daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 

Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
patch-1
forgedhallpass 2021-08-18 14:37:49 +03:00
parent 4c920b2552
commit cdf9451158
244 changed files with 320 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cnvd/CNVD-2021-30167.yaml
View File

@ -4,7 +4,7 @@ info:
name: UFIDA NC BeanShell Remote Code Execution
author: pikpikcu
severity: high
reference: |
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd

2
cves/2005/CVE-2005-2428.yaml
View File

@ -5,7 +5,7 @@ info:
severity: medium
tags: cve,cve2005
description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
reference: |
reference:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495

2
cves/2009/CVE-2009-0932.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: |
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference: |
reference:
- https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
tags: cve,cve2009,horde,lfi

2
cves/2009/CVE-2009-1872.yaml
View File

@ -5,7 +5,7 @@ info:
author: princechaddha
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference: |
reference:
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
tags: cve,cve2009,adobe,xss,coldfusion

2
cves/2010/CVE-2010-2307.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference: |
reference:
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi

2
cves/2010/CVE-2010-2861.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
reference: |
reference:
- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
- http://www.adobe.com/support/security/bulletins/apsb10-18.html
tags: cve,cve2010,coldfusion,lfi

2
cves/2010/CVE-2010-4231.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi

2
cves/2011/CVE-2011-0049.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
description: Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
reference: |
reference:
- https://www.exploit-db.com/exploits/16103
- https://nvd.nist.gov/vuln/detail/CVE-2011-0063
- http://www.kb.cert.org/vuls/id/363726

2
cves/2011/CVE-2011-1669.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
reference: |
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119
tags: cve,cve2011,wordpress,wp-plugin,lfi

2
cves/2012/CVE-2012-1823.yaml
View File

@ -4,7 +4,7 @@ info:
name: PHP CGI v5.3.12/5.4.2 RCE
author: pikpikcu
severity: critical
reference: |
reference:
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
description: |

2
cves/2012/CVE-2012-4878.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
reference: |
reference:
- https://www.exploit-db.com/exploits/37034
- https://www.cvedetails.com/cve/CVE-2012-4878
tags: cve,cve2012,lfi

2
cves/2012/CVE-2012-4889.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
reference: |
reference:
- https://www.securityfocus.com/bid/52841/info
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
tags: cve,cve2012,xss,manageengine

2
cves/2013/CVE-2013-3827.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
tags: cve,cve2013,lfi,javafaces,oracle
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-3827
- https://www.exploit-db.com/exploits/38802

2
cves/2013/CVE-2013-7240.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
reference: |
reference:
- https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi

2
cves/2014/CVE-2014-3120.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: |
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
reference: |
reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
- https://www.elastic.co/blog/logstash-1-4-3-released
tags: cve,cve2014,elastic,rce

2
cves/2014/CVE-2014-3704.yaml
View File

@ -4,7 +4,7 @@ info:
author: princechaddha
severity: high
description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
reference: |
reference:
- https://www.drupal.org/SA-CORE-2014-005
- http://www.exploit-db.com/exploits/34984
- http://www.exploit-db.com/exploits/34992

2
cves/2014/CVE-2014-3744.yaml
View File

@ -4,7 +4,7 @@ info:
name: Node.js st module Directory Traversal
author: geeknik
description: Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
reference: |
reference:
- https://github.com/advisories/GHSA-69rr-wvh9-6c4q
- https://snyk.io/vuln/npm:st:20140206
severity: high

2
cves/2014/CVE-2014-4210.yaml
View File

@ -5,7 +5,7 @@ info:
author: princechaddha
severity: medium
tags: cve,cve2014,weblogic,oracle,ssrf
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html

2
cves/2014/CVE-2014-6271.yaml
View File

@ -5,7 +5,7 @@ info:
author: pentest_swissky
severity: high
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
reference: |
reference:
- http://www.kb.cert.org/vuls/id/252743
- http://www.us-cert.gov/ncas/alerts/TA14-268A
tags: cve,cve2014,rce

2
cves/2015/CVE-2015-1000012.yaml
View File

@ -4,7 +4,7 @@ info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo
severity: high
reference: |
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi

2
cves/2015/CVE-2015-1427.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
description: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
reference: |
reference:
- https://blog.csdn.net/JiangBuLiu/article/details/94457980
- http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
tags: cve,cve2015,elastic,rce

2
cves/2015/CVE-2015-1880.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: medium
description: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1880
- https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
tags: cve,cve2015,xss,fortigates,ssl

2
cves/2015/CVE-2015-2080.yaml
View File

@ -4,7 +4,7 @@ info:
name: Eclipse Jetty Remote Leakage
author: pikpikcu
severity: medium
reference: |
reference:
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html

2
cves/2015/CVE-2015-3648.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
reference: |
reference:
- https://vulners.com/cve/CVE-2015-3648/
- https://www.securityfocus.com/bid/75019
tags: cve,cve2015,lfi,resourcespace

2
cves/2015/CVE-2015-7823.yaml
View File

@ -4,7 +4,7 @@ info:
name: Kentico CMS 8.2 Open Redirection
author: 0x_Akoko
description: The GetDocLink.ashx with link variable is vulnerable to open redirect vulnerability
reference: |
reference:
- https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-7823
severity: low

2
cves/2015/CVE-2015-9480.yaml
View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin RobotCPA 5 - Directory Traversal
author: daffainfo
severity: high
reference: |
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi

2
cves/2016/CVE-2016-10960.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: critical
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference: |
reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960

52
cves/2016/CVE-2016-2004.yaml
View File

@ -1,26 +1,26 @@
id: CVE-2016-2004
info:
name: HP Data Protector A.09.00 - Arbitrary Command Execution
author: pussycat0x
severity: critical
tags: cve,cve2016,network,iot,hp,rce
description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
reference: |
- https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
network:
- inputs:
- data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
type: hex
host:
- "{{Hostname}}"
- "{{Hostname}}:5555"
matchers:
- type: word
encoding: hex
words:
- "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
id: CVE-2016-2004
info:
name: HP Data Protector A.09.00 - Arbitrary Command Execution
author: pussycat0x
severity: critical
tags: cve,cve2016,network,iot,hp,rce
description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
reference:
- https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
network:
- inputs:
- data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
type: hex
host:
- "{{Hostname}}"
- "{{Hostname}}:5555"
matchers:
- type: word
encoding: hex
words:
- "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system

2
cves/2016/CVE-2016-3081.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
reference: |
reference:
- https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html
tags: cve,cve2016,struts,rce,apache

2
cves/2017/CVE-2017-1000486.yaml
View File

@ -5,7 +5,7 @@ info:
author: Moritz Nentwig
severity: critical
description: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
reference: |
reference:
- https://github.com/mogwailabs/CVE-2017-1000486
- https://github.com/pimps/CVE-2017-1000486
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html

2
cves/2017/CVE-2017-12149.yaml
View File

@ -5,7 +5,7 @@ info:
author: fopina
severity: critical
description: In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12149
- https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149

2
cves/2017/CVE-2017-12542.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
description: A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542
- https://www.exploit-db.com/exploits/44005
tags: cve,cve2017,ilo4,hpe

2
cves/2017/CVE-2017-12629.yaml
View File

@ -5,7 +5,7 @@ info:
author: dwisiswant0
severity: critical
tags: cve,cve2017,solr,apache,rce,ssrf,oob
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12629
- https://twitter.com/honoki/status/1298636315613974532/photo/1

2
cves/2017/CVE-2017-12637.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
tags: cve,cve2017,sap,lfi
reference: |
reference:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf

2
cves/2017/CVE-2017-12794.yaml
View File

@ -4,7 +4,7 @@ info:
name: Django debug page XSS
author: pikpikcu
severity: medium
reference: |
reference:
- https://twitter.com/sec715/status/1406779605055270914
- https://nvd.nist.gov/vuln/detail/CVE-2017-12794
description: |

2
cves/2017/CVE-2017-14535.yaml
View File

@ -4,7 +4,7 @@ info:
name: Trixbox - 2.8.0.4 OS Command Injection Vulnerability
author: pikpikcu
severity: high
reference: |
reference:
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce

2
cves/2017/CVE-2017-14537.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
tags: cve,cve2017,trixbox,lfi
description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- Product vendor:-https://sourceforge.net/projects/asteriskathome/

2
cves/2017/CVE-2017-15647.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference: |
reference:
- https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router

2
cves/2017/CVE-2017-15944.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2017-15944
info:
name: PreAuth RCE on Palo Alto GlobalProtect
author: emadshanab,milo2012
reference: |
reference:
- https://www.exploit-db.com/exploits/43342
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: high

2
cves/2017/CVE-2017-17059.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
reference: |
reference:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin

2
cves/2017/CVE-2017-17562.yaml
View File

@ -4,7 +4,7 @@ info:
name: Embedthis GoAhead RCE
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
author: geeknik
reference: |
reference:
- https://www.elttam.com/blog/goahead/
- https://github.com/ivanitlearning/CVE-2017-17562
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562

2
cves/2017/CVE-2017-3506.yaml
View File

@ -6,7 +6,7 @@ info:
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
severity: high
tags: cve,cve2017,weblogic,oracle,rce,oob
reference: |
reference:
- https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506

2
cves/2017/CVE-2017-3528.yaml
View File

@ -4,7 +4,7 @@ info:
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
author: 0x_Akoko
severity: low
reference: |
reference:
- https://blog.zsec.uk/cve-2017-3528/
- https://www.exploit-db.com/exploits/43592
tags: oracle,redirect

2
cves/2017/CVE-2017-3881.yaml
View File

@ -4,7 +4,7 @@ info:
name: Cisco IOS 12.2(55)SE11 Remote Code Execution
author: dwisiswant0
severity: critical
reference: |
reference:
- https://github.com/artkond/cisco-rce
- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md

2
cves/2017/CVE-2017-5487.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497

2
cves/2017/CVE-2017-5521.yaml
View File

@ -4,7 +4,7 @@ info:
author: princechaddha
severity: medium
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
reference: |
reference:
- https://www.cvedetails.com/cve/CVE-2017-5521/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
tags: cve,cve2017,auth-bypass

3
cves/2017/CVE-2017-7615.yaml
View File

@ -11,8 +11,7 @@ info:
# To carry out further attacks, please see reference[2] below.
# This template works by guessing user ID.
# MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1].
reference: |
reference:
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- https://www.exploit-db.com/exploits/41890

2
cves/2017/CVE-2017-7921.yaml
View File

@ -4,7 +4,7 @@ info:
author: princechaddha
severity: high
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
reference: |
reference:
- http://www.hikvision.com/us/about_10805.html
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
tags: cve,cve2017,auth-bypass

2
cves/2017/CVE-2017-9506.yaml
View File

@ -5,7 +5,7 @@ info:
author: pdteam
severity: high
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
reference: |
reference:
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3

2
cves/2017/CVE-2017-9791.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
description: The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
reference: |
reference:
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- http://struts.apache.org/docs/s2-048.html
tags: cve,cve2017,apache,rce

2
cves/2017/CVE-2017-9805.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
reference: |
reference:
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- https://struts.apache.org/docs/s2-052.html
tags: cve,cve2017,apache,rce,struts

2
cves/2017/CVE-2017-9841.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
tags: cve,cve2017,php,phpunit,rce
reference: |
reference:
- https://github.com/cyberharsh/Php-unit-CVE-2017-9841
- https://github.com/RandomRobbieBF/phpunit-brute
- https://thephp.cc/articles/phpunit-a-security-risk

2
cves/2018/CVE-2018-10822.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
reference: |
reference:
- https://www.exploit-db.com/exploits/45678
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
tags: cve,cve2018,lfi,router,dlink

2
cves/2018/CVE-2018-12031.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
reference: |
reference:
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
- https://www.exploit-db.com/exploits/48614

2
cves/2018/CVE-2018-16059.yaml
View File

@ -4,7 +4,7 @@ info:
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
author: daffainfo
severity: medium
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
- https://www.exploit-db.com/exploits/45342
tags: cve,cve2018,iot,lfi

