses Sprockets as a static file server in development environment. Sprockets is a Ruby library that compiles and distributes static resource files.
|
||||
There is a path traversal vulnerability caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
|
||||
Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/rails/CVE-2018-3760
|
||||
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
|
||||
- https://seclists.org/oss-sec/2018/q2/210
|
||||
- https://xz.aliyun.com/t/2542
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-3760
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2018-6008
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Retrieval
|
||||
name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Arbitrary file retrieval exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
|
||||
description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/43913
|
||||
- https://www.cvedetails.com/cve/CVE-2018-6008
|
||||
- https://packetstormsecurity.com/files/146137/Joomla-Jtag-Members-Directory-5.3.7-Arbitrary-File-Download.html
|
||||
- https://www.exploit-db.com/exploits/43913/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-6008
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2018-6910
|
||||
|
||||
info:
|
||||
name: DedeCMS 5.7 path disclosure
|
||||
name: DedeCMS 5.7 - Path Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php
|
||||
|
@ -9,6 +9,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2018-6910
|
||||
- https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md
|
||||
- https://kongxin.gitbook.io/dedecms-5-7-bug/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-6910
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-11013
|
||||
|
||||
info:
|
||||
name: Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal
|
||||
name: Nimble Streamer <=3.5.4-9 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
|
||||
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47301
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-11013
|
||||
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
|
||||
- http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-11013
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2019-13396
|
||||
|
||||
info:
|
||||
name: FlightPath Local File Inclusion
|
||||
name: FlightPath - Local File Inclusion
|
||||
author: 0x_Akoko,daffainfo
|
||||
severity: medium
|
||||
description: FlightPath versions prior to 4.8.2 and 5.0-rc2 suffer from a local file inclusion vulnerability.
|
||||
description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47121
|
||||
- https://www.cvedetails.com/cve/CVE-2019-13396/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-13396
|
||||
- http://getflightpath.com/node/2650
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-13396
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -49,3 +48,5 @@ requests:
|
|||
internal: true
|
||||
regex:
|
||||
- "idden' name='form_token' value='([a-z0-9]+)'>"
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-14251
|
||||
|
||||
info:
|
||||
name: T24 in TEMENOS Channels R15.01 - Pre Authenticated Path Traversal
|
||||
name: T24 Web Server - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: An unauthenticated path traversal vulnerability was discovered permitting an attacker to exfiltrate data directly from the T24 web server.
|
||||
description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
|
||||
reference:
|
||||
- https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt
|
||||
- https://www.cvedetails.com/cve/CVE-2019-14251
|
||||
- https://vuldb.com/?id.146815
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14251
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -4,12 +4,12 @@ info:
|
|||
name: Aptana Jaxer 1.0.3.4547 - Local File inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
||||
description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47214
|
||||
- https://www.cvedetails.com/cve/CVE-2019-14312
|
||||
- http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html
|
||||
- https://github.com/aptana/Jaxer/commits/master
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14312
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-18393
|
||||
|
||||
info:
|
||||
name: Openfire LFI
|
||||
name: Ignite Realtime Openfire <4.42 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
|
||||
description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
|
||||
reference:
|
||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
- https://github.com/igniterealtime/Openfire/pull/1498
|
||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18393
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2019-18665
|
||||
info:
|
||||
name: DOMOS 5.5 - Directory Traversal
|
||||
name: DOMOS 5.5 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: |
|
||||
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
|
||||
SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.
|
||||
reference:
|
||||
- https://atomic111.github.io/article/secudos-domos-directory_traversal
|
||||
- https://vuldb.com/?id.144804
|
||||
- https://www.cvedetails.com/cve/CVE-2019-18665
|
||||
- https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18665
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-2616
|
||||
|
||||
info:
|
||||
name: XXE in Oracle Business Intelligence and XML Publisher
|
||||
name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
|
||||
description: Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2616
|
||||
- https://www.exploit-db.com/exploits/46729
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2616
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-2767
|
||||
|
||||
info:
|
||||
name: Oracle Business Intelligence - Publisher XXE
|
||||
name: Oracle Business Intelligence Publisher - XML External Entity Injection
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: There is an XXE vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher.
|
||||
description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
|
||||
- https://www.exploit-db.com/exploits/46729
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
|
@ -26,3 +26,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-3799
|
||||
|
||||
info:
|
||||
name: Spring-Cloud-Config-Server Directory Traversal
|
||||
name: Spring Cloud Config Server - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
description: Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack.
|
||||
reference:
|
||||
- https://github.com/mpgn/CVE-2019-3799
|
||||
- https://pivotal.io/security/cve-2019-3799
|
||||
- https://www.oracle.com/security-alerts/cpuapr2022.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3799
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
regex:
|
||||
- 'root:.*:0:0:'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-6340
|
||||
|
||||
info:
|
||||
name: Drupal 8 core RESTful Web Services RCE
|
||||
name: Drupal - Remote Code Execution
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases.
