Dashboard Content Enhancements

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-07-08 15:07:55 -04:00 committed by GitHub
parent d878069f29
commit e5fb699699
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 159 additions and 65 deletions

View File

@ -10,7 +10,6 @@ info:
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6 cvss-score: 8.6
cve-id:
cwe-id: CWE-22 cwe-id: CWE-22
tags: metinfo,cnvd,cvnd2018,lfi tags: metinfo,cnvd,cvnd2018,lfi

View File

@ -4,13 +4,12 @@ info:
name: H5S CONSOLE - Unauthorized Access name: H5S CONSOLE - Unauthorized Access
author: ritikchaddha author: ritikchaddha
severity: medium severity: medium
description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE is susceptible to an unauthorized access vulnerability. description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
reference: reference:
- https://vul.wangan.com/a/CNVD-2020-67113 - https://vul.wangan.com/a/CNVD-2020-67113
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
cve-id:
cwe-id: CWE-425 cwe-id: CWE-425
metadata: metadata:
verified: true verified: true
@ -49,4 +48,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05 # Enhanced by mp on 2022/07/06

View File

@ -10,7 +10,6 @@ info:
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
cve-id:
cwe-id: CWE-200 cwe-id: CWE-200
tags: config,exposure,cnvd,cnvd2021 tags: config,exposure,cnvd,cnvd2021

View File

@ -1,7 +1,7 @@
id: CNVD-2021-28277 id: CNVD-2021-28277
info: info:
name: Landray-OA - Local File Inclusion name: Landray-OA - Local File Inclusion
author: pikpikcu,daffainfo author: pikpikcu,daffainfo
severity: high severity: high
description: Landray-OA is susceptible to local file inclusion. description: Landray-OA is susceptible to local file inclusion.
@ -13,7 +13,6 @@ info:
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6 cvss-score: 8.6
cve-id:
cwe-id: CWE-22 cwe-id: CWE-22
tags: landray,lfi,cnvd,cnvd2021 tags: landray,lfi,cnvd,cnvd2021
@ -49,4 +48,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05 # Enhanced by mp on 2022/07/06

View File

@ -4,7 +4,7 @@ info:
name: Squirrelmail <=1.4.6 - Local File Inclusion name: Squirrelmail <=1.4.6 - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
reference: reference:
- https://www.exploit-db.com/exploits/27948 - https://www.exploit-db.com/exploits/27948
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
@ -12,7 +12,10 @@ info:
- http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/ - http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842 - https://nvd.nist.gov/vuln/detail/CVE-2006-2842
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2006-2842 cve-id: CVE-2006-2842
cwe-id: CWE-22
tags: cve,cve2006,lfi,squirrelmail tags: cve,cve2006,lfi,squirrelmail
requests: requests:
@ -31,4 +34,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05 # Enhanced by mp on 2022/07/06

View File

@ -1,16 +1,20 @@
id: CVE-2007-4504 id: CVE-2007-4504
info: info:
name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
reference: reference:
- https://www.exploit-db.com/exploits/4307 - https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504 - https://www.cvedetails.com/cve/CVE-2007-4504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2007-4504 cve-id: CVE-2007-4504
cwe-id: CWE-22
tags: cve,cve2007,joomla,lfi tags: cve,cve2007,joomla,lfi
requests: requests:
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -5,14 +5,17 @@ info:
author: pussycat0x author: pussycat0x
severity: high severity: high
description: | description: |
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled, which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference: reference:
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/ - http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
- http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463 - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650 - https://nvd.nist.gov/vuln/detail/CVE-2008-2650
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-2650 cve-id: CVE-2008-2650
cwe-id: CWE-22
tags: cve,cve2008,lfi,cmsimple tags: cve,cve2008,lfi,cmsimple
requests: requests:
@ -34,4 +37,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05 # Enhanced by mp on 2022/07/06