2
cves/2018/CVE-2018-16283.yaml
View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
author: 0x240x23elu
severity: critical
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16283
- https://www.exploit-db.com/exploits/45438
tags: cve,cve2018,wordpress,wp-plugin,lfi

2
cves/2018/CVE-2018-17246.yaml
View File

@ -4,7 +4,7 @@ info:
author: princechaddha
severity: high
description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
tags: cve,cve2018,lfi

2
cves/2018/CVE-2018-20985.yaml
View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
author: daffainfo
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
reference: |
reference:
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
- https://www.cvedetails.com/cve/CVE-2018-20985/
severity: high

2
cves/2018/CVE-2018-3760.yaml
View File

@ -4,7 +4,7 @@ info:
name: Ruby On Rails Path Traversal
author: 0xrudra,pikpikcu
severity: high
reference: |
reference:
- https://github.com/vulhub/vulhub/tree/master/rails/CVE-2018-3760
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- https://seclists.org/oss-sec/2018/q2/210

2
cves/2018/CVE-2018-8715.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
tags: cve,cve2018,appweb,auth-bypass
reference: |
reference:
- https://github.com/embedthis/appweb/issues/610
requests:

2
cves/2018/CVE-2018-8770.yaml
View File

@ -4,7 +4,7 @@ info:
author: princechaddha
severity: medium
description: Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
reference: |
reference:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770
- https://www.exploit-db.com/exploits/44495/
tags: cve,cve2018,cobub,razor,exposure

2
cves/2019/CVE-2019-0221.yaml
View File

@ -4,7 +4,7 @@ info:
name: Apache Tomcat XSS
author: pikpikcu
severity: low
reference: |
reference:
- https://seclists.org/fulldisclosure/2019/May/50
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
description: |

2
cves/2019/CVE-2019-10068.yaml
View File

@ -7,7 +7,7 @@ info:
description: |
Searches for Kentico CMS installations that are vulnerable to a .NET deserialization vulnerability that could be exploited to achieve remote command execution. Credit to Manoj Cherukuri and Justin LeMay from Aon Cyber Solutions for discovery of the vulnerability.
tags: cve,cve2019,rce,deserialization,kentico,iis
reference: |
reference:
- https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
- https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-10068

2
cves/2019/CVE-2019-10092.yaml
View File

@ -5,7 +5,7 @@ info:
author: pdteam
severity: medium
description: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
reference: |
reference:
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
- https://httpd.apache.org/security/vulnerabilities_24.html
tags: cve,cve2019,apache,htmli

2
cves/2019/CVE-2019-11869.yaml
View File

@ -12,7 +12,7 @@ info:
a payload into the plugin settings, such as the
yuzo_related_post_css_and_style setting.
reference: |
reference:
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
tags: cve,cve2019,wordpress,wp-plugin,xss

2
cves/2019/CVE-2019-12314.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
tags: cve,cve2019,lfi
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
reference: |
reference:
http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm

2
cves/2019/CVE-2019-12616.yaml
View File

@ -6,7 +6,7 @@ info:
description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
severity: medium
tags: cve,cve2019,phpmyadmin,csrf
reference: |
reference:
- https://www.phpmyadmin.net/security/PMASA-2019-4/
- https://www.exploit-db.com/exploits/46982
- https://nvd.nist.gov/vuln/detail/CVE-2019-12616

2
cves/2019/CVE-2019-12725.yaml
View File

@ -9,7 +9,7 @@ info:
found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url.
As sudo is configured to execute /bin/tar without a password (NOPASSWD)
it is possible to run root commands using the "checkpoint" tar options.
reference: |
reference:
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
tags: cve,cve2019,rce

2
cves/2019/CVE-2019-13101.yaml
View File

@ -6,7 +6,7 @@ info:
description: An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
severity: critical
tags: cve,cve2019,dlink,router,iot
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-13101
- https://github.com/d0x0/D-Link-DIR-600M
- https://www.exploit-db.com/exploits/47250

2
cves/2019/CVE-2019-14223.yaml
View File

@ -5,7 +5,7 @@ info:
author: pdteam
severity: low
description: An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
reference: |
reference:
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
tags: cve,cve2019,redirect

2
cves/2019/CVE-2019-14312.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
reference: |
reference:
- https://www.exploit-db.com/exploits/47214
- https://www.cvedetails.com/cve/CVE-2019-14312
tags: cve,cve2019,lfi

2
cves/2019/CVE-2019-14470.yaml
View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
reference:
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
tags: cve,cve2019,wordpress,xss,wp-plugin

2
cves/2019/CVE-2019-15043.yaml
View File

@ -4,7 +4,7 @@ info:
name: Grafana unauthenticated API
severity: medium
description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
reference: |
reference:
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory
- https://community.grafana.com/t/release-notes-v6-3-x/19202

2
cves/2019/CVE-2019-15713.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo,dhiyaneshDk
severity: medium
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
reference: |
reference:
- https://wpscan.com/vulnerability/9267
- https://nvd.nist.gov/vuln/detail/CVE-2019-15713
tags: cve,cve2019,wordpress,xss,wp-plugin

2
cves/2019/CVE-2019-1653.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
tags: cve,cve2019,cisco
description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
reference: |
reference:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
- https://www.exploit-db.com/exploits/46262/
- https://www.exploit-db.com/exploits/46655/

2
cves/2019/CVE-2019-17270.yaml
View File

@ -4,7 +4,7 @@ info:
name: Yachtcontrol Webapplication 1.0 - Unauthenticated Rce
author: pikpikcu
severity: high
reference: |
reference:
- https://www.exploit-db.com/exploits/47760
- https://nvd.nist.gov/vuln/detail/CVE-2019-17270
description: |

2
cves/2019/CVE-2019-20085.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: TVT NVMS-1000 devices allow GET /.. Directory Traversal
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085
- https://www.exploit-db.com/exploits/48311
tags: cve,cve2019,iot,lfi

2
cves/2019/CVE-2019-2616.yaml
View File

@ -5,7 +5,7 @@ info:
author: pdteam
severity: high
description: Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-2616
- https://www.exploit-db.com/exploits/46729
tags: cve,cve2019,oracle,xxe,oob

2
cves/2019/CVE-2019-2725.yaml
View File

@ -7,7 +7,7 @@ info:
tags: cve,cve2019,oracle,weblogic,rce
description: |
Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
reference: |
reference:
- https://paper.seebug.org/910/
- https://www.exploit-db.com/exploits/46780/
- https://www.oracle.com/security-alerts/cpujan2020.html

2
cves/2019/CVE-2019-2767.yaml
View File

@ -5,7 +5,7 @@ info:
author: madrobot
severity: high
description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher).
reference: |
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
- https://www.exploit-db.com/exploits/46729
tags: cve,cve2019,oracle,xxe,oob

2
cves/2019/CVE-2019-3799.yaml
View File

@ -4,7 +4,7 @@ info:
author: madrobot
severity: high
description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
reference: |
reference:
- https://github.com/mpgn/CVE-2019-3799
- https://pivotal.io/security/cve-2019-3799
tags: cve,cve2019,lfi

2
cves/2019/CVE-2019-5418.yaml
View File

@ -5,7 +5,7 @@ info:
author: omarkurt
severity: medium
description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
reference: |
reference:
- https://github.com/omarkurt/CVE-2019-5418
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
tags: cve,cve2019,rails,lfi

2
cves/2019/CVE-2019-7219.yaml
View File

@ -6,7 +6,7 @@ info:
severity: low
description: |
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
reference: |
reference:
- https://github.com/verifysecurity/CVE-2019-7219
- https://stash.kopano.io/repos?visibility=public
tags: cve,cve2019,zarafa,xss

2
cves/2019/CVE-2019-7481.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: |
The SonicWall SRA 4600 VPN appliance suffers a pre-authentication SQL injection vulnerability.
reference: |
reference:
- https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/
tags: cve,cve2019,sonicwall,sqli