|
||||
description: Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-6340
|
||||
- https://www.drupal.org/sa-core-2019-003
|
||||
- http://web.archive.org/web/20210125004201/https://www.securityfocus.com/bid/107106/
|
||||
- https://www.synology.com/security/advisory/Synology_SA_19_09
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-6340
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2019-7254
|
||||
|
||||
info:
|
||||
name: eMerge E3 1.00-06 - Unauthenticated Directory Traversal
|
||||
name: eMerge E3 1.00-06 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Linear eMerge E3-Series devices allow File Inclusion.
|
||||
description: Linear eMerge E3-Series devices are vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47616
|
||||
- https://applied-risk.com/labs/advisories
|
||||
- https://www.applied-risk.com/resources/ar-2019-005
|
||||
- http://packetstormsecurity.com/files/155252/Linear-eMerge-E3-1.00-06-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-7254
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -33,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-7315
|
||||
|
||||
info:
|
||||
name: Genie Access WIP3BVAF IP Camera - Directory Traversal
|
||||
name: Genie Access WIP3BVAF IP Camera - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow.
|
||||
description: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow.
|
||||
reference:
|
||||
- https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/
|
||||
- https://vuldb.com/?id.136593
|
||||
- https://www.cvedetails.com/cve/CVE-2019-7315
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-7315
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-8442
|
||||
|
||||
info:
|
||||
name: JIRA Directory Traversal
|
||||
name: Jira - Local File Inclusion
|
||||
author: Kishore Krishna (siLLyDaddy)
|
||||
severity: high
|
||||
description: The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
|
||||
description: Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion.
|
||||
reference:
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69241
|
||||
- http://web.archive.org/web/20210125215006/https://www.securityfocus.com/bid/108460/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-8442
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
words:
|
||||
- '<groupId>com.atlassian.jira</groupId>'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-8903
|
||||
|
||||
info:
|
||||
name: Totaljs - Unauthenticated Directory Traversal
|
||||
name: Totaljs <3.2.3 - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: index.js in Total.js Platform before 3.2.3 allows path traversal.
|
||||
description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
|
||||
- https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
|
||||
- https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-8903
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "apache2.conf"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-9041
|
||||
|
||||
info:
|
||||
name: ZZZCMS 1.6.1 RCE
|
||||
name: ZZZCMS 1.6.1 - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
|
||||
description: ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.
|
||||
reference:
|
||||
- http://www.iwantacve.cn/index.php/archives/118/
|
||||
- https://www.exploit-db.com/exploits/46454/
|
||||
- http://www.iwantacve.cn/index.php/archives/118/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-9041
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/08
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
id: CVE-2019-9922
|
||||
|
||||
info:
|
||||
name: JE Messenger 1.2.2 Joomla - Directory Traversal
|
||||
name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla. Directory Traversal allows read access to arbitrary files.
|
||||
description: Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files.
|
||||
reference:
|
||||
- https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9922.md
|
||||
- https://www.cvedetails.com/cve/CVE-2019-9922
|
||||
- https://extensions.joomla.org/extension/je-messenger/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-9922
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Microsoft SQL Server Reporting Services - Remote Code Execution
|
||||
author: joeldeleep
|
||||
severity: high
|
||||
description: Microsoft SQL Server Reporting Services are susceptible to a remote code execution vulnerability when it incorrectly handles page requests.
|
||||
description: Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.
|
||||
reference:
|
||||
- https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
|
||||
- https://github.com/euphrat1ca/CVE-2020-0618
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-11455
|
||||
|
||||
info:
|
||||
name: LimeSurvey 4.1.11 - Path Traversal
|
||||
name: LimeSurvey 4.1.11 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
|
||||
description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/48297
|
||||
- https://www.cvedetails.com/cve/CVE-2020-11455
|
||||
- https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
|
||||
- http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11455
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
id: CVE-2020-11738
|
||||
|
||||
info:
|
||||
name: WordPress Duplicator plugin Directory Traversal
|
||||
name: WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
The issue is being actively exploited, and allows attackers
|
||||
to download arbitrary files, such as the wp-config.php file.
|
||||
According to the vendor, the vulnerability was only in two
|
||||
WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two
|
||||
versions v1.3.24 and v1.3.26, the vulnerability wasn't
|
||||
present in versions 1.3.22 and before.
|
||||
reference:
|
||||
|
@ -15,6 +13,7 @@ info:
|
|||
- https://snapcreek.com/duplicator/docs/changelog/?lite
|
||||
- https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/
|
||||
- http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11738
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -45,3 +44,5 @@ requests:
|
|||
- "define\\('DB_(NAME|USER|PASSWORD|HOST|CHARSET|COLLATE)'"
|
||||
condition: or
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,22 +1,17 @@
|
|||
id: CVE-2020-11853
|
||||
|
||||
info:
|
||||
name: Micro Focus Operation Bridge Manager RCE
|
||||
name: Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
This template supports the detection part only.
|
||||
|
||||
UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
|
||||
but this template can probably also be used to detect Operations Bridge Manager
|
||||
(containeirized) and Application Performance Management.
|
||||
|
||||
Originated from Metasploit module (#14654).
|
||||
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
|
||||
- https://softwaresupport.softwaregrp.com/doc/KM03747658
|
||||
- https://softwaresupport.softwaregrp.com/doc/KM03747949
|
||||
- https://softwaresupport.softwaregrp.com/doc/KM03747948
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11853
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -38,3 +33,5 @@ requests:
|
|||
- "ServerVersion=11.6.0"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-11978
|
||||
|
||||
info:
|
||||
name: Apache Airflow <= 1.10.10 - 'Example Dag' Remote Code Execution
|
||||
name: Apache Airflow <=1.10.10 - Remote Code Execution
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
|
||||
description: Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).
|
||||
remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
|
||||
reference:
|
||||
- https://github.com/pberba/CVE-2020-11978
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11978
|
||||
- https://twitter.com/wugeej/status/1400336603604668418
|
||||
- https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11978
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -62,3 +63,5 @@ requests:
|
|||
- 'contains(body_4, "operator":"BashOperator")'
|
||||
- 'contains(all_headers_4, "application/json")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2020-13158
|
||||
|
||||
info:
|
||||
name: Artica Proxy < 4.30.000000 Community Edition - Directory Traversal
|
||||
name: Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
|
||||
description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.
|
||||
reference:
|
||||
- https://github.com/InfoSec4Fun/CVE-2020-13158
|
||||
- https://sourceforge.net/projects/artica-squid/files/
|
||||
|
@ -30,3 +30,6 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
id: CVE-2020-13700
|
||||
|
||||
info:
|
||||
name: acf-to-rest-api wordpress plugin IDOR
|
||||
name: WordPresss acf-to-rest-api <=3.1.0- Insecure Direct Object Reference
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
|
||||
It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
|
||||
wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
|
||||
WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.
|
||||
reference:
|
||||
- https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
|
||||
- https://wordpress.org/plugins/acf-to-rest-api/#developers
|
||||
- https://github.com/airesvsg/acf-to-rest-api
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-13700
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -41,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2020-14864
|
||||
|
||||
info:
|
||||
name: Oracle Fusion - "getPreviewImage" Directory Traversal/Local File Inclusion
|
||||
name: Oracle Fusion - Directory Traversal/Local File Inclusion
|
||||
author: Ivo Palazzolo (@palaziv)
|
||||
severity: high
|
||||
description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - "getPreviewImage" Directory Traversal/Local File Inclusion
|
||||
description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage."
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html
|
||||
- https://www.oracle.com/security-alerts/cpuoct2020.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-14864
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
regex:
|
||||
- 'root:.*:0:0:'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2020-15050
|
||||
|
||||
info:
|
||||
name: Suprema BioStar2 - Local File Inclusion (LFI)
|
||||
name: Suprema BioStar <2.8.2 - Local File Inclusion
|
||||
author: gy741
|
||||
severity: high
|
||||
description: An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
|
||||
description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
|
||||
- https://www.supremainc.com/en/support/biostar-2-pakage.asp
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2020-16139
|
||||
|
||||
info:
|
||||
name: Cisco 7937G Denial-of-Service Reboot Attack
|
||||
name: Cisco Unified IP Conference Station 7937G - Denial-of-Service
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
|
||||
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
|
||||
reference:
|
||||
- https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/
|
||||
- http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html
|
||||
- https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/
|
||||
- https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-16139
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2020-16952
|
||||
|
||||
info:
|
||||
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
||||
name: Microsoft SharePoint - Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
|
||||
description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.
|
||||
reference:
|
||||
- https://srcincite.io/pocs/cve-2020-16952.py.txt
|
||||
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
|
||||
- https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-16952
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
|
@ -41,3 +42,5 @@ requests:
|
|||
- 200
|
||||
- 201
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2020-17505
|
||||
|
||||
info:
|
||||
name: Artica Web Proxy 4.30 OS Command Injection
|
||||
name: Artica Web Proxy 4.30 - OS Command Injection
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
|
||||
description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
|
||||
reference:
|
||||
- https://blog.max0x4141.com/post/artica_proxy/
|
||||
- http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-17505
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -41,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
id: CVE-2020-17518
|
||||
|
||||
info:
|
||||
name: Apache Flink Upload Path Traversal
|
||||
name: Apache Flink 1.5.1 - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: |
|
||||
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system,
|
||||
through a maliciously modified HTTP HEADER.
