diff --git a/cves.json b/cves.json index 85bbcdaa93..c2fb429c44 100644 --- a/cves.json +++ b/cves.json @@ -1,8 +1,11 @@ {"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"} +{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration Arbitrary Administrative Access","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"} {"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"} {"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"} +{"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"} {"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"} {"ID":"CVE-2005-3344","Info":{"Name":"Horde Groupware Unauthenticated Admin Access","Severity":"critical","Description":"Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2005/CVE-2005-3344.yaml"} +{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"} {"ID":"CVE-2005-4385","Info":{"Name":"Cofax \u003c=2.0RC3 - Cross-Site Scripting","Severity":"medium","Description":"Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2005/CVE-2005-4385.yaml"} {"ID":"CVE-2006-1681","Info":{"Name":"Cherokee HTTPD \u003c=0.5 - Cross-Site Scripting","Severity":"medium","Description":"Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2006/CVE-2006-1681.yaml"} {"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"} @@ -24,6 +27,8 @@ {"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"} {"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"high","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"} {"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"high","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"} +{"ID":"CVE-2008-7269","Info":{"Name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2008/CVE-2008-7269.yaml"} +{"ID":"CVE-2009-0347","Info":{"Name":"Autonomy Ultraseek - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-0347.yaml"} {"ID":"CVE-2009-0545","Info":{"Name":"ZeroShell \u003c= 1.0beta11 Remote Code Execution","Severity":"critical","Description":"ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-0545.yaml"} {"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"high","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"} {"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"critical","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"} @@ -165,6 +170,7 @@ {"ID":"CVE-2011-5107","Info":{"Name":"Alert Before Your Post \u003c= 0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5107.yaml"} {"ID":"CVE-2011-5179","Info":{"Name":"Skysa App Bar 1.04 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5179.yaml"} {"ID":"CVE-2011-5181","Info":{"Name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5181.yaml"} +{"ID":"CVE-2011-5252","Info":{"Name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2011/CVE-2011-5252.yaml"} {"ID":"CVE-2011-5265","Info":{"Name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5265.yaml"} {"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"critical","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"} {"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"critical","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"} @@ -192,6 +198,7 @@ {"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"} {"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"} {"ID":"CVE-2013-2287","Info":{"Name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-2287.yaml"} +{"ID":"CVE-2013-2621","Info":{"Name":"Telaen =\u003e v1.3.1 - Open Redirect","Severity":"medium","Description":"Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2621.yaml"} {"ID":"CVE-2013-3526","Info":{"Name":"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.\"","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-3526.yaml"} {"ID":"CVE-2013-3827","Info":{"Name":"Javafaces LFI","Severity":"medium","Description":"An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-3827.yaml"} {"ID":"CVE-2013-4117","Info":{"Name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4117.yaml"} @@ -342,6 +349,7 @@ {"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"} {"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"} {"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"} +{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"high","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"} {"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"} {"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"} {"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-7552.yaml"} @@ -370,6 +378,7 @@ {"ID":"CVE-2017-12583","Info":{"Name":"DokuWiki - Cross-Site Scripting","Severity":"medium","Description":"DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12583.yaml"} {"ID":"CVE-2017-12611","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12611.yaml"} {"ID":"CVE-2017-12615","Info":{"Name":"Apache Tomcat Servers - Remote Code Execution","Severity":"high","Description":"Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12615.yaml"} +{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"} {"ID":"CVE-2017-12629","Info":{"Name":"Apache Solr \u003c= 7.1 - XML Entity Injection","Severity":"critical","Description":"Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12629.yaml"} {"ID":"CVE-2017-12635","Info":{"Name":"Apache CouchDB 1.7.0 / 2.x \u003c 2.1.1 - Remote Privilege Escalation","Severity":"critical","Description":"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12635.yaml"} {"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-12637.yaml"} @@ -578,6 +587,7 @@ {"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"} {"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"} {"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"} +{"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"} {"ID":"CVE-2019-1010287","Info":{"Name":"Timesheet Next Gen \u003c=1.5.3 - Cross-Site Scripting","Severity":"medium","Description":"Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010287.yaml"} {"ID":"CVE-2019-1010290","Info":{"Name":"Babel - Open Redirect","Severity":"medium","Description":"Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010290.yaml"} {"ID":"CVE-2019-10232","Info":{"Name":"Teclib GLPI \u003c= 9.3.