View File

@ -31,4 +31,4 @@ requests:
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05 # Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2008-4764 id: CVE-2008-4764
info: info:
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal name: Joomla! <=2.0.0 RC2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference: reference:
- https://www.exploit-db.com/exploits/5435 - https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764 - https://www.cvedetails.com/cve/CVE-2008-4764
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/ - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-4764 cve-id: CVE-2008-4764
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2008-6080 id: CVE-2008-6080
info: info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure name: Joomla! ionFiles 4.4.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/6809 - https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080 - https://www.cvedetails.com/cve/CVE-2008-6080
- http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/ - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6080 cve-id: CVE-2008-6080
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2008-6222 id: CVE-2008-6222
info: info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/6980 - https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222 - https://www.cvedetails.com/cve/CVE-2008-6222
- http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/ - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6222 cve-id: CVE-2008-6222
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,20 @@
id: CVE-2008-6668 id: CVE-2008-6668
info: info:
name: nweb2fax <=0.2.7- Local File Inclusion name: nweb2fax <=0.2.7 - Local File Inclusion
author: geeknik author: geeknik
severity: high severity: high
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php (aka local file inclusion). description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
reference: reference:
- https://www.exploit-db.com/exploits/5856 - https://www.exploit-db.com/exploits/5856
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804 - http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173 - https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668 - https://nvd.nist.gov/vuln/detail/CVE-2008-6668
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6668 cve-id: CVE-2008-6668
cwe-id: CWE-22
tags: cve,cve2008,nweb2fax,lfi,traversal tags: cve,cve2008,nweb2fax,lfi,traversal
requests: requests:
@ -31,4 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,20 @@
id: CVE-2009-0932 id: CVE-2009-0932
info: info:
name: Horde - Horde_Image::factory driver Argument LFI name: Horde/Horde Groupware - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference: reference:
- https://www.exploit-db.com/exploits/16154 - https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
- http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695 - http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-0932 cve-id: CVE-2009-0932
cwe-id: CWE-22
tags: cve,cve2009,horde,lfi,traversal tags: cve,cve2009,horde,lfi,traversal
requests: requests:
@ -29,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-1151 id: CVE-2009-1151
info: info:
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability name: PhpMyAdmin Scripts - Remote Code Execution
author: princechaddha author: princechaddha
severity: high severity: critical
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference: reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id: CVE-2009-1151 cve-id: CVE-2009-1151
cwe-id: CWE-77
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
requests: requests:
@ -34,3 +38,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# Enhanced by mp on 2022/07/06

View File

@ -1,16 +1,20 @@
id: CVE-2009-1496 id: CVE-2009-1496
info: info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/8367 - https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1496
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1496 cve-id: CVE-2009-1496
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-1558 id: CVE-2009-1558
info: info:
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/32954 - https://www.exploit-db.com/exploits/32954
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
- http://www.vupen.com/english/advisories/2009/1173 - http://www.vupen.com/english/advisories/2009/1173
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1558 cve-id: CVE-2009-1558
cwe-id: CWE-22
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
requests: requests:
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-2015 id: CVE-2009-2015
info: info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion name: Joomla! MooFAQ 1.0 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
reference: reference:
- https://www.exploit-db.com/exploits/8898 - https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015 - https://www.cvedetails.com/cve/CVE-2009-2015
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
- http://www.vupen.com/english/advisories/2009/1530 - http://www.vupen.com/english/advisories/2009/1530
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2015 cve-id: CVE-2009-2015
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,16 +1,21 @@
id: CVE-2009-2100 id: CVE-2009-2100
info: info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/8946 - https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100 - https://www.cvedetails.com/cve/CVE-2009-2100
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
- https://nvd.nist.gov/vuln/detail/CVE-2009-2100
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2100 cve-id: CVE-2009-2100
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -28,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-3053 id: CVE-2009-3053
info: info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion name: Joomla! Agora 3.0.0b - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
reference: reference:
- https://www.exploit-db.com/exploits/9564 - https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053 - https://www.cvedetails.com/cve/CVE-2009-3053
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-3053 cve-id: CVE-2009-3053
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,15 +1,16 @@
id: CVE-2018-12613 id: CVE-2018-12613
info: info:
name: PhpMyAdmin 4.8.1 Remote File Inclusion name: PhpMyAdmin <4.8.2 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
reference: reference:
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613
- https://www.phpmyadmin.net/security/PMASA-2018-4/ - https://www.phpmyadmin.net/security/PMASA-2018-4/
- https://www.exploit-db.com/exploits/44928/ - https://www.exploit-db.com/exploits/44928/
- http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/ - http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/
- https://nvd.nist.gov/vuln/detail/CVE-2018-12613
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8 cvss-score: 8.8
@ -33,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,15 +1,17 @@
id: CVE-2018-1335 id: CVE-2018-1335
info: info:
name: Apache Tika 1.15-1.17 Header Command Injection name: Apache Tika <1.1.8- Header Command Injection
author: pikpikcu author: pikpikcu
severity: high severity: high
description: From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
remediation: Upgrade to Tika 1.18.
reference: reference:
- https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
- https://www.exploit-db.com/exploits/47208 - https://www.exploit-db.com/exploits/47208
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
- http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001 - http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001
- https://nvd.nist.gov/vuln/detail/CVE-2018-1335
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1 cvss-score: 8.1
@ -46,3 +48,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/07