|
||||
Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518
|
||||
- https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cuser.flink.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cdev.flink.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-17518
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-17519
|
||||
|
||||
info:
|
||||
name: Apache Flink directory traversal
|
||||
name: Apache Flink - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
|
||||
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
|
||||
reference:
|
||||
- https://github.com/B1anda0/CVE-2020-17519
|
||||
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2020-2036
|
||||
|
||||
info:
|
||||
name: Palo Alto Networks Reflected XSS
|
||||
name: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: |
|
||||
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
|
||||
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
|
||||
reference:
|
||||
- https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
|
||||
- https://security.paloaltonetworks.com/CVE-2020-2036
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-2036
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
id: CVE-2020-23972
|
||||
|
||||
info:
|
||||
name: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
|
||||
name: Joomla! Component GMapFP 3.5 - Arbitrary File Upload
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
An attacker can access the upload function of the application
|
||||
without authenticating to the application and also can upload
|
||||
files due the issues of unrestricted file upload which can be
|
||||
bypassed by changing Content-Type & name file too double ext.
|
||||
Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application
|
||||
without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49129
|
||||
- https://raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md
|
||||
- http://packetstormsecurity.com/files/159072/Joomla-GMapFP-J3.5-J3.5F-Arbitrary-File-Upload.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-23972
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -56,3 +55,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- "window\\.opener\\.(changeDisplayImage|addphoto)\\(\"(.*?)\"\\);"
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
id: CVE-2020-24571
|
||||
|
||||
info:
|
||||
name: NexusDB v4.50.22 Path Traversal
|
||||
name: NexusDB <4.50.23 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
|
||||
description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion.
|
||||
reference:
|
||||
- https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-24571
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2020-24579
|
||||
|
||||
info:
|
||||
name: D-Link DSL 2888a - Remote Command Execution
|
||||
name: D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
|
||||
description: D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
|
||||
reference:
|
||||
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
|
||||
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-24579
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- "nobody:[x*]:65534:65534"
|
||||
- "root:.*:0:0:"
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
id: CVE-2020-24949
|
||||
|
||||
info:
|
||||
name: PHPFusion 9.03.50 Remote Code Execution
|
||||
name: PHP-Fusion 9.03.50 - Remote Code Execution
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
|
||||
description: PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt
|
||||
- https://github.com/php-fusion/PHP-Fusion/issues/2312
|
||||
- http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-24949
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2020-24949
|
||||
cwe-id: CWE-77
|
||||
tags: cve,cve2020,phpfusion,rce,php
|
||||
|
||||
requests:
|
||||
|
@ -31,3 +33,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "infusion_db.php"
|
||||
|
||||
# Enhanced by mp on 2022/07/13
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2020-25078
|
||||
|
||||
info:
|
||||
name: D-Link DCS-2530L Administrator password disclosure
|
||||
name: D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
|
||||
description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-25078
|
||||
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180
|
||||
- https://twitter.com/Dogonsecurity/status/1273251236167516161
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-25078
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-25540
|
||||
|
||||
info:
|
||||
name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540)
|
||||
name: ThinkAdmin 6 - Local File Inclusion
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter.
|
||||
description: ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/48812
|
||||
- https://github.com/zoujingli/ThinkAdmin/issues/244
|
||||
- https://wtfsec.org/posts/thinkadmin-v6-%E5%88%97%E7%9B%AE%E5%BD%95-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/
|
||||
- http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-25540
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2020-25780
|
||||
|
||||
info:
|
||||
name: Commvault CommCell Directory Traversal
|
||||
name: Commvault CommCell - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.
|
||||
description: CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-25780
|
||||
- https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
|
||||
- http://kb.commvault.com/article/63264
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-25780
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -45,3 +45,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2020-26073
|
||||
|
||||
info:
|
||||
name: Cisco SD-WAN vManage Software Directory Traversal
|
||||
name: Cisco SD-WAN vManage Software - Local File Inclusion
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: |
|
||||
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
|
||||
Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information.
|
||||
reference:
|
||||
- https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26073
|
||||
classification:
|
||||
cve-id: CVE-2020-26073
|
||||
tags: cve,cve2020,cisco,lfi
|
||||
|
@ -25,3 +26,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2020-27191
|
||||
|
||||
info:
|
||||
name: LionWiki 3.2.11 - LFI
|
||||
name: LionWiki <3.2.12 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion.
|
||||
description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.
|
||||
reference:
|
||||
- https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
|
||||
- http://lionwiki.0o.cz/index.php?page=Main+page
|
||||
- https://www.cvedetails.com/cve/CVE-2020-27191
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27191
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
id: CVE-2020-27361
|
||||
|
||||
info:
|
||||
name: Akkadian Provisioning Manager - Files Listing
|
||||
name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
|
||||
author: gy741
|
||||
severity: high
|
||||
description: An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
|
||||
description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.