2
cves/2019/CVE-2019-7609.yaml
View File

@ -5,7 +5,7 @@ info:
author: dwisiswant0
severity: critical
description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
reference: |
reference:
- https://github.com/mpgn/CVE-2019-7609
- https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
tags: cve,cve2019,kibana,rce

2
cves/2019/CVE-2019-8449.yaml
View File

@ -5,7 +5,7 @@ info:
author: harshbothra_
severity: medium
description: The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
reference: |
reference:
- https://www.doyler.net/security-not-included/more-jira-enumeration
- https://jira.atlassian.com/browse/JRASERVER-69796
tags: cve,cve2019,atlassian,jira

2
cves/2019/CVE-2019-8451.yaml
View File

@ -5,7 +5,7 @@ info:
author: TechbrunchFR
severity: medium
description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
reference: |
reference:
- https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
- https://jira.atlassian.com/browse/JRASERVER-69793
tags: cve,cve2019,atlassian,jira,ssrf

2
cves/2019/CVE-2019-8903.yaml
View File

@ -5,7 +5,7 @@ info:
author: madrobot
severity: high
description: index.js in Total.js Platform before 3.2.3 allows path traversal.
reference: |
reference:
- https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
- https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
- https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b

2
cves/2019/CVE-2019-9041.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
description: An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
reference: |
reference:
- http://www.iwantacve.cn/index.php/archives/118/
- https://www.exploit-db.com/exploits/46454/
tags: cve,cve2019,zzzcms,rce

2
cves/2019/CVE-2019-9618.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
reference: |
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
- https://seclists.org/fulldisclosure/2019/Mar/26
tags: cve,cve2019,wordpress,wp-plugin,lfi

2
cves/2019/CVE-2019-9733.yaml
View File

@ -4,7 +4,7 @@ info:
author: akshansh
severity: critical
description: An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.
reference: |
reference:
- http://packetstormsecurity.com/files/152172/JFrog-Artifactory-Administrator-Authentication-Bypass.html
- https://www.ciphertechs.com/jfrog-artifactory-advisory/
- https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6

2
cves/2019/CVE-2019-9955.yaml
View File

@ -6,7 +6,7 @@ info:
severity: low
tags: cve,cve2019,xss
description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
reference: |
reference:
http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2019/Apr/22
https://www.exploit-db.com/exploits/46706/

2
cves/2020/CVE-2020-0618.yaml
View File

@ -5,7 +5,7 @@ info:
author: joeldeleep
description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
severity: high
reference: |
reference:
- https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
- https://github.com/euphrat1ca/CVE-2020-0618
tags: cve,cve2020,rce

2
cves/2020/CVE-2020-10546.yaml
View File

@ -4,7 +4,7 @@ info:
author: madrobot
severity: high
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
reference: |
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli

2
cves/2020/CVE-2020-10548.yaml
View File

@ -4,7 +4,7 @@ info:
author: madrobot
severity: high
description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
reference: |
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli

2
cves/2020/CVE-2020-10549.yaml
View File

@ -4,7 +4,7 @@ info:
author: madrobot
severity: high
description: rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
reference: |
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli

2
cves/2020/CVE-2020-11034.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: low
description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
reference: |
reference:
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
- https://github.com/glpi-project/glpi/archive/9.4.6.zip
- https://nvd.nist.gov/vuln/detail/CVE-2020-11034

2
cves/2020/CVE-2020-11110.yaml
View File

@ -6,7 +6,7 @@ info:
name: Grafana Unauthenticated Stored XSS
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
tags: cve,cve2020,xss,grafana
reference: |
reference:
- https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
requests:

2
cves/2020/CVE-2020-11455.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: high
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
reference: |
reference:
- https://www.exploit-db.com/exploits/48297
- https://www.cvedetails.com/cve/CVE-2020-11455
tags: cve,cve2020,lfi

2
cves/2020/CVE-2020-11930.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: |
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
reference: |
reference:
- https://wpscan.com/vulnerability/10181
- https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
tags: cve,cve2020,wordpress,xss

Some files were not shown because too many files have changed in this diff Show More