diff --git a/cnvd/2018/CNVD-2018-13393.yaml b/cnvd/2018/CNVD-2018-13393.yaml index b90e0f4e88..f215ee7764 100644 --- a/cnvd/2018/CNVD-2018-13393.yaml +++ b/cnvd/2018/CNVD-2018-13393.yaml @@ -10,7 +10,6 @@ info: classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 - cve-id: cwe-id: CWE-22 tags: metinfo,cnvd,cvnd2018,lfi diff --git a/cnvd/2020/CNVD-2020-67113.yaml b/cnvd/2020/CNVD-2020-67113.yaml index 9a93f93d0f..50b695df57 100644 --- a/cnvd/2020/CNVD-2020-67113.yaml +++ b/cnvd/2020/CNVD-2020-67113.yaml @@ -4,13 +4,12 @@ info: name: H5S CONSOLE - Unauthorized Access author: ritikchaddha severity: medium - description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE is susceptible to an unauthorized access vulnerability. + description: H5S CONSOLE is susceptible to an unauthorized access vulnerability. reference: - https://vul.wangan.com/a/CNVD-2020-67113 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 - cve-id: cwe-id: CWE-425 metadata: verified: true @@ -49,4 +48,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/07/05 +# Enhanced by mp on 2022/07/06 diff --git a/cnvd/2021/CNVD-2021-10543.yaml b/cnvd/2021/CNVD-2021-10543.yaml index 2e13a27d4e..2ff27e9afd 100644 --- a/cnvd/2021/CNVD-2021-10543.yaml +++ b/cnvd/2021/CNVD-2021-10543.yaml @@ -10,7 +10,6 @@ info: classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 - cve-id: cwe-id: CWE-200 tags: config,exposure,cnvd,cnvd2021 diff --git a/cnvd/2021/CNVD-2021-28277.yaml b/cnvd/2021/CNVD-2021-28277.yaml index d078908b6e..a30f135e9f 100644 --- a/cnvd/2021/CNVD-2021-28277.yaml +++ b/cnvd/2021/CNVD-2021-28277.yaml @@ -1,7 +1,7 @@ id: CNVD-2021-28277 info: - name: Landray-OA - Local File Inclusion + name: Landray-OA - Local File Inclusion author: pikpikcu,daffainfo severity: high description: Landray-OA is susceptible to local file inclusion. @@ -13,7 +13,6 @@ info: classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 - cve-id: cwe-id: CWE-22 tags: landray,lfi,cnvd,cnvd2021 @@ -49,4 +48,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/07/05 +# Enhanced by mp on 2022/07/06 diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml index fe843ba049..194491265e 100644 --- a/cves/2006/CVE-2006-2842.yaml +++ b/cves/2006/CVE-2006-2842.yaml @@ -4,7 +4,7 @@ info: name: Squirrelmail <=1.4.6 - Local File Inclusion author: dhiyaneshDk severity: high - description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. + description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. reference: - https://www.exploit-db.com/exploits/27948 - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE @@ -12,7 +12,10 @@ info: - http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/ - https://nvd.nist.gov/vuln/detail/CVE-2006-2842 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2006-2842 + cwe-id: CWE-22 tags: cve,cve2006,lfi,squirrelmail requests: @@ -31,4 +34,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/07/05 +# Enhanced by mp on 2022/07/06 diff --git a/cves/2007/CVE-2007-4504.yaml b/cves/2007/CVE-2007-4504.yaml index 9463b90ee5..cedde5ee40 100644 --- a/cves/2007/CVE-2007-4504.yaml +++ b/cves/2007/CVE-2007-4504.yaml @@ -1,16 +1,20 @@ id: CVE-2007-4504 info: - name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval + name: Joomla! RSfiles <=1.0.2 - Local File Inclusion author: daffainfo severity: high - description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. + description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. reference: - https://www.exploit-db.com/exploits/4307 - https://www.cvedetails.com/cve/CVE-2007-4504 - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 + - https://nvd.nist.gov/vuln/detail/CVE-2007-4504 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2007-4504 + cwe-id: CWE-22 tags: cve,cve2007,joomla,lfi requests: @@ -28,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-2650.yaml b/cves/2008/CVE-2008-2650.yaml index ae8b41a43e..727eba9f89 100644 --- a/cves/2008/CVE-2008-2650.yaml +++ b/cves/2008/CVE-2008-2650.yaml @@ -5,14 +5,17 @@ info: author: pussycat0x severity: high description: | - CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled, which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. + CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. reference: - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/ - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463 - https://nvd.nist.gov/vuln/detail/CVE-2008-2650 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2008-2650 + cwe-id: CWE-22 tags: cve,cve2008,lfi,cmsimple requests: @@ -34,4 +37,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/07/05 +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-4668.yaml b/cves/2008/CVE-2008-4668.yaml index b121a89adb..95c5588d2c 100644 --- a/cves/2008/CVE-2008-4668.yaml +++ b/cves/2008/CVE-2008-4668.yaml @@ -31,4 +31,4 @@ requests: status: - 200 -# Enhanced by mp on 2022/07/05 +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-4764.yaml b/cves/2008/CVE-2008-4764.yaml index 770bf353a1..7ad6333c25 100644 --- a/cves/2008/CVE-2008-4764.yaml +++ b/cves/2008/CVE-2008-4764.yaml @@ -1,17 +1,21 @@ id: CVE-2008-4764 info: - name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal + name: Joomla! <=2.0.0 RC2 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. + description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. reference: - https://www.exploit-db.com/exploits/5435 - https://www.cvedetails.com/cve/CVE-2008-4764 - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 + - https://nvd.nist.gov/vuln/detail/CVE-2008-4764 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2008-4764 + cwe-id: CWE-22 tags: cve,cve2008,joomla,lfi requests: @@ -29,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-6080.yaml b/cves/2008/CVE-2008-6080.yaml index 28a8edd665..24258c1902 100644 --- a/cves/2008/CVE-2008-6080.yaml +++ b/cves/2008/CVE-2008-6080.yaml @@ -1,17 +1,21 @@ id: CVE-2008-6080 info: - name: Joomla! Component ionFiles 4.4.2 - File Disclosure + name: Joomla! ionFiles 4.4.2 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/6809 - https://www.cvedetails.com/cve/CVE-2008-6080 - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/ - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ + - https://nvd.nist.gov/vuln/detail/CVE-2008-6080 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2008-6080 + cwe-id: CWE-22 tags: cve,cve2008,joomla,lfi requests: @@ -29,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-6222.yaml b/cves/2008/CVE-2008-6222.yaml index 57a99f87b8..7e62b87b43 100644 --- a/cves/2008/CVE-2008-6222.yaml +++ b/cves/2008/CVE-2008-6222.yaml @@ -1,17 +1,21 @@ id: CVE-2008-6222 info: - name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion + name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. + description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. reference: - https://www.exploit-db.com/exploits/6980 - https://www.cvedetails.com/cve/CVE-2008-6222 - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/ - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ + - https://nvd.nist.gov/vuln/detail/CVE-2008-6222 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2008-6222 + cwe-id: CWE-22 tags: cve,cve2008,joomla,lfi requests: @@ -29,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2008/CVE-2008-6668.yaml b/cves/2008/CVE-2008-6668.yaml index e8c45f2c76..b1e1632d23 100644 --- a/cves/2008/CVE-2008-6668.yaml +++ b/cves/2008/CVE-2008-6668.yaml @@ -1,17 +1,20 @@ id: CVE-2008-6668 info: - name: nweb2fax <=0.2.7- Local File Inclusion + name: nweb2fax <=0.2.7 - Local File Inclusion author: geeknik severity: high - description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php (aka local file inclusion). + description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php. reference: - https://www.exploit-db.com/exploits/5856 - http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804 - https://exchange.xforce.ibmcloud.com/vulnerabilities/43173 - https://nvd.nist.gov/vuln/detail/CVE-2008-6668 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2008-6668 + cwe-id: CWE-22 tags: cve,cve2008,nweb2fax,lfi,traversal requests: @@ -31,4 +34,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/07/05 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-0932.yaml b/cves/2009/CVE-2009-0932.yaml index 030dbd5df7..ae3a6b70ee 100644 --- a/cves/2009/CVE-2009-0932.yaml +++ b/cves/2009/CVE-2009-0932.yaml @@ -1,17 +1,20 @@ id: CVE-2009-0932 info: - name: Horde - Horde_Image::factory driver Argument LFI + name: Horde/Horde Groupware - Local File Inclusion author: pikpikcu severity: high - description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. + description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. reference: - https://www.exploit-db.com/exploits/16154 - - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2 - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 - http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695 + - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-0932 + cwe-id: CWE-22 tags: cve,cve2009,horde,lfi,traversal requests: @@ -29,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-1151.yaml b/cves/2009/CVE-2009-1151.yaml index 8d29f59a9b..ddf70a075e 100644 --- a/cves/2009/CVE-2009-1151.yaml +++ b/cves/2009/CVE-2009-1151.yaml @@ -1,17 +1,21 @@ id: CVE-2009-1151 info: - name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability + name: PhpMyAdmin Scripts - Remote Code Execution author: princechaddha - severity: high - description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + severity: critical + description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. reference: - https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php + - https://nvd.nist.gov/vuln/detail/CVE-2009-1151 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 cve-id: CVE-2009-1151 + cwe-id: CWE-77 tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa requests: @@ -34,3 +38,5 @@ requests: - type: regex regex: - "root:.*:0:0:" + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-1496.yaml b/cves/2009/CVE-2009-1496.yaml index 43075ef122..aa1ad36f1b 100644 --- a/cves/2009/CVE-2009-1496.yaml +++ b/cves/2009/CVE-2009-1496.yaml @@ -1,16 +1,20 @@ id: CVE-2009-1496 info: - name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal + name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. + description: | + Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. reference: - https://www.exploit-db.com/exploits/8367 - - https://www.cvedetails.com/cve/CVE-2009-1496 - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ + - https://nvd.nist.gov/vuln/detail/CVE-2009-1496 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-1496 + cwe-id: CWE-22 tags: cve,cve2009,joomla,lfi requests: @@ -28,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-1558.yaml b/cves/2009/CVE-2009-1558.yaml index 7a8af924bc..8ebdf5675e 100644 --- a/cves/2009/CVE-2009-1558.yaml +++ b/cves/2009/CVE-2009-1558.yaml @@ -1,17 +1,21 @@ id: CVE-2009-1558 info: - name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal + name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. reference: - https://www.exploit-db.com/exploits/32954 - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - http://www.vupen.com/english/advisories/2009/1173 - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ + - https://nvd.nist.gov/vuln/detail/CVE-2009-1558 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-1558 + cwe-id: CWE-22 tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal requests: @@ -28,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-2015.yaml b/cves/2009/CVE-2009-2015.yaml index 643006cd31..1b8aaff160 100644 --- a/cves/2009/CVE-2009-2015.yaml +++ b/cves/2009/CVE-2009-2015.yaml @@ -1,17 +1,21 @@ id: CVE-2009-2015 info: - name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion + name: Joomla! MooFAQ 1.0 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion). reference: - https://www.exploit-db.com/exploits/8898 - https://www.cvedetails.com/cve/CVE-2009-2015 - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ - http://www.vupen.com/english/advisories/2009/1530 + - https://nvd.nist.gov/vuln/detail/CVE-2009-2015 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-2015 + cwe-id: CWE-22 tags: cve,cve2009,joomla,lfi requests: @@ -29,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-2100.yaml b/cves/2009/CVE-2009-2100.yaml index 8521b7a1f5..17c3fc5ae2 100644 --- a/cves/2009/CVE-2009-2100.yaml +++ b/cves/2009/CVE-2009-2100.yaml @@ -1,16 +1,21 @@ id: CVE-2009-2100 info: - name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion + name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. reference: - https://www.exploit-db.com/exploits/8946 - https://www.cvedetails.com/cve/CVE-2009-2100 - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ + - https://nvd.nist.gov/vuln/detail/CVE-2009-2100 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-2100 + cwe-id: CWE-22 tags: cve,cve2009,joomla,lfi requests: @@ -28,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2009/CVE-2009-3053.yaml b/cves/2009/CVE-2009-3053.yaml index 9457d3a08b..0071b01e3e 100644 --- a/cves/2009/CVE-2009-3053.yaml +++ b/cves/2009/CVE-2009-3053.yaml @@ -1,17 +1,21 @@ id: CVE-2009-3053 info: - name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion + name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severity: high - description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. + description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. reference: - https://www.exploit-db.com/exploits/9564 - https://www.cvedetails.com/cve/CVE-2009-3053 - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 + - https://nvd.nist.gov/vuln/detail/CVE-2009-3053 classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2009-3053 + cwe-id: CWE-22 tags: cve,cve2009,joomla,lfi requests: @@ -29,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2018/CVE-2018-12613.yaml b/cves/2018/CVE-2018-12613.yaml index 8a06f8f2f1..795b9b7340 100644 --- a/cves/2018/CVE-2018-12613.yaml +++ b/cves/2018/CVE-2018-12613.yaml @@ -1,15 +1,16 @@ id: CVE-2018-12613 info: - name: PhpMyAdmin 4.8.1 Remote File Inclusion + name: PhpMyAdmin <4.8.2 - Local File Inclusion author: pikpikcu severity: high - description: An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). + description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). reference: - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - https://www.phpmyadmin.net/security/PMASA-2018-4/ - https://www.exploit-db.com/exploits/44928/ - http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-12613 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 @@ -33,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/06 diff --git a/cves/2018/CVE-2018-1335.yaml b/cves/2018/CVE-2018-1335.yaml index 5cde8dd54e..095694550c 100644 --- a/cves/2018/CVE-2018-1335.yaml +++ b/cves/2018/CVE-2018-1335.yaml @@ -1,15 +1,17 @@ id: CVE-2018-1335 info: - name: Apache Tika 1.15-1.17 Header Command Injection + name: Apache Tika <1.1.8- Header Command Injection author: pikpikcu severity: high - description: From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. + description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. + remediation: Upgrade to Tika 1.18. reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001 + - https://nvd.nist.gov/vuln/detail/CVE-2018-1335 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 @@ -46,3 +48,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/07 diff --git a/cves/2018/CVE-2018-14918.yaml b/cves/2018/CVE-2018-14918.yaml index 7e87d20c60..45c5677633 100644 --- a/cves/2018/CVE-2018-14918.yaml +++ b/cves/2018/CVE-2018-14918.yaml @@ -1,15 +1,15 @@ id: CVE-2018-14918 info: - name: LOYTEC LGATE-902 6.3.2 - Directory Traversal + name: LOYTEC LGATE-902 6.3.2 - Local File Inclusion author: 0x_Akoko severity: high description: | - The path traversal (CVE-2018-14918) allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. + LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. reference: - https://seclists.org/fulldisclosure/2019/Apr/12 - - https://www.cvedetails.com/cve/CVE-2018-14918/ - http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html + - https://nvd.nist.gov/vuln/detail/CVE-2018-14918 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -35,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/07 diff --git a/cves/2018/CVE-2018-15138.yaml b/cves/2018/CVE-2018-15138.yaml index cca957188f..7de14fe8b9 100644 --- a/cves/2018/CVE-2018-15138.yaml +++ b/cves/2018/CVE-2018-15138.yaml @@ -1,14 +1,14 @@ id: CVE-2018-15138 info: - name: LG-Ericsson iPECS NMS 30M Directory Traversal + name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0x_Akoko severity: high - description: Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. + description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. reference: - https://cxsecurity.com/issue/WLB-2018080070 - - https://nvd.nist.gov/vuln/detail/CVE-2018-15138 - https://www.exploit-db.com/exploits/45167/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-15138 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -32,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/07 diff --git a/cves/2018/CVE-2018-15535.yaml b/cves/2018/CVE-2018-15535.yaml index ee9978be79..c888195d0a 100644 --- a/cves/2018/CVE-2018-15535.yaml +++ b/cves/2018/CVE-2018-15535.yaml @@ -1,15 +1,13 @@ id: CVE-2018-15535 info: - name: Responsive FileManager < 9.13.4 - Directory Traversal + name: Responsive FileManager <9.13.4 - Local File Inclusion author: daffainfo severity: high - description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. + description: Responsive FileManager before version 9.13.4 is susceptible to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory. Instead, because it does not properly neutralize get_file sequences such as ".." can resolve to a location that is outside of that directory, aka local file inclusion. reference: - https://www.exploit-db.com/exploits/45271 - - https://www.cvedetails.com/cve/CVE-2018-15535 - - http://seclists.org/fulldisclosure/2018/Aug/34 - - https://www.exploit-db.com/exploits/45271/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-15535 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -32,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/07 diff --git a/cves/2019/CVE-2019-9726.yaml b/cves/2019/CVE-2019-9726.yaml index 7506985038..3d72166b96 100644 --- a/cves/2019/CVE-2019-9726.yaml +++ b/cves/2019/CVE-2019-9726.yaml @@ -1,13 +1,13 @@ id: CVE-2019-9726 info: - name: Homematic CCU3 - Directory Traversal / Arbitrary File Read + name: Homematic CCU3 - Local File Inclusion author: 0x_Akoko severity: high - description: Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. + description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. reference: - https://atomic111.github.io/article/homematic-ccu3-fileread - - https://www.cvedetails.com/cve/CVE-2019-9726 + - https://nvd.nist.gov/vuln/detail/CVE-2019-9726 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -32,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/08 diff --git a/cves/2020/CVE-2020-0618.yaml b/cves/2020/CVE-2020-0618.yaml index a32f853dab..742368e8a1 100644 --- a/cves/2020/CVE-2020-0618.yaml +++ b/cves/2020/CVE-2020-0618.yaml @@ -1,15 +1,16 @@ id: CVE-2020-0618 info: - name: RCE in SQL Server Reporting Services + name: Microsoft SQL Server Reporting Services - Remote Code Execution author: joeldeleep severity: high - description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. + description: Microsoft SQL Server Reporting Services are susceptible to a remote code execution vulnerability when it incorrectly handles page requests. reference: - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ - https://github.com/euphrat1ca/CVE-2020-0618 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 - http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-0618 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 @@ -29,4 +30,6 @@ requests: - type: word words: - "view report" - part: body \ No newline at end of file + part: body + +# Enhanced by mp on 2022/07/08 diff --git a/cves/2020/CVE-2020-8644.yaml b/cves/2020/CVE-2020-8644.yaml index 0c8aea5ab1..0d0ebaf202 100644 --- a/cves/2020/CVE-2020-8644.yaml +++ b/cves/2020/CVE-2020-8644.yaml @@ -1,14 +1,14 @@ id: CVE-2020-8644 info: - name: playSMS - Pre-Authentication Remote Code Execution (CVE-2020-8644) + name: playSMS<1.4.3 - Remote Code Execution author: dbrwsky severity: critical - description: PlaySMS double processes a server-side template, resulting in unauthenticated user control of input to the PlaySMS template engine. The template engine’s implementation then permits arbitrary code execution. + description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. reference: - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8644 - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -54,3 +54,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/07/07 diff --git a/cves/2022/CVE-2022-1946.yaml b/cves/2022/CVE-2022-1946.yaml index 73bf0e716d..569d007746 100644 --- a/cves/2022/CVE-2022-1946.yaml +++ b/cves/2022/CVE-2022-1946.yaml @@ -9,6 +9,8 @@ info: - https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940 - https://wordpress.org/plugins/gallery-album - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946 + classification: + cve-id: CVE-2022-1946 metadata: verified: true google-dork: inurl:"/wp-content/plugins/gallery-album/" diff --git a/cves/2022/CVE-2022-2290.yaml b/cves/2022/CVE-2022-2290.yaml index 24af792d3f..b82b138dab 100644 --- a/cves/2022/CVE-2022-2290.yaml +++ b/cves/2022/CVE-2022-2290.yaml @@ -10,6 +10,8 @@ info: - https://github.com/zadam/trilium - https://nvd.nist.gov/vuln/detail/CVE-2022-2290 - https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7 + classification: + cve-id: CVE-2022-2290 metadata: shodan-query: title:"Trilium Notes" verified: "true"