|
||||
reference:
|
||||
- https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27191
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2020-27467
|
||||
|
||||
info:
|
||||
name: Processwire CMS < 2.7.1 - Directory Traversal
|
||||
name: Processwire CMS <2.7.1 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Local File Inclusion in Processwire CMS < 2.7.1 allows to retrieve arbitrary files via the download parameter to index.php By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system.
|
||||
description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.
|
||||
reference:
|
||||
- https://github.com/Y1LD1R1M-1337/LFI-ProcessWire
|
||||
- https://processwire.com/
|
||||
- https://www.cvedetails.com/cve/CVE-2020-27467
|
||||
- https://github.com/ceng-yildirim/LFI-processwire
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27467
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -31,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2020-27866
|
||||
|
||||
info:
|
||||
name: NETGEAR Authentication Bypass vulnerability
|
||||
name: NETGEAR - Authentication Bypass
|
||||
author: gy741
|
||||
severity: high
|
||||
description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020,
|
||||
Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
|
||||
description: NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.
|
||||
reference:
|
||||
- https://wzt.ac.cn/2021/01/13/AC2400_vuln/
|
||||
- https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
|
||||
- https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27866
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
words:
|
||||
- 'Debug Enable!'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-27986
|
||||
|
||||
info:
|
||||
name: SonarQube unauth
|
||||
name: SonarQube - Authentication Bypass
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
|
||||
SVN, and GitLab credentials via the api/settings/values URI.
|
||||
NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
|
||||
remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
|
||||
reference:
|
||||
- https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27866
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2020-3452
|
||||
|
||||
info:
|
||||
name: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) - Arbitrary File Retrieval
|
||||
name: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: |
|
||||
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
|
||||
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
|
||||
reference:
|
||||
- https://twitter.com/aboul3la/status/1286012324722155525
|
||||
- http://packetstormsecurity.com/files/158646/Cisco-ASA-FTD-Remote-File-Disclosure.html
|
||||
|
@ -13,6 +13,7 @@ info:
|
|||
- http://packetstormsecurity.com/files/159523/Cisco-ASA-FTD-9.6.4.42-Path-Traversal.html
|
||||
- http://packetstormsecurity.com/files/160497/Cisco-ASA-9.14.1.10-FTD-6.6.0.1-Path-Traversal.html
|
||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-3452
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- "INTERNAL_PASSWORD_ENABLED"
|
||||
- "CONF_VIRTUAL_KEYBOARD"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2020-5284
|
||||
|
||||
info:
|
||||
name: Next.js .next/ limited path traversal
|
||||
name: Next.js <9.3.2 - Local File Inclusion
|
||||
author: rootxharsh,iamnoooob,dwisiswant0
|
||||
severity: medium
|
||||
description: Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
|
||||
description: Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.
|
||||
remediation: This issue is fixed in version 9.3.2.
|
||||
reference:
|
||||
- https://github.com/zeit/next.js/releases/tag/v9.3.2 https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj
|
||||
- https://github.com/zeit/next.js/releases/tag/v9.3.2
|
||||
- https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-5284
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 4.3
|
||||
|
@ -33,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2020-5405
|
||||
|
||||
info:
|
||||
name: Spring Cloud Directory Traversal
|
||||
name: Spring Cloud Config - Local File Inclusion
|
||||
author: harshbothra_
|
||||
severity: medium
|
||||
description: Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server
|
||||
module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
|
||||
reference:
|
||||
- https://pivotal.io/security/cve-2020-5405
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-5405
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -28,3 +28,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2020-8193
|
||||
|
||||
info:
|
||||
name: Citrix unauthenticated LFI
|
||||
name: Citrix - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
|
||||
description: Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints.
|
||||
reference:
|
||||
- https://github.com/jas502n/CVE-2020-8193
|
||||
- http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html
|
||||
- https://support.citrix.com/article/CTX276688
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-8193
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -73,3 +74,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2021-21402
|
||||
|
||||
info:
|
||||
name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
|
||||
name: Jellyfin <10.7.0 - Local File Inclusion
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
Jellyfin allows unauthenticated arbitrary file read. This issue is more prevalent when
|
||||
Windows is used as the host OS. Servers that are exposed to the public Internet are
|
||||
potentially at risk. This is fixed in version 10.7.1.
|
||||
Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk.
|
||||
remediation: This is fixed in version 10.7.1.
|
||||
reference:
|
||||
- https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/
|
||||
- https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wg4c-c9g9-rxhx
|
||||
- https://github.com/jellyfin/jellyfin/releases/tag/v10.7.1
|
||||
- https://github.com/jellyfin/jellyfin/commit/0183ef8e89195f420c48d2600bc0b72f6d3a7fd7
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21402
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
regex:
|
||||
- "\\[(font|extension|file)s\\]"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-23241
|
||||
|
||||
info:
|
||||
name: Mercury Router Web Server Directory Traversal
|
||||
name: MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
|
||||
description: MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
|
||||
reference:
|
||||
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
|
||||
- https://www.mercusys.com/en/
|
||||
- https://www.mercurycom.com.cn/product-521-1.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2021-26085
|
||||
|
||||
info:
|
||||
name: Confluence Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
|
||||
name: Atlassian Confluence Server - Local File Inclusion
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.
|
||||
description: Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26085
|
||||
- https://jira.atlassian.com/browse/CONFSERVER-67893
|
||||
- http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26085
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -36,3 +35,5 @@ requests:
|
|||
- "<display-name>Confluence</display-name>"
|
||||
- "com.atlassian.confluence.setup.ConfluenceAppConfig"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-26086
|
||||
|
||||
info:
|
||||
name: Jira Limited Local File Read
|
||||
name: Atlassian Jira Limited - Local File Inclusion
|
||||
author: cocxanh
|
||||
severity: medium
|
||||
description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
|
||||
description: Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
|
||||
reference:
|
||||
- https://jira.atlassian.com/browse/JRASERVER-72695
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26086
|
||||
- http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26086
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -33,3 +33,5 @@ requests:
|
|||
- "</web-app>"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: pdteam
|
||||
severity: high
|
||||
description: |
|
||||
IBM WebSphere HCL Digital Experience is susceptible to server-side request forgery vulnerability that impacts on-premise deployments and containers.
|
||||
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
|
||||
reference:
|
||||
- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
|
||||
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095665
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
|
||||
- hhttps://nvd.nist.gov/vuln/detail/CVE-2022-31268
|
||||
classification:
|
||||
cve-id: CVE-2021-27748
|
||||
metadata:
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-28149
|
||||
|
||||
info:
|
||||
name: Hongdian Directory Traversal
|
||||
name: Hongdian H8922 3.0.5 Devices - Local File Inclusion
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: |
|
||||
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
|
||||
Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
|
||||
reference:
|
||||
- https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28149
|
||||
- http://en.hongdian.com/Products/Details/H8922
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28149
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
- "sshd:[x*]"
|
||||
- "root:[$]"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-28151
|
||||
|
||||
info:
|
||||
name: Hongdian Command Injection
|
||||
name: Hongdian H8922 3.0.5 - Remote Command Injection
|
||||
author: gy741
|
||||
severity: high
|
||||
description: |
|
||||
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
|
||||
reference:
|
||||
- https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28151
|
||||
- http://en.hongdian.com/Products/Details/H8922
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28151
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -55,3 +55,5 @@ requests:
|
|||
- "groups="
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-28377
|
||||
|
||||
info:
|
||||
name: ChronoForums 2.0.11 - Directory Traversal
|
||||
name: Joomla! ChronoForums 2.0.11 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, for example the Joomla! configuration file which contains credentials.
|
||||
description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
|
||||
reference:
|
||||
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-28937
|
||||
|
||||
info:
|
||||
name: Acexy Wireless-N WiFi Repeater Password Disclosure
|
||||
name: Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext.
|
||||
description: Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.
|
||||
reference:
|
||||
- https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990
|
||||
- http://acexy.com
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28937
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- "addCfg('username'"
|
||||
- "addCfg('newpass'"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
id: CVE-2021-29442
|
||||
|
||||
info:
|
||||
name: Nacos prior to 1.4.1 Missing Authentication Check
|
||||
name: Nacos <1.4.1 - Authentication Bypass
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out.
|
||||
While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users.
|
||||
These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)
|
||||
Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).
|
||||
reference:
|
||||
- https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/
|
||||
- https://github.com/alibaba/nacos/issues/4463
|
||||
- https://github.com/alibaba/nacos/pull/4517
|
||||
- https://github.com/advisories/GHSA-36hp-jr8h-556f
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-29442
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -37,3 +36,5 @@ requests:
|
|||
regex:
|
||||
- "\"TABLENAME\":\"(?:(?:(?:(?:(?:APP_CONFIGDATA_RELATION_[PS]UB|SYS(?:(?:CONGLOMERAT|ALIAS|(?:FI|RO)L)E|(?:(?:ROUTINE)?|COL)PERM|(?:FOREIGN)?KEY|CONSTRAINT|T(?:ABLEPERM|RIGGER)|S(?:TAT(?:EMENT|ISTIC)|EQUENCE|CHEMA)|DEPEND|CHECK|VIEW|USER)|USER|ROLE)S|CONFIG_(?:TAGS_RELATION|INFO_(?:AGGR|BETA|TAG))|TENANT_CAPACITY|GROUP_CAPACITY|PERMISSIONS|SYSCOLUMNS|SYS(?:DUMMY1|TABLES)|APP_LIST)|CONFIG_INFO)|TENANT_INFO)|HIS_CONFIG_INFO)\""
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,19 +1,21 @@
|
|||
id: CVE-2021-30497
|
||||
|
||||
info:
|
||||
name: Ivanti Avalanche Directory Traversal
|
||||
name: Ivanti Avalanche 6.3.2 - Local File Inclusion
|
||||
author: gy741
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
|
||||
description: Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.