View File

@ -1,15 +1,15 @@
id: CVE-2018-14918 id: CVE-2018-14918
info: info:
name: LOYTEC LGATE-902 6.3.2 - Directory Traversal name: LOYTEC LGATE-902 6.3.2 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: | description: |
The path traversal (CVE-2018-14918) allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.
reference: reference:
- https://seclists.org/fulldisclosure/2019/Apr/12 - https://seclists.org/fulldisclosure/2019/Apr/12
- https://www.cvedetails.com/cve/CVE-2018-14918/
- http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-14918
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -35,3 +35,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/07

View File

@ -1,14 +1,14 @@
id: CVE-2018-15138 id: CVE-2018-15138
info: info:
name: LG-Ericsson iPECS NMS 30M Directory Traversal name: LG-Ericsson iPECS NMS 30M - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs.
reference: reference:
- https://cxsecurity.com/issue/WLB-2018080070 - https://cxsecurity.com/issue/WLB-2018080070
- https://nvd.nist.gov/vuln/detail/CVE-2018-15138
- https://www.exploit-db.com/exploits/45167/ - https://www.exploit-db.com/exploits/45167/
- https://nvd.nist.gov/vuln/detail/CVE-2018-15138
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/07

View File

@ -1,15 +1,13 @@
id: CVE-2018-15535 id: CVE-2018-15535
info: info:
name: Responsive FileManager < 9.13.4 - Directory Traversal name: Responsive FileManager <9.13.4 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. description: Responsive FileManager before version 9.13.4 is susceptible to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory. Instead, because it does not properly neutralize get_file sequences such as ".." can resolve to a location that is outside of that directory, aka local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/45271 - https://www.exploit-db.com/exploits/45271
- https://www.cvedetails.com/cve/CVE-2018-15535 - https://nvd.nist.gov/vuln/detail/CVE-2018-15535
- http://seclists.org/fulldisclosure/2018/Aug/34
- https://www.exploit-db.com/exploits/45271/
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/07

View File

@ -1,13 +1,13 @@
id: CVE-2019-9726 id: CVE-2019-9726
info: info:
name: Homematic CCU3 - Directory Traversal / Arbitrary File Read name: Homematic CCU3 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
reference: reference:
- https://atomic111.github.io/article/homematic-ccu3-fileread - https://atomic111.github.io/article/homematic-ccu3-fileread
- https://www.cvedetails.com/cve/CVE-2019-9726 - https://nvd.nist.gov/vuln/detail/CVE-2019-9726
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/08

View File

@ -1,15 +1,16 @@
id: CVE-2020-0618 id: CVE-2020-0618
info: info:
name: RCE in SQL Server Reporting Services name: Microsoft SQL Server Reporting Services - Remote Code Execution
author: joeldeleep author: joeldeleep
severity: high severity: high
description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. description: Microsoft SQL Server Reporting Services are susceptible to a remote code execution vulnerability when it incorrectly handles page requests.
reference: reference:
- https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
- https://github.com/euphrat1ca/CVE-2020-0618 - https://github.com/euphrat1ca/CVE-2020-0618
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
- http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html - http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-0618
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8 cvss-score: 8.8
@ -29,4 +30,6 @@ requests:
- type: word - type: word
words: words:
- "view report" - "view report"
part: body part: body
# Enhanced by mp on 2022/07/08

View File

@ -1,14 +1,14 @@
id: CVE-2020-8644 id: CVE-2020-8644
info: info:
name: playSMS - Pre-Authentication Remote Code Execution (CVE-2020-8644) name: playSMS<1.4.3 - Remote Code Execution
author: dbrwsky author: dbrwsky
severity: critical severity: critical
description: PlaySMS double processes a server-side template, resulting in unauthenticated user control of input to the PlaySMS template engine. The template engines implementation then permits arbitrary code execution. description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.
reference: reference:
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8644
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/
- https://nvd.nist.gov/vuln/detail/CVE-2020-8644
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -54,3 +54,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/07

View File

@ -9,6 +9,8 @@ info:
- https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940 - https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940
- https://wordpress.org/plugins/gallery-album - https://wordpress.org/plugins/gallery-album
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946
classification:
cve-id: CVE-2022-1946
metadata: metadata:
verified: true verified: true
google-dork: inurl:"/wp-content/plugins/gallery-album/" google-dork: inurl:"/wp-content/plugins/gallery-album/"

View File

@ -10,6 +10,8 @@ info:
- https://github.com/zadam/trilium - https://github.com/zadam/trilium
- https://nvd.nist.gov/vuln/detail/CVE-2022-2290 - https://nvd.nist.gov/vuln/detail/CVE-2022-2290
- https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7 - https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
classification:
cve-id: CVE-2022-2290
metadata: metadata:
shodan-query: title:"Trilium Notes" shodan-query: title:"Trilium Notes"
verified: "true" verified: "true"