daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Sat Feb 11 05:59:17 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-11 05:59:17 +00:00
parent d5060dae34
commit cbcec3f1eb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@ -705,7 +705,7 @@
{"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10547.yaml"}
{"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10548.yaml"}
{"ID":"CVE-2020-10549","Info":{"Name":"rConfig \u003c=3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10549.yaml"}
{"ID":"CVE-2020-10770","Info":{"Name":"Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)","Severity":"medium","Description":"Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-10770.yaml"}
{"ID":"CVE-2020-10770","Info":{"Name":"Keycloak \u003c= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)","Severity":"medium","Description":"Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-10770.yaml"}
{"ID":"CVE-2020-10973","Info":{"Name":"WAVLINK - Access Control","Severity":"high","Description":"Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-10973.yaml"}
{"ID":"CVE-2020-11034","Info":{"Name":"GLPI \u003c9.4.6 - Open Redirect","Severity":"medium","Description":"GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-11034.yaml"}
{"ID":"CVE-2020-11110","Info":{"Name":"Grafana \u003c=6.7.1 - Cross-Site Scripting","Severity":"medium","Description":"Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-11110.yaml"}