|
||||
reference:
|
||||
- https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
|
||||
- https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US
|
||||
- https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30497
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2021-30497
|
||||
tags: cve,cve2021,avalanche,traversal
|
||||
cwe-id: CWE-36
|
||||
tags: cve,cve2021,avalanche,traversal,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -30,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/14
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-31602
|
||||
|
||||
info:
|
||||
name: Pentaho <= 9.1 Authentication Bypass of Spring APIs
|
||||
name: Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.
|
||||
description: Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.
|
||||
reference:
|
||||
- https://seclists.org/fulldisclosure/2021/Nov/13
|
||||
- https://portswigger.net/daily-swig/remote-code-execution-sql-injection-bugs-uncovered-in-pentaho-business-analytics-software
|
||||
- https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
|
||||
- https://www.hitachi.com/hirt/security/index.html
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31602
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-3223
|
||||
|
||||
info:
|
||||
name: Node RED Dashboard - Directory Traversal
|
||||
name: Node RED Dashboard <2.26.2 - Local File Inclusion
|
||||
author: gy741,pikpikcu
|
||||
severity: high
|
||||
description: Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
|
||||
description: NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files.
|
||||
reference:
|
||||
- https://github.com/node-red/node-red-dashboard/issues/669
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223
|
||||
- https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3223
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "Node-RED web server is listening"
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-3374
|
||||
|
||||
info:
|
||||
name: Rstudio Shiny Server Directory Traversal
|
||||
name: Rstudio Shiny Server <1.5.16 - Local File Inclusion
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Rstudio Shiny-Server prior to 1.5.16 is vulnerable to directory traversal and source code leakage. This can be exploited by appending an encoded slash to the URL.
|
||||
description: Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.
|
||||
reference:
|
||||
- https://github.com/colemanjp/rstudio-shiny-server-directory-traversal-source-code-leak
|
||||
- https://github.com/colemanjp/shinyserver-directory-traversal-source-code-leak
|
||||
- https://blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3374
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- "[A-Za-z].*\\.R"
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-36749
|
||||
|
||||
info:
|
||||
name: Apache Druid Authentication Restrictions Bypass
|
||||
name: Apache Druid - Local File Inclusion
|
||||
author: _0xf4n9x_
|
||||
severity: medium
|
||||
description: In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
|
||||
description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36749
|
||||
- https://www.cvedetails.com/cve/CVE-2021-36749/
|
||||
- https://github.com/BrucessKING/CVE-2021-36749
|
||||
- https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36749
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- "root:.*:0:0:"
|
||||
- "druid:*:1000:1000:"
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-41569
|
||||
info:
|
||||
name: SAS 9.4 build 1520 - Local File Inclusion
|
||||
name: SAS/Internet 9.4 1520 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.
|
||||
description: SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.
|
||||
reference:
|
||||
- https://www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sas
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-41569
|
||||
- https://support.sas.com/kb/68/641.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-41569
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2022-0656
|
||||
|
||||
info:
|
||||
name: uDraw < 3.3.3 - Unauthenticated Arbitrary File Access
|
||||
name: uDraw <3.3.3 - Local File Inclusion
|
||||
author: akincibor
|
||||
severity: high
|
||||
description: The plugin does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).
|
||||
description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0656
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2022-24129
|
||||
|
||||
info:
|
||||
name: Shibboleth OIDC OP plugin <3.0.4 - Server-Side Request Forgery
|
||||
name: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.
|
||||
description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.
|
||||
reference:
|
||||
- https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF
|
||||
- https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1376878976/OIDC+OP
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24129
|
||||
- http://shibboleth.net/community/advisories/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24129
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
|
||||
cvss-score: 8.2
|
||||
|
@ -33,3 +33,5 @@ requests:
|
|||
part: interactsh_request
|
||||
words:
|
||||
- "ShibbolethIdp"
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2022-26233
|
||||
|
||||
info:
|
||||
name: Barco Control Room Management Suite - Directory Traversal
|
||||
name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
||||
description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
||||
reference:
|
||||
- https://0day.today/exploit/37579
|
||||
- https://www.cvedetails.com/cve/CVE-2022-26233
|
||||
- http://seclists.org/fulldisclosure/2022/Apr/0
|
||||
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26233
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2022-27849
|
||||
info:
|
||||
name: WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability
|
||||
name: WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability
|
||||
author: random-robbie
|
||||
severity: high
|
||||
description: |
|
||||
Simple Ajax Chat < 20220216 - Sensitive Information Disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it
|
||||
WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.
|
||||
reference:
|
||||
- https://wordpress.org/plugins/simple-ajax-chat/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-27849/
|
||||
- https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-sensitive-information-disclosure-vulnerability
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-27849
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2022-28079
|
||||
|
||||
info:
|
||||
name: College Management System - SQL Injection
|
||||
name: College Management System 1.0 - SQL Injection
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: |
|
||||
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
|
||||
College Management System 1.0 contains a SQL injection vulnerability via the course code parameter.
|
||||
reference:
|
||||
- https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated
|
||||
- https://download.code-projects.org/details/1c3b87e5-f6a6-46dd-9b5f-19c39667866f
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28079
|
||||
- https://code-projects.org/college-management-system-in-php-with-source-code/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28079
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -41,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -5,12 +5,12 @@ info:
|
|||
author: lucasljm2001,ekrause,ritikchaddha
|
||||
severity: high
|
||||
description: |
|
||||
Detects an SQL Injection vulnerability in Royal Event System
|
||||
Royal Event is vulnerable to a SQL injection vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50934
|
||||
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28080
|
||||
- https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28080
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -68,3 +68,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
id: CVE-2022-29014
|
||||
|
||||
info:
|
||||
name: Razer Sila Gaming Router v2.0.441_api-2.0.418 - LFI
|
||||
name: Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion
|
||||
author: edoardottt
|
||||
severity: high
|
||||
description: A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
|
||||
description: Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50864
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29014
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29014
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -34,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2022-29298
|
||||
|
||||
info:
|
||||
name: SolarView Compact 6.00 - Directory Traversal
|
||||
name: SolarView Compact 6.00 - Local File Inclusion
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
|
||||
description: SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50950
|
||||
- https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29298
|
||||
- https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view?usp=sharing
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29298
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2022-31268
|
||||
|
||||
info:
|
||||
name: Gitblit 1.9.3 - Path traversal
|
||||
name: Gitblit 1.9.3 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: |
|
||||
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
|
||||
Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
|
||||
reference:
|
||||
- https://github.com/metaStor/Vuls/blob/main/gitblit/gitblit%20V1.9.3%20path%20traversal/gitblit%20V1.9.3%20path%20traversal.md
|
||||
- https://www.cvedetails.com/cve/CVE-2022-31268
|
||||
- https://vuldb.com/?id.200500
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31268
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2022-32409
|
||||
|
||||
info:
|
||||
name: i3geo - Directory Traversal
|
||||
name: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
description: A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request
|
||||
description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.
|
||||
reference:
|
||||
- https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32409
|
||||
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32409
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/22
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-33174
|
||||
|
||||
info:
|
||||
name: Powertek Firmware - Authorization Bypass
|
||||
name: Powertek Firmware <3.30.30 - Authorization Bypass
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
|
||||
Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
|
||||
reference:
|
||||
- https://gynvael.coldwind.pl/?lang=en&id=748
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-33174
|
||||
|
@ -45,3 +45,5 @@ requests:
|
|||
regex:
|
||||
- '<sys\.passwd>([A-Z0-9a-z]+)<\/sys\.passwd>'
|
||||
- '<sys\.su\.name>([a-z]+)<\/sys\.su\.name>'
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -12,6 +12,8 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Wi-Fi APP Login"
|
||||
classification:
|
||||
cve-id: CVE-2022-34046
|
||||
tags: cve,cve2022,wavlink,router,exposure
|
||||
|
||||
requests:
|
||||
|
|
|
@ -12,6 +12,8 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Wi-Fi APP Login"
|
||||
classification:
|
||||
cve-id: CVE-2022-34047
|
||||
tags: cve,cve2022,wavlink,router,exposure
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: dubbo-admin-default-login
|
||||
|
||||
info:
|
||||
name: Dubbo Admin Default Login
|
||||
name: Apache Dubbo - Default Admin Discovery
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: Apache Dubbo default admin credentials were discovered.
|
||||
reference:
|
||||
- https://www.cnblogs.com/wishwzp/p/9438658.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
tags: dubbo,apache,default-login
|
||||
|
||||
requests:
|
||||
|
@ -37,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: fuelcms-default-login
|
||||
|
||||
info:
|
||||
name: Fuel CMS Default Credentials
|
||||
name: Fuel CMS - Default Admin Discovery
|
||||
author: Adam Crosser
|
||||
severity: high
|
||||
description: Fuel CMS default admin credentials were discovered.
|
||||
reference:
|
||||
- https://docs.getfuelcms.com/general/security
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
tags: fuelcms,default-login,oss
|
||||
|
||||
requests:
|
||||
|
@ -54,3 +58,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'id="ci_csrf_token_FUEL" value="([0-9a-z]+)" \/>'
|
||||
|
||||
# Enhanced by mp on 2022/07/15
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue