Auto Generated CVE annotations [Tue May 17 20:46:49 UTC 2022] 🤖
parent
03a6dec18f
commit
d0832c679e
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.securityfocus.com/bid/17408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||
- http://secunia.com/advisories/19587
|
||||
- http://www.securityfocus.com/bid/17408
|
||||
classification:
|
||||
cve-id: CVE-2006-1681
|
||||
tags: cherokee,httpd,xss,cve,cve2006
|
||||
|
|
|
@ -14,7 +14,7 @@ info:
|
|||
cve-id: CVE-2009-1872
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: cve,cve2009,adobe,xss,coldfusion
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
|
||||
- http://www.exploit-db.com/exploits/10216
|
||||
classification:
|
||||
cve-id: CVE-2009-4223
|
||||
tags: cve,cve2009,krweb,rfi
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/11088
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0944
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
|
||||
- http://www.exploit-db.com/exploits/11088
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0944
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12146
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1469
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12146
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1469
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12167
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1472
|
||||
- http://secunia.com/advisories/39406
|
||||
- http://www.exploit-db.com/exploits/12167
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1472
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12113
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1494
|
||||
- http://www.osvdb.org/63943
|
||||
- http://www.exploit-db.com/exploits/12113
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1494
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12426
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1659
|
||||
- http://www.securityfocus.com/bid/39739
|
||||
- http://www.exploit-db.com/exploits/12426
|
||||
classification:
|
||||
cve-id: CVE-2010-1659
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12233
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1719
|
||||
- http://osvdb.org/63806
|
||||
- http://www.exploit-db.com/exploits/12233
|
||||
classification:
|
||||
cve-id: CVE-2010-1719
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12177
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1722
|
||||
- http://secunia.com/advisories/39409
|
||||
- http://www.exploit-db.com/exploits/12177
|
||||
classification:
|
||||
cve-id: CVE-2010-1722
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12239
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1952
|
||||
- http://secunia.com/advisories/39475
|
||||
- http://www.exploit-db.com/exploits/12239
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1952
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12288
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1953
|
||||
- http://www.vupen.com/english/advisories/2010/0927
|
||||
- http://www.exploit-db.com/exploits/12288
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1953
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12287
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1954
|
||||
- http://www.securityfocus.com/bid/39552
|
||||
- http://www.exploit-db.com/exploits/12287
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1954
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12085
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1980
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12085
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1980
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12087
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1981
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlafabrik-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12087
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1981
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12055
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1983
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12055
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1983
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/12607
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2128
|
||||
- http://secunia.com/advisories/39832
|
||||
- http://www.exploit-db.com/exploits/12607
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-2128
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/10946
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2259
|
||||
- http://secunia.com/advisories/37866
|
||||
- http://www.exploit-db.com/exploits/10946
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-2259
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/14017
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2682
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlarealtyna-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/14017
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-2682
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/14274
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2857
|
||||
- http://www.securityfocus.com/bid/41485
|
||||
- http://www.exploit-db.com/exploits/14274
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-2857
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/14845
|
||||
- https://www.cvedetails.com/cve/CVE-2010-3203
|
||||
- http://secunia.com/advisories/41187
|
||||
- http://www.exploit-db.com/exploits/14845
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-3203
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/14964
|
||||
- https://www.cvedetails.com/cve/CVE-2010-3426
|
||||
- http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/14964
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-3426
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
|
||||
- https://www.exploit-db.com/exploits/15505
|
||||
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
|
||||
- http://www.exploit-db.com/exploits/15505/
|
||||
remediation: Upgrade to a supported product version.
|
||||
classification:
|
||||
cve-id: CVE-2010-4231
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/15643
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4282
|
||||
- http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
|
||||
- http://www.exploit-db.com/exploits/15643
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-4282
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/15749
|
||||
- https://www.cvedetails.com/cve/CVE-2010-4719
|
||||
- http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/15749
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-4719
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/18435
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0981
|
||||
- http://secunia.com/advisories/47802
|
||||
- http://www.exploit-db.com/exploits/18435
|
||||
classification:
|
||||
cve-id: CVE-2012-0981
|
||||
tags: cve,cve2012,lfi,phpshowtime
|
||||
|
|
|
@ -9,6 +9,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/35721
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
|
||||
- http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html
|
||||
- http://www.exploit-db.com/exploits/35721
|
||||
classification:
|
||||
cve-id: CVE-2015-0554
|
||||
tags: cve,cve2015,pirelli,router,disclosure
|
||||
|
|
|
@ -10,13 +10,13 @@ info:
|
|||
- https://github.com/dotCMS/core/issues/15286
|
||||
- https://www.cvedetails.com/cve/CVE-2018-17422
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-17422
|
||||
cwe-id: CWE-601
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"dotCMS"
|
||||
verified: "true"
|
||||
tags: cve,cve2018,redirect,dotcms
|
||||
|
||||
requests:
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-77
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: cve,cve2020,apache,airflow,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,13 +9,13 @@ info:
|
|||
offers the possibility to call static Java classes from the JDK
|
||||
that could execute code with the permission level of the running Java process.
|
||||
This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
|
||||
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
|
||||
reference:
|
||||
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
|
||||
- https://twitter.com/chybeta/status/1328912309440311297
|
||||
- http://unomi.apache.org./security/cve-2020-13942.txt
|
||||
- https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-13942
|
||||
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
|
|
@ -10,15 +10,16 @@ info:
|
|||
- https://github.com/yumusb/CVE-2021-26295-POC
|
||||
- https://packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html
|
||||
- https://github.com/zhzyker/exphub/tree/master/ofbiz
|
||||
- https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-26295
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
ysoserial-payload: java -jar ysoserial.jar URLDNS https://oob-url-to-request.tld | hex
|
||||
shodan-query: OFBiz.Visitor=
|
||||
verified: true
|
||||
verified: "true"
|
||||
ysoserial-payload: java -jar ysoserial.jar URLDNS https://oob-url-to-request.tld | hex
|
||||
tags: cve,cve2021,apache,ofbiz,deserialization,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,14 +9,16 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/49597
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
|
||||
metadata:
|
||||
verified: true
|
||||
google-dork: intitle:TriConsole.com - PHP Calendar Date Picker
|
||||
- http://www.triconsole.com/
|
||||
- http://www.triconsole.com/php/calendar_datepicker.php
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-27330
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-dork: intitle:TriConsole.com - PHP Calendar Date Picker
|
||||
verified: "true"
|
||||
tags: cve,cve2021,triconsole,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,14 +8,16 @@ info:
|
|||
reference:
|
||||
- https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46424
|
||||
- https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing
|
||||
- http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
||||
cvss-score: 9.1
|
||||
cve-id: CVE-2021-46424
|
||||
cwe-id: CWE-306
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"TLR-2005KSH"
|
||||
verified: "true"
|
||||
tags: cve,cve2021,telesquare,intrusive
|
||||
|
||||
requests:
|
||||
|
|
|
@ -20,7 +20,7 @@ info:
|
|||
cwe-id: CWE-306
|
||||
metadata:
|
||||
shodan-query: http.title:"BIG-IP®-+Redirect" +"Server"
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: f5,bigip,cve,cve2022,rce,mirai
|
||||
|
||||
variables:
|
||||
|
|
|
@ -4,14 +4,15 @@ info:
|
|||
name: Wavlink Wn535g3 - POST XSS
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
description: WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
|
||||
reference:
|
||||
- https://github.com/badboycxcc/XSS-CVE-2022-30489
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
|
||||
- https://github.com/badboycxcc/XSS
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Wi-Fi APP Login"
|
||||
verified: "true"
|
||||
tags: xss,cve2022,wavlink,cve,router,iot
|
||||
description: "WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi."
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
Loading…
Reference in New Issue