Merge pull request #6801 from brabbit10/master
Fixes issue with github-recovery-code generating many FPspatch-1
commit
d786731fb1
|
@ -18,7 +18,7 @@ info:
|
|||
- http://www.openwall.com/lists/oss-security/2017/04/16/2
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-7615
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2017-7615
|
||||
cwe-id: CWE-640
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://pastebin.com/raw/rt7LJvyF
|
||||
- https://www.exploit-db.com/exploits/42290/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2017-9833
|
||||
cwe-id: CWE-22
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2018-17431
|
||||
- https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-17431
|
||||
cwe-id: CWE-287
|
||||
|
|
|
@ -3,15 +3,15 @@ id: CVE-2018-19365
|
|||
info:
|
||||
name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
severity: critical
|
||||
description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
|
||||
reference:
|
||||
- https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html
|
||||
- https://www.cvedetails.com/cve/CVE-2018-19365
|
||||
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
||||
cvss-score: 9.1
|
||||
cve-id: CVE-2018-19365
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2018,wowza,lfi
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
- http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-20470
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-20470
|
||||
cwe-id: CWE-22
|
||||
|
|
|
@ -10,10 +10,10 @@ info:
|
|||
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505
|
||||
- http://www.openwall.com/lists/oss-security/2019/09/25/3
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 4.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2019-10405
|
||||
cwe-id: CWE-200
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:81586312
|
||||
tags: cve,cve2019,jenkins
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14322
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-14322
|
||||
cwe-id: CWE-22
|
||||
|
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://extensions.joomla.org/extension/je-messenger/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-9922
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-9922
|
||||
cwe-id: CWE-22
|
||||
|
|
|
@ -13,13 +13,13 @@ info:
|
|||
- https://hackerone.com/reports/1329433
|
||||
remediation: This issue can be resolved by updating Grafana to the latest version.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2020-11110
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: title:"Grafana"
|
||||
tags: cve,cve2020,xss,grafana
|
||||
tags: cve2020,xss,grafana,hackerone,cve
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-35476
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2020,opentsdb,rce
|
||||
tags: cve,cve2020,opentsdb,rce,packetstorm
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/give/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25099
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-25099
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2021,wordpress,wp-plugin,wp,xss,give,unauth
|
||||
verified: "true"
|
||||
tags: give,unauth,cve2021,wordpress,wp-plugin,xss,cve,wp,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -8,11 +8,16 @@ info:
|
|||
reference:
|
||||
- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30128
|
||||
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-30128
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: app="Apache_OFBiz"
|
||||
verified: "true"
|
||||
tags: cve,cve2021,apache,ofbiz,deserialization,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,6 +8,8 @@ info:
|
|||
reference:
|
||||
- https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3285
|
||||
- https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14
|
||||
- https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54
|
||||
classification:
|
||||
cve-id: CVE-2021-32853
|
||||
metadata:
|
||||
|
|
|
@ -19,8 +19,8 @@ info:
|
|||
cve-id: CVE-2021-41773
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: Apache 2.4.49
|
||||
verified: "true"
|
||||
tags: cve,cve2021,lfi,rce,apache,misconfig,traversal,kev
|
||||
|
||||
variables:
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/cve-2021-42887
|
||||
- https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-42887
|
||||
cwe-id: CWE-287
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/kivicare-clinic-management-system/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0786
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0786
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,kivicare-clinic-management-system,unauth
|
||||
tags: wordpress,wp-plugin,wp,sqli,kivicare-clinic-management-system,unauth,cve,cve2022,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1595
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2022-1595
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url,unauth
|
||||
tags: wp-plugin,wp,hc-custom-wp-admin-url,unauth,wpscan,cve,cve2022,wordpress
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,12 @@ info:
|
|||
- https://wordpress.org/plugins/vr-calendar-sync/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2314
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-2314
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,rce,vr-calendar-sync,unauth
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp,wp-plugin,rce,vr-calendar-sync,unauth,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -12,7 +12,10 @@ info:
|
|||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
|
||||
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-23854
|
||||
cwe-id: CWE-23
|
||||
metadata:
|
||||
shodan-query: http.html:"InTouch Access Anywhere"
|
||||
verified: "true"
|
||||
|
|
|
@ -3,15 +3,19 @@ id: CVE-2022-24990
|
|||
info:
|
||||
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
severity: high
|
||||
description: TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.
|
||||
reference:
|
||||
- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
|
||||
- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732
|
||||
- https://forum.terra-master.com/en/viewforum.php?f=28
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-24990
|
||||
metadata:
|
||||
shodan-query: TerraMaster
|
||||
tags: cve,cve2022,terramaster,exposure
|
||||
tags: cve,cve2022,terramaster,exposure,kev
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -12,9 +12,12 @@ info:
|
|||
- https://patchstack.com/database/vulnerability/all-in-one-wp-migration/wordpress-all-in-one-wp-migration-plugin-7-62-unauthenticated-reflected-cross-site-scripting-xss-vulnerability
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2546
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.7
|
||||
cve-id: CVE-2022-2546
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: cve,all-in-one-wp-migration,authenticated,wpscan,cve2022,wordpress,wp-plugin,wp,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,16 @@ info:
|
|||
reference:
|
||||
- https://github.com/W01fh4cker/cve-2022-33891
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-33891
|
||||
- https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
|
||||
- http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-33891
|
||||
cwe-id: CWE-77
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: title:"Spark Master at"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,apache,spark,authenticated
|
||||
|
||||
variables:
|
||||
|
|
|
@ -6,12 +6,12 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
|
||||
remediation: Fixed in version 1.3.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
|
||||
- https://cve.report/CVE-2022-3768
|
||||
remediation: Fixed in version 1.3.12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -19,7 +19,7 @@ info:
|
|||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-smart-contracts,authenticated
|
||||
tags: wpscan,cve2022,wp-plugin,wp,authenticated,cve,wordpress,sqli,wp-smart-contracts
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/joomsport-sports-league-results-management/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-4050
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-4050
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,joomsport-sports-league-results-management,unauth
|
||||
verified: "true"
|
||||
tags: cve2022,wp-plugin,wp,sqli,cve,wordpress,joomsport-sports-league-results-management,unauth,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -3,20 +3,22 @@ id: CVE-2022-4260
|
|||
info:
|
||||
name: WP-Ban < 1.69.1 - Admin Stored XSS
|
||||
author: Hardik-Solanki
|
||||
severity: high
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
||||
remediation: Fixed in version 1.69.1
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
|
||||
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
|
||||
remediation: Fixed in version 1.69.1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
cve-id: CVE-2022-4260
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,xss,wp-ban,authenticated
|
||||
tags: cve2022,wp-plugin,wp,xss,authenticated,cve,wordpress,wp-ban,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -9,14 +9,15 @@ info:
|
|||
reference:
|
||||
- https://fluidattacks.com/advisories/modestep/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-42746
|
||||
- https://candidats.net/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-42746
|
||||
cwe-id: CWE-80
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"CandidATS"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,candidats,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,10 +11,15 @@ info:
|
|||
- https://seclists.org/fulldisclosure/2022/Dec/7
|
||||
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/
|
||||
- https://github.com/advisories/GHSA-hf6q-rx44-fh6j
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-45917
|
||||
