Descriptions and references

cves/2017/CVE-2017-1000028.yaml

@@ -4,6 +4,7 @@ info:
  name: GlassFish LFI
  author: pikpikcu
  severity: high
+ description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
  reference: https://www.exploit-db.com/exploits/45196
  tags: cve,cve2017,oracle,glassfish,lfi
 

cves/2017/CVE-2017-10075.yaml

@@ -5,6 +5,7 @@ info:
   author: madrobot
   severity: medium
   description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
+  reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
   tags: cve,cve2017,xss,oracle
 
 requests:

cves/2017/CVE-2017-11444.yaml

@@ -5,6 +5,7 @@ info:
   author: dwisiswant0
   severity: high
   description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
+  reference: https://github.com/intelliants/subrion/issues/479
   tags: cve,cve2017,sqli,subrion
 
   # Source:

cves/2017/CVE-2017-12611.yaml

@@ -4,7 +4,8 @@ info:
   name: Apache Struts2 S2-053 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12611
+  description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
+  reference: https://struts.apache.org/docs/s2-053.html
   tags: cve,cve2017,apache,rce,struts
 
 requests:

cves/2017/CVE-2017-12635.yaml

@@ -4,6 +4,7 @@ info:
   name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 RPE
   author: pikpikcu
   severity: high
+  description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
   reference: https://github.com/assalielmehdi/CVE-2017-12635
   tags: cve,cve2017,couchdb,rpe
 

cves/2017/CVE-2017-14537.yaml

@@ -5,6 +5,7 @@ info:
   author: pikpikcu
   severity: medium
   tags: cve,cve2017,trixbox,lfi
+  description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
   reference: |
       - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
       - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/

cves/2017/CVE-2017-16877.yaml

@@ -4,6 +4,7 @@ info:
   name: Nextjs v2.4.1 LFI
   author: pikpikcu
   severity: high
+  description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
   reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
   tags: cve,cve2017,nextjs,lfi
 

cves/2017/CVE-2017-17562.yaml

@@ -4,7 +4,7 @@ info:
   name: Embedthis GoAhead RCE
   description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
   author: geeknik
-  reference:
+  reference: |
     - https://www.elttam.com/blog/goahead/
     - https://github.com/ivanitlearning/CVE-2017-17562
     - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562

cves/2017/CVE-2017-7921.yaml

@@ -3,7 +3,10 @@ info:
   name: Hikvision Authentication Bypass
   author: princechaddha
   severity: high
-  reference: https://www.cvedetails.com/cve/CVE-2017-7921/
+  description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
+  reference: |
+    - http://www.hikvision.com/us/about_10805.html
+    - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
   tags: cve,cve2017,auth-bypass
 
 requests:

cves/2017/CVE-2017-9506.yaml

@@ -5,6 +5,10 @@ info:
   author: pdteam
   severity: high
   description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
+  reference: |
+    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
+    - https://ecosystem.atlassian.net/browse/OAUTH-344
+    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
   tags: cve,cve2017,atlassian,jira,ssrf
 
 requests:

cves/2017/CVE-2017-9791.yaml

@@ -4,7 +4,10 @@ info:
   name: Apache Struts2 S2-053 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9791
+  description: The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
+  reference: |
+    - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
+    - http://struts.apache.org/docs/s2-048.html
   tags: cve,cve2017,apache,rce
 
 requests:

cves/2017/CVE-2017-9805.yaml

@@ -4,7 +4,10 @@ info:
   name: Apache Struts2 S2-052 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9805
+  description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
+  reference: |
+    - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
+    - https://struts.apache.org/docs/s2-052.html
   tags: cve,cve2017,apache,rce,struts
 
 requests:

cves/2017/CVE-2017-9841.yaml

@@ -6,10 +6,9 @@ info:
   severity: high
   description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
   tags: cve,cve2017,php,phpunit,rce
-
-  # Reference to exploit
-  # https://github.com/cyberharsh/Php-unit-CVE-2017-9841
-  # https://github.com/RandomRobbieBF/phpunit-brute
+  reference: |
+    - https://github.com/cyberharsh/Php-unit-CVE-2017-9841
+    - https://github.com/RandomRobbieBF/phpunit-brute
 
 requests:
   - method: GET

cves/2019/CVE-2019-8903.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-8903
 
 info:
-  name: Totaljs - Unathenticated Directory Traversal
+  name: Totaljs - Unauthenticated Directory Traversal
   author: madrobot
   severity: high
   description: index.js in Total.js Platform before 3.2.3 allows path traversal.