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"Teclib GLPI \u003c= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10232.yaml"} @@ -1065,6 +1075,7 @@ {"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24499.yaml"} {"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24510.yaml"} {"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24554.yaml"} +{"ID":"CVE-2021-24647","Info":{"Name":"Pie Register \u003c 3.7.1.6 - Unauthenticated Arbitrary Login","Severity":"high","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-24647.yaml"} {"ID":"CVE-2021-24666","Info":{"Name":"WordPress Podlove Podcast Publisher \u003c3.5.6 - SQL Injection","Severity":"critical","Description":"WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social \u0026 Donations module, not activated by default, adds the REST route /services/contributor/(?P\u003cid\u003e[\\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24666.yaml"} {"ID":"CVE-2021-24731","Info":{"Name":"Pie Register \u003c 3.7.1.6 - SQL Injection","Severity":"critical","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24731.yaml"} {"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24746.yaml"} @@ -1428,6 +1439,7 @@ {"ID":"CVE-2022-0846","Info":{"Name":"SpeakOut Email Petitions \u003c 2.14.15.1 - SQL Injection","Severity":"critical","Description":"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0846.yaml"} {"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"} {"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0867.yaml"} +{"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"} {"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"} {"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0885.yaml"} {"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0928.yaml"} @@ -1500,6 +1512,7 @@ {"ID":"CVE-2022-23178","Info":{"Name":"Crestron Device - Credentials Disclosure","Severity":"critical","Description":"An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23178.yaml"} {"ID":"CVE-2022-23347","Info":{"Name":"BigAnt Server v5.6.06 - Local File Inclusion","Severity":"high","Description":"BigAnt Server v5.6.06 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-23347.yaml"} {"ID":"CVE-2022-23348","Info":{"Name":"BigAnt Server 5.6.06 - Improper Access Control","Severity":"medium","Description":"BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23348.yaml"} +{"ID":"CVE-2022-23544","Info":{"Name":"MeterSphere \u003c 2.5.0 SSRF","Severity":"medium","Description":"MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23544.yaml"} {"ID":"CVE-2022-2373","Info":{"Name":"WordPress Simply Schedule Appointments \u003c1.5.7.7 - Information Disclosure","Severity":"medium","Description":"WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2373.yaml"} {"ID":"CVE-2022-2376","Info":{"Name":"WordPress Directorist \u003c7.3.1 - Information Disclosure","Severity":"medium","Description":"WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2376.yaml"} {"ID":"CVE-2022-23779","Info":{"Name":"Zoho ManageEngine - Internal Hostname Disclosure","Severity":"medium","Description":"Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23779.yaml"} @@ -1766,6 +1779,7 @@ {"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"} {"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"} {"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"} +{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"} {"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"} {"ID":"CVE-2023-0948","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0948.yaml"} @@ -1777,16 +1791,19 @@ {"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"} {"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"} {"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"} +{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} {"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"} +{"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"} {"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"} {"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"} {"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"} {"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"} {"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"} {"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"} +{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"} {"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"} {"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"} {"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"} @@ -1826,4 +1843,5 @@ {"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"} {"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} {"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"} -{"ID":"CVE-2023-32315","Info":{"Name":"Administration Console Authentication Bypass in Openfire Console","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} +{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} +{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index e256e00258..feec14ad6c 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -93fb457113ec6ad9a3f86110752eb7a4 +6a8d52a6e0f4ae54ace3ababe34a2385