cwe-id: CWE-601
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"ILIAS"
|
||||
tags: cve,cve2022,ilias,redirect
|
||||
verified: "true"
|
||||
tags: seclists,cve,cve2022,ilias,redirect,packetstorm
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -9,9 +9,14 @@ info:
|
|||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
|
||||
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-46381
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: http.html:"Linear eMerge"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,emerge,linear
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
google-query: intitle:"index of" "wc.db"
|
||||
tags: exposure,svn,config,files
|
||||
tags: msf,exposure,svn,config,files
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
id: github-recovery-code
|
||||
|
||||
info:
|
||||
name: Github Recovery Code
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: github,recovery,token,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- '^[a-z]{1,4}[0-9]{1,4}\-[a-z0-9]{5}'
|
|
@ -1 +1 @@
|
|||
2.7.23
|
||||
2.7.25
|
|
@ -1 +1 @@
|
|||
6.0.6
|
||||
6.0.7
|
|
@ -1 +1 @@
|
|||
4.1
|
||||
4.2
|
|
@ -1 +1 @@
|
|||
4.2.8
|
||||
4.3.1.1
|
|
@ -1 +1 @@
|
|||
7.69
|
||||
7.71
|
|
@ -1 +1 @@
|
|||
5.1.4
|
||||
5.1.5
|
|
@ -1 +1 @@
|
|||
2.3.0
|
||||
2.4.0
|
|
@ -1 +1 @@
|
|||
2.11.1
|
||||
2.11.2
|
|
@ -1 +1 @@
|
|||
3.1.21
|
||||
3.1.27
|
|
@ -1 +1 @@
|
|||
3.1.4
|
||||
3.1.5
|
|
@ -1 +1 @@
|
|||
7.1.0
|
||||
7.2.0
|
|
@ -1 +1 @@
|
|||
1.11.21
|
||||
2.0.0
|
|
@ -1 +1 @@
|
|||
3.18.1
|
||||
3.23
|
|
@ -1 +1 @@
|
|||
6.3.9
|
||||
6.4.2
|
|
@ -1 +1 @@
|
|||
5.7.2
|
||||
5.7.4
|
|
@ -1 +1 @@
|
|||
3.0.7
|
||||
3.0.8
|
|
@ -1 +1 @@
|
|||
2.4.4
|
||||
2.4.7
|
|
@ -1 +1 @@
|
|||
1.6.6
|
||||
1.6.7
|
|
@ -1 +1 @@
|
|||
3.41
|
||||
3.42
|
|
@ -1 +1 @@
|
|||
2.4.2
|
||||
2.4.3
|
|
@ -1 +1 @@
|
|||
2.8.1
|
||||
2.9
|
|
@ -1 +1 @@
|
|||
4.5
|
||||
4.5.1
|
|
@ -1 +1 @@
|
|||
1.5.1
|
||||
1.5.2.1
|
|
@ -1 +1 @@
|
|||
1.5.3
|
||||
2.0.1
|
|
@ -1 +1 @@
|
|||
3.9.2
|
||||
3.11.2
|
|
@ -1 +1 @@
|
|||
2.8.0
|
||||
2.8.5
|
|
@ -1 +1 @@
|
|||
4.0.1
|
||||
4.0.3
|
|
@ -1 +1 @@
|
|||
5.5.2
|
||||
5.6.0
|
|
@ -1 +1 @@
|
|||
3.0.6
|
||||
3.0.13
|
|
@ -1 +1 @@
|
|||
4.3.22
|
||||
4.3.24
|
|
@ -1 +1 @@
|
|||
5.5.5
|
||||
6.1.1
|
|
@ -1 +1 @@
|
|||
7.11.0
|
||||
7.12.1
|
|
@ -1 +1 @@
|
|||
8.11.0
|
||||
8.12.1
|
|
@ -1 +1 @@
|
|||
2.3.5
|
||||
2.3.10
|
|
@ -1 +1 @@
|
|||
1.90.1
|
||||
1.95.0
|
|
@ -1 +1 @@
|
|||
2.9.14
|
||||
2.9.15
|
|
@ -1 +1 @@
|
|||
14.8.3
|
||||
15.2.4
|
|
@ -1 +1 @@
|
|||
2.1
|
||||
2.1.1
|
|
@ -1 +1 @@
|
|||
2.0.5
|
||||
2.0.8.1
|
|
@ -1 +1 @@
|
|||
3.1.3
|
||||
3.1.4.1
|
|
@ -1 +1 @@
|
|||
11.6
|
||||
11.8.4
|
|
@ -1 +1 @@
|
|||
2.4.22
|
||||
3.0.20
|
|
@ -1 +1 @@
|
|||
4.0.24
|
||||
4.1.1
|
|
@ -1 +1 @@
|
|||
9.2.81
|
||||
10.0.21
|
|
@ -1 +1 @@
|
|||
2.25.10
|
||||
2.25.12
|
|
@ -1 +1 @@
|
|||
5.3.1
|
||||
5.3.3
|
|
@ -1 +1 @@
|
|||
1.7.6
|
||||
1.7.7
|
|
@ -1 +1 @@
|
|||
1.6.3
|
||||
1.7.0
|
|
@ -1 +1 @@
|
|||
4.8.12
|
||||
4.9.1
|
|
@ -1 +1 @@
|
|||
4.3.0
|
||||
4.7.1
|
|
@ -1 +1 @@
|
|||
4.3.1
|
||||
4.4
|
|
@ -1 +1 @@
|
|||
4.84
|
||||
4.87
|
|
@ -1 +1 @@
|
|||
3.0
|
||||
3.1.1
|
|
@ -1 +1 @@
|
|||
5.6.15
|
||||
5.6.17
|
|
@ -1 +1 @@
|
|||
3.28.2
|
||||
3.28.3
|
|
@ -1 +1 @@
|
|||
7.5.9
|
||||
7.6.6
|
|
@ -1 +1 @@
|
|||
3.30
|
||||
3.35
|
|
@ -1 +1 @@
|
|||
3.6.14
|
||||
3.6.19
|
|
@ -1 +1 @@
|
|||
2.0.6
|
||||
2.1.4
|
|
@ -1 +1 @@
|
|||
2.11.1
|
||||
2.12.2
|
|
@ -0,0 +1 @@
|
|||
trunk
|
|
@ -1 +1 @@
|
|||
2.5.3
|
||||
2.6.2
|
|
@ -1 +1 @@
|
|||
1.8.8
|
||||
1.8.13
|
|
@ -1 +1 @@
|
|||
9.2.2
|
||||
9.3.2
|
|
@ -1 +1 @@
|
|||
3.3
|
||||
3.3.1
|
|
@ -1 +1 @@
|
|||
1.17.1
|
||||
1.18.0
|
|
@ -1 +1 @@
|
|||
2.2.3
|
||||
2.4.3
|
|
@ -1 +1 @@
|
|||
1.9.9.2
|
||||
2.0
|
|
@ -1 +1 @@
|
|||
4.9.45
|
||||
4.9.50
|
|
@ -1 +1 @@
|
|||
3.2.8
|
||||
3.3.3
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue