updated 2018 CVEs
parent
a92ce6783f
commit
e6a5d8ec22
|
@ -5,6 +5,8 @@ info:
|
|||
author: jrolf
|
||||
severity: critical
|
||||
description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by Cisco to fix the vulnerability.
|
||||
reference:
|
||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2
|
||||
- http://web.archive.org/web/20211207054802/https://securitytracker.com/id/1040345
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-0127
|
||||
cwe-id: CWE-200,CWE-306
|
||||
epss-score: 0.0948
|
||||
cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.93961
|
||||
cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: "cisco"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
|
||||
remediation: |
|
||||
Apply the necessary security patches or updates provided by Cisco to fix the local file inclusion vulnerability.
|
||||
reference:
|
||||
- https://github.com/yassineaboukir/CVE-2018-0296
|
||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
|
||||
|
@ -18,8 +20,8 @@ info:
|
|||
cve-id: CVE-2018-0296
|
||||
cwe-id: CWE-22,CWE-20
|
||||
epss-score: 0.97446
|
||||
cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99918
|
||||
cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: cisco
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Jolokia or apply the necessary security patches to mitigate the XSS vulnerability.
|
||||
reference:
|
||||
- https://jolokia.org/#Security_fixes_with_1.5.0
|
||||
- https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
|
||||
|
@ -18,8 +20,8 @@ info:
|
|||
cve-id: CVE-2018-1000129
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00232
|
||||
cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.60647
|
||||
cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: jolokia
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
|
||||
reference:
|
||||
- https://jolokia.org/#Security_fixes_with_1.5.0
|
||||
- https://access.redhat.com/errata/RHSA-2018:2669
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-1000130
|
||||
cwe-id: CWE-74
|
||||
epss-score: 0.89191
|
||||
cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.98305
|
||||
cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: jolokia
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: c-sh0
|
||||
severity: critical
|
||||
description: Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Cobbler.
|
||||
reference:
|
||||
- https://github.com/cobbler/cobbler/issues/1916
|
||||
- https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-1000226
|
||||
cwe-id: CWE-732
|
||||
epss-score: 0.01552
|
||||
cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.85554
|
||||
cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: cobblerd
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: critical
|
||||
description: klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.
|
||||
remediation: |
|
||||
Upgrade GitList to version 0.6.0 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-1000533
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.97207
|
||||
cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99732
|
||||
cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: gitlist
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.
|
||||
remediation: |
|
||||
Upgrade Jenkins GitHub Plugin to version 1.29.2 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915
|
||||
- https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2018-1000600
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.95579
|
||||
cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
|
||||
epss-percentile: 0.99139
|
||||
cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: jenkins
|
||||
vendor: jenkins
|
||||
product: github
|
||||
framework: jenkins
|
||||
tags: cve,cve2018,jenkins,ssrf,oast,github
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor.
|
||||
reference:
|
||||
- https://github.com/sympa-community/sympa/issues/268
|
||||
- https://vuldb.com/?id.123670
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2018-1000671
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00831
|
||||
cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.79859
|
||||
cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.html:"sympa"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: sympa
|
||||
product: sympa
|
||||
shodan-query: http.html:"sympa"
|
||||
tags: cve,cve2018,redirect,sympa,debian
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field.
|
||||
remediation: |
|
||||
Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/domainmod/domainmod/issues/80
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000856
|
||||
|
@ -15,11 +17,11 @@ info:
|
|||
cve-id: CVE-2018-1000856
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00101
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.40768
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: domainmod
|
||||
product: domainmod
|
||||
tags: cve,cve2018,domainmod,xss,authenticated
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: dhiyaneshDK,pikpikcu
|
||||
severity: critical
|
||||
description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
|
||||
remediation: |
|
||||
Apply the latest security patches and updates provided by Jenkins to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000861
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-1000861
|
||||
cwe-id: CWE-502
|
||||
epss-score: 0.97412
|
||||
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
|
||||
epss-percentile: 0.99884
|
||||
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: jenkins
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by AudioCodes to fix the vulnerability and ensure proper input validation.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/46164
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10093
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-10093
|
||||
cwe-id: CWE-862
|
||||
epss-score: 0.06287
|
||||
cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.92688
|
||||
cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: audiocodes
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
|
||||
remediation: |
|
||||
Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/
|
||||
- https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56
|
||||
|
@ -18,8 +20,8 @@ info:
|
|||
cve-id: CVE-2018-10095
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.95296
|
||||
cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99069
|
||||
cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: dolibarr
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.
|
||||
remediation: |
|
||||
Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://security.paloaltonetworks.com/CVE-2018-10141
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10141
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-10141
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00126
|
||||
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.46484
|
||||
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: paloaltonetworks
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_akoko
|
||||
severity: high
|
||||
description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/147303/Ncomputing-vSPace-Pro-10-11-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10201
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-10201
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.063
|
||||
cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.92695
|
||||
cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
vendor: ncomputing
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.
|
||||
remediation: |
|
||||
Upgrade Zend Server to version 9.13 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf
|
||||
- https://www.zend.com/en/products/server/release-notes
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-10230
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00122
|
||||
cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45743
|
||||
cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: zend
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: gy741
|
||||
severity: critical
|
||||
description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router
|
||||
- https://github.com/f3d0x0/GPON/blob/master/gpon_rce.py
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-10562
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.97576
|
||||
cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99999
|
||||
cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: dasannetworks
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: gy741
|
||||
severity: critical
|
||||
description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by LG to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
|
||||
- https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by D-Link to fix the vulnerability
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45678
|
||||
- http://sploit.tech/2018/10/12/D-Link.html
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-10822
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.17386
|
||||
cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.95419
|
||||
cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: dlink
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45676
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10823
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-10823
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.96863
|
||||
cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99564
|
||||
cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: dlink
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.
|
||||
remediation: |
|
||||
Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability.
|
||||
reference:
|
||||
- https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/
|
||||
- https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2018-10956
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.65072
|
||||
cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.97442
|
||||
cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Orchid Core VMS"
|
||||
vendor: ipconfigure
|
||||
product: orchid_core_vms
|
||||
shodan-query: http.title:"Orchid Core VMS"
|
||||
tags: cve,cve2018,orchid,vms,lfi,edb
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Upgrade Monstra CMS to a version higher than 3.0.4 or apply the official patch provided by the vendor.
|
||||
reference:
|
||||
- https://github.com/monstra-cms/monstra/issues/438
|
||||
- https://www.exploit-db.com/exploits/44646
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2018-11227
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.02667
|
||||
cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.89064
|
||||
cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.favicon.hash:419828698
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: monstra
|
||||
product: monstra_cms
|
||||
shodan-query: http.favicon.hash:419828698
|
||||
tags: cve,cve2018,xss,mostra,mostracms,cms,edb
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
OpenCart Divido plugin is susceptible to SQL injection
|
||||
remediation: |
|
||||
Apply the official patch or upgrade to a version that includes the fix.
|
||||
reference:
|
||||
- https://web.archive.org/web/20220331072310/http://foreversong.cn/archives/1183
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-11231
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2018-11231
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00903
|
||||
cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:*
|
||||
epss-percentile: 0.80727
|
||||
cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: opencart
|
||||
vendor: divido
|
||||
product: divido
|
||||
framework: opencart
|
||||
tags: cve,cve2018,opencart,sqli,intrusive
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: harshbothra_
|
||||
severity: medium
|
||||
description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
|
||||
remediation: |
|
||||
Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://github.com/kofa2002/splunk
|
||||
- https://www.exploit-db.com/exploits/44865/
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-11409
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.95758
|
||||
cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99181
|
||||
cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: splunk
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://github.com/monstra-cms/monstra/issues/446
|
||||
- https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2018-11473
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00097
|
||||
cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.39898
|
||||
cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: http.favicon.hash:419828698
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: monstra
|
||||
product: monstra
|
||||
shodan-query: http.favicon.hash:419828698
|
||||
tags: cve,cve2018,xss,mostra,mostracms,cms
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: daffainfo
|
||||
severity: medium
|
||||
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
|
||||
remediation: |
|
||||
Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-11709
|
||||
- https://wordpress.org/plugins/wpforo/#developers
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2018-11709
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00151
|
||||
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.50613
|
||||
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: gvectors
|
||||
product: wpforo_forum
|
||||
framework: wordpress
|
||||
tags: cve,cve2018,wordpress,xss,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Apache Tomcat JK Connect (1.2.45 or higher) or apply the recommended security patches.
|
||||
reference:
|
||||
- https://github.com/immunIT/CVE-2018-11759
|
||||
- https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E
|
||||
|
@ -18,13 +20,13 @@ info:
|
|||
cve-id: CVE-2018-11759
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.97443
|
||||
cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99916
|
||||
cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
vendor: apache
|
||||
product: tomcat_jk_connector
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
tags: cve,cve2018,apache,tomcat,httpd,mod-jk
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.
|
||||
remediation: |
|
||||
Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
|
||||
reference:
|
||||
- https://github.com/jas502n/St2-057
|
||||
- https://cwiki.apache.org/confluence/display/WW/S2-057
|
||||
|
@ -18,8 +20,8 @@ info:
|
|||
cve-id: CVE-2018-11776
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.97557
|
||||
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99995
|
||||
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: apache
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
|
||||
remediation: |
|
||||
Upgrade to Apache Tomcat version 9.0.12 or later, or apply the relevant patch provided by the Apache Software Foundation.
|
||||
reference:
|
||||
- https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-11784
|
||||
|
@ -18,13 +20,13 @@ info:
|
|||
cve-id: CVE-2018-11784
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.96524
|
||||
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99413
|
||||
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
vendor: apache
|
||||
product: tomcat
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
tags: packetstorm,tomcat,redirect,cve,cve2018,apache
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: daffainfo
|
||||
severity: critical
|
||||
description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.
|
||||
remediation: |
|
||||
Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
|
||||
- https://www.exploit-db.com/exploits/48614
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-12031
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01411
|
||||
cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.84811
|
||||
cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: eaton
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: wisnupramoedya
|
||||
severity: high
|
||||
description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.
|
||||
remediation: |
|
||||
Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerability in the Schools Alert Management Script.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44874
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12054
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-12054
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.43824
|
||||
cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96879
|
||||
cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: schools_alert_management_script_project
|
||||
|
|
|
@ -8,6 +8,8 @@ info:
|
|||
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability
|
||||
which could be used to execute remote code. A remote unauthenticated attacker may
|
||||
potentially be able to use CGI variables to execute remote code.
|
||||
remediation: |
|
||||
Apply the latest firmware updates provided by Dell to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://downloads.dell.com/solutions/dell-management-solution-resources/iDRAC_CVE%201207_1211_1000116.pdf
|
||||
- https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py
|
||||
|
@ -20,8 +22,8 @@ info:
|
|||
cve-id: CVE-2018-1207
|
||||
cwe-id: CWE-94
|
||||
epss-score: 0.01778
|
||||
cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.86487
|
||||
cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: dell
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.
|
||||
remediation: |
|
||||
Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44895
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-12095
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00407
|
||||
cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.70495
|
||||
cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: oecms_project
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: princechaddha
|
||||
severity: high
|
||||
description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Seagate NAS OS.
|
||||
reference:
|
||||
- https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12296
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-12296
|
||||
cwe-id: CWE-732
|
||||
epss-score: 0.01503
|
||||
cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.85298
|
||||
cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: seagate
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Seagate to fix the open redirect vulnerability in NAS OS 4.3.15.1.
|
||||
reference:
|
||||
- https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12300
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-12300
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00118
|
||||
cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45103
|
||||
cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: seagate
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
|
||||
remediation: |
|
||||
Upgrade PhpMyAdmin to version 4.8.2 or later to fix the vulnerability.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613
|
||||
- https://www.phpmyadmin.net/security/PMASA-2018-4/
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-12613
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.97383
|
||||
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99864
|
||||
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: phpmyadmin
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: geeknik
|
||||
severity: critical
|
||||
description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
|
||||
remediation: |
|
||||
Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability.
|
||||
reference:
|
||||
- https://circontrol.com/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12634
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-12634
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.95864
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99211
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: circontrol
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory
|
||||
- https://vuldb.com/?id.125799
|
||||
|
@ -17,11 +19,11 @@ info:
|
|||
cve-id: CVE-2018-12675
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00118
|
||||
cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45103
|
||||
cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: sv3c
|
||||
product: h.264_poe_ip_camera_firmware
|
||||
tags: cve,cve2018,redirect,sv3c,camera,iot
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: hetroublemakr
|
||||
severity: medium
|
||||
description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
remediation: |
|
||||
Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
|
||||
- https://pivotal.io/security/cve-2018-1271
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-1271
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00803
|
||||
cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.79507
|
||||
cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: vmware
|
||||
|
|
|
@ -11,6 +11,8 @@ info:
|
|||
An unauthenticated remote malicious user (or attacker) can supply
|
||||
specially crafted request parameters against Spring Data REST backed HTTP resources
|
||||
or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
|
||||
remediation: |
|
||||
Apply the latest security patches provided by the vendor to fix the deserialization vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1273
|
||||
- https://pivotal.io/security/cve-2018-1273
|
||||
|
@ -22,8 +24,8 @@ info:
|
|||
cve-id: CVE-2018-1273
|
||||
cwe-id: CWE-94,CWE-20
|
||||
epss-score: 0.97498
|
||||
cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.9996
|
||||
cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: pivotal_software
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI
|
||||
remediation: |
|
||||
Upgrade Webgrind to a version higher than 1.5 or apply the necessary patches provided by the vendor.
|
||||
reference:
|
||||
- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Webgrind%20fileviewer.phtml%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2018-12909.md
|
||||
- https://github.com/jokkedk/webgrind/issues/112
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2018-12909
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01119
|
||||
cpe: cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.82786
|
||||
cpe: cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
fofa-query: app="Webgrind"
|
||||
max-request: 1
|
||||
vendor: webgrind_project
|
||||
product: webgrind
|
||||
fofa-query: app="Webgrind"
|
||||
tags: cve,cve2018,lfi,webgrind
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
|
||||
remediation: |
|
||||
Apply the latest security patch or update provided by Zoho ManageEngine to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://github.com/unh3x/just4cve/issues/10
|
||||
- http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-12998
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.97052
|
||||
cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99648
|
||||
cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: zohocorp
|
||||
|
|
|
@ -5,20 +5,20 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
|
||||
remediation: Upgrade to Tika 1.18.
|
||||
reference:
|
||||
- https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
|
||||
- https://www.exploit-db.com/exploits/47208
|
||||
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-1335
|
||||
- http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
|
||||
remediation: Upgrade to Tika 1.18.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
cve-id: CVE-2018-1335
|
||||
epss-score: 0.97218
|
||||
cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99743
|
||||
cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: apache
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: organiccrap
|
||||
severity: critical
|
||||
description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).
|
||||
remediation: |
|
||||
Apply the necessary patches or updates provided by Fortinet to fix the vulnerability.
|
||||
reference:
|
||||
- https://fortiguard.com/advisory/FG-IR-18-384
|
||||
- https://www.fortiguard.com/psirt/FG-IR-20-233
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2018-13379
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.97486
|
||||
cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99951
|
||||
cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.html:"/remote/login" "xxxxxxxx"
|
||||
max-request: 1
|
||||
vendor: fortinet
|
||||
product: fortios
|
||||
shodan-query: http.html:"/remote/login" "xxxxxxxx"
|
||||
tags: cve,cve2018,fortios,lfi,kev
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: shelld3v,AaronChen0
|
||||
severity: medium
|
||||
description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Fortinet to fix this vulnerability.
|
||||
reference:
|
||||
- https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
|
||||
- https://fortiguard.com/advisory/FG-IR-18-383
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-13380
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00122
|
||||
cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45743
|
||||
cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: fortinet
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: wisnupramoedya
|
||||
severity: medium
|
||||
description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
|
||||
remediation: |
|
||||
Upgrade Zeta Producer Desktop CMS to version 14.2.1 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45016
|
||||
- https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-13980
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.0018
|
||||
cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.5447
|
||||
cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: zeta-producer
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients.
|
||||
remediation: |
|
||||
Upgrade to a version of Synacor Zimbra Collaboration Suite Collaboration that is equal to or greater than 8.8.11 to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
|
||||
- https://bugzilla.zimbra.com/show_bug.cgi?id=109018
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-14013
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00512
|
||||
cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.73663
|
||||
cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: synacor
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: critical
|
||||
description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in VelotiSmart Wifi.
|
||||
reference:
|
||||
- https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
|
||||
- https://www.exploit-db.com/exploits/45030
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-14064
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.28372
|
||||
cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96243
|
||||
cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: velotismart_project
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Orange Forum or apply the necessary security patches to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa
|
||||
- https://seclists.org/fulldisclosure/2019/Jan/32
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-14474
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00068
|
||||
cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.28011
|
||||
cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: goodoldweb
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade to the latest version of Django or apply the relevant patch provided by the Django project.
|
||||
reference:
|
||||
- https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
|
||||
- https://usn.ubuntu.com/3726-1/
|
||||
|
@ -18,8 +20,8 @@ info:
|
|||
cve-id: CVE-2018-14574
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.01218
|
||||
cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.83586
|
||||
cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: djangoproject
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: madrobot
|
||||
severity: critical
|
||||
description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
|
||||
- https://www.exploit-db.com/exploits/45103/
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-14728
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.96926
|
||||
cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99601
|
||||
cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: tecrail
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
|
||||
remediation: |
|
||||
Upgrade cgit to version 1.2.1 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://cxsecurity.com/issue/WLB-2018080034
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-14912
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-14912
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.97246
|
||||
cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99761
|
||||
cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: cgit_project
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: critical
|
||||
description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.
|
||||
remediation: |
|
||||
Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-14916
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-14916
|
||||
cwe-id: CWE-732
|
||||
epss-score: 0.00483
|
||||
cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.72875
|
||||
cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: loytec
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by LOYTEC to fix the LFI vulnerability.
|
||||
reference:
|
||||
- https://seclists.org/fulldisclosure/2019/Apr/12
|
||||
- http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2018-14918
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.4378
|
||||
cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96878
|
||||
cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.html:"LGATE-902"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: loytec
|
||||
product: lgate-902_firmware
|
||||
shodan-query: http.html:"LGATE-902"
|
||||
tags: loytec,lfi,seclists,packetstorm,cve,cve2018,lgate
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Polarisft to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-14931
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-14931
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00118
|
||||
cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45103
|
||||
cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: polarisft
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://cxsecurity.com/issue/WLB-2018080070
|
||||
- https://www.exploit-db.com/exploits/45167/
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-15138
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.34955
|
||||
cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96565
|
||||
cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: ericssonlg
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: gy741
|
||||
severity: high
|
||||
description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by D-Link to fix the SSRF vulnerability in Central WifiManager.
|
||||
reference:
|
||||
- http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15517
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-15517
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.01414
|
||||
cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:*
|
||||
epss-percentile: 0.84824
|
||||
cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: dlink
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.
|
||||
remediation: |
|
||||
Upgrade to Responsive FileManager version 9.13.4 or later to fix the vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45271
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15535
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-15535
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.97149
|
||||
cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99695
|
||||
cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: tecrail
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Argus Surveillance DVR.
|
||||
reference:
|
||||
- http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt
|
||||
- http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-15745
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.9654
|
||||
cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99425
|
||||
cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: argussurveillance
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
|
||||
remediation: |
|
||||
Upgrade to the latest version to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45338
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15917
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-15917
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
shodan-query: title:"Login - Jorani"
|
||||
tags: cve,cve2018,jorani,xss
|
||||
|
||||
|
@ -25,12 +27,12 @@ http:
|
|||
- |
|
||||
GET /session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login=&CipheredValue= HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET /session/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: SkyLark-Lab,ImNightmaree
|
||||
severity: critical
|
||||
description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
|
||||
remediation: |
|
||||
Apply the necessary security patches or updates provided by Adobe to fix this vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15961
|
||||
- https://github.com/xbufu/CVE-2018-15961
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2018-15961
|
||||
cwe-id: CWE-434
|
||||
epss-score: 0.97453
|
||||
cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
|
||||
epss-percentile: 0.99925
|
||||
cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
vendor: adobe
|
||||
product: coldfusion
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: daffainfo
|
||||
severity: medium
|
||||
description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in WirelessHART Fieldgate SWG70 3.0.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45342
|
||||
- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-16059
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.60231
|
||||
cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.97328
|
||||
cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: endress
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html
|
||||
- http://www.cybrotech.com/
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16133
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.11636
|
||||
cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.94538
|
||||
cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: cybrotech
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
|
||||
remediation: |
|
||||
Apply the latest patch or upgrade to a newer version of BIBLIOsoft BIBLIOpac 2008 that addresses the XSS vulnerability.
|
||||
reference:
|
||||
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2018-16139
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00135
|
||||
cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.47998
|
||||
cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: title:"Bibliopac"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: bibliosoft
|
||||
product: bibliopac
|
||||
shodan-query: title:"Bibliopac"
|
||||
tags: cve,cve2018,xss,bibliopac,bibliosoft
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,27 +6,27 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: Fixed in version 4.1.8.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9117
|
||||
- https://wordpress.org/plugins/gift-voucher/
|
||||
- https://www.exploit-db.com/exploits/45255/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16159
|
||||
- https://wpvulndb.com/vulnerabilities/9117
|
||||
remediation: Fixed in version 4.1.8.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-16159
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01247
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.83832
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: codemenschen
|
||||
product: gift_vouchers
|
||||
framework: wordpress
|
||||
tags: sqli,wordpress,unauth,wp,gift-voucher,cve2018,edb,wpscan,cve,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: gy741
|
||||
severity: critical
|
||||
description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
||||
remediation: |
|
||||
Upgrade LogonTracer to a version higher than 1.2.0.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49918
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16167
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16167
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.13203
|
||||
cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.94828
|
||||
cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: jpcert
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x240x23elu
|
||||
severity: critical
|
||||
description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Plugin Wechat Broadcast or apply the patch provided by the vendor to fix the LFI vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45438
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16283
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2018-16283
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.2134
|
||||
cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.95789
|
||||
cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: wechat_brodcast_project
|
||||
product: wechat_brodcast
|
||||
framework: wordpress
|
||||
tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.
|
||||
remediation: |
|
||||
Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45440
|
||||
- http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16288
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.2541
|
||||
cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96066
|
||||
cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: lg
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Localize My Post plugin.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45439
|
||||
- https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2018-16299
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.08709
|
||||
cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.93696
|
||||
cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: localize_my_post_project
|
||||
product: localize_my_post
|
||||
framework: wordpress
|
||||
tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.
|
||||
remediation: |
|
||||
Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16299
|
||||
classification:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: geeknik
|
||||
severity: medium
|
||||
description: CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45384
|
||||
- https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16668
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.00352
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.68356
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: circontrol
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: geeknik
|
||||
severity: medium
|
||||
description: CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45384
|
||||
- https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16670
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.00187
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.55422
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: circontrol
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: geeknik
|
||||
severity: medium
|
||||
description: CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45384
|
||||
- https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-16671
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.00357
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.68577
|
||||
cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: "circontrol"
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: critical
|
||||
description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
|
||||
remediation: |
|
||||
Apply the latest patch or update from the vendor to fix the directory traversal vulnerability in the NCBI ToolBox.
|
||||
reference:
|
||||
- https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16716
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-16716
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00803
|
||||
cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.7951
|
||||
cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: nih
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade to Eventum version 3.4.0 or later to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/
|
||||
- https://github.com/eventum/eventum/releases/tag/v3.4.0
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16761
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00068
|
||||
cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.28011
|
||||
cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: eventum_project
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: critical
|
||||
description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
|
||||
remediation: |
|
||||
Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47138
|
||||
- https://www.getfuelcms.com/
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-16763
|
||||
cwe-id: CWE-74
|
||||
epss-score: 0.79948
|
||||
cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.97878
|
||||
cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: thedaylightstudio
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: critical
|
||||
description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Rubedo CMS (>=3.4.1) or apply the provided security patch.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45385
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16836
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-16836
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.34263
|
||||
cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96533
|
||||
cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: rubedo_project
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.
|
||||
remediation: |
|
||||
Upgrade Monstra CMS to version 3.0.5 or later to mitigate the HTTP Header Injection vulnerability.
|
||||
reference:
|
||||
- https://github.com/howchen/howchen/issues/4
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16979
|
||||
|
@ -15,11 +17,11 @@ info:
|
|||
cve-id: CVE-2018-16979
|
||||
cwe-id: CWE-113
|
||||
epss-score: 0.00118
|
||||
cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45103
|
||||
cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: monstra
|
||||
product: monstra
|
||||
tags: cve,cve2018,crlf,mostra,mostracms,cms
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by Western Digital to fix the authentication bypass vulnerability.
|
||||
reference:
|
||||
- https://web.archive.org/web/20170315123948/https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/
|
||||
- https://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html
|
||||
|
@ -19,11 +21,11 @@ info:
|
|||
epss-score: 0.01264
|
||||
cpe: cpe:2.3:o:western_digital:my_cloud_wdbctl0020hwt_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1074357885
|
||||
max-request: 1
|
||||
vendor: western_digital
|
||||
product: my_cloud_wdbctl0020hwt_firmware
|
||||
shodan-query: http.favicon.hash:-1074357885
|
||||
tags: cve,cve2018,auth-bypass,rce,wdcloud
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: princechaddha,thelicato
|
||||
severity: critical
|
||||
description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
|
||||
remediation: |
|
||||
Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
|
||||
- https://www.elastic.co/community/security
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-17246
|
||||
cwe-id: CWE-829,CWE-73
|
||||
epss-score: 0.96913
|
||||
cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99595
|
||||
cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: elastic
|
||||
|
|
|
@ -5,23 +5,23 @@ info:
|
|||
author: Suman_Kar
|
||||
severity: critical
|
||||
description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
|
||||
remediation: Update or remove the affected plugin.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
|
||||
- https://www.exploit-db.com/exploits/45423/
|
||||
remediation: Update or remove the affected plugin.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-17254
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.81793
|
||||
cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:*
|
||||
epss-percentile: 0.97937
|
||||
cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: joomla\!
|
||||
vendor: arkextensions
|
||||
product: jck_editor
|
||||
framework: joomla\!
|
||||
tags: cve,cve2018,packetstorm,edb,joomla,sqli
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade to a version of DotCMS that is higher than 5.0.2 to mitigate the open redirect vulnerability.
|
||||
reference:
|
||||
- https://github.com/dotCMS/core/issues/15286
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-17422
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2018-17422
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00118
|
||||
cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.45103
|
||||
cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: http.title:"dotCMS"
|
||||
max-request: 2
|
||||
vendor: dotcms
|
||||
product: dotcms
|
||||
shodan-query: http.title:"dotCMS"
|
||||
tags: cve,cve2018,redirect,dotcms
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Comodo to fix this vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/48825
|
||||
- https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-17431
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.10458
|
||||
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.94254
|
||||
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: comodo
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: nadino
|
||||
severity: medium
|
||||
description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
|
||||
remediation: |
|
||||
Update WordPress sitepress-multilingual-cms to the latest version to mitigate the XSS vulnerability.
|
||||
reference:
|
||||
- https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18069
|
||||
|
@ -14,13 +16,13 @@ info:
|
|||
cve-id: CVE-2018-18069
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00106
|
||||
cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.42502
|
||||
cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: wpml
|
||||
product: wpml
|
||||
framework: wordpress
|
||||
tags: cve,cve2018,wordpress,xss,plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
|
||||
remediation: |
|
||||
Upgrade to Kubernetes Dashboard version 1.10.1 or later to mitigate the authentication bypass vulnerability.
|
||||
reference:
|
||||
- https://github.com/kubernetes/dashboard/pull/3289
|
||||
- https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
|
||||
|
@ -18,13 +20,13 @@ info:
|
|||
cve-id: CVE-2018-18264
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.97405
|
||||
cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99881
|
||||
cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: product:"Kubernetes"
|
||||
vendor: kubernetes
|
||||
product: dashboard
|
||||
shodan-query: product:"Kubernetes"
|
||||
tags: cve,cve2018,kubernetes,k8s,auth-bypass
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Centos Web Panel.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html
|
||||
- http://centos-webpanel.com/
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-18323
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.97376
|
||||
cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99858
|
||||
cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: control-webpanel
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: emadshanab
|
||||
severity: medium
|
||||
description: Planon before Live Build 41 is vulnerable to cross-site scripting.
|
||||
remediation: |
|
||||
Apply the latest patch or upgrade to a non-vulnerable version of Planon Live Build.
|
||||
reference:
|
||||
- https://www2.deloitte.com/de/de/pages/risk/articles/planon-cross-site-scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-18570
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2018-18570
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00098
|
||||
cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.40032
|
||||
cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: planonsoftware
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
|
||||
remediation: |
|
||||
Upgrade to the latest version of DedeCMS or apply the official patch provided by the vendor to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://github.com/ky-j/dedecms/issues/8
|
||||
- https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2018-18608
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00177
|
||||
cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:*
|
||||
epss-percentile: 0.54186
|
||||
cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.html:"DedeCms"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: dedecms
|
||||
product: dedecms
|
||||
shodan-query: http.html:"DedeCms"
|
||||
tags: dedecms,xss,cve,cve2018
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45755
|
||||
- http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-18775
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00235
|
||||
cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.60867
|
||||
cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: microstrategy
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
|
||||
remediation: |
|
||||
Apply the latest security patches or upgrade to a newer version of Microstrategy Web.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45755
|
||||
- http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2018-18777
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00238
|
||||
cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.61201
|
||||
cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: microstrategy
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion.
|
||||
remediation: |
|
||||
Upgrade ACME mini_httpd to version 1.30 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/
|
||||
- http://www.acme.com/software/mini_httpd/
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-18778
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.95125
|
||||
cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99024
|
||||
cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: acme
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
|
||||
remediation: |
|
||||
Apply the latest security patches or upgrade to a patched version of TIBCO JasperReports Library.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html
|
||||
- https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2018-18809
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.46465
|
||||
cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:*
|
||||
epss-percentile: 0.96953
|
||||
cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: html:"jasperserver-pro"
|
||||
max-request: 1
|
||||
vendor: tibco
|
||||
product: jasperreports_library
|
||||
shodan-query: html:"jasperserver-pro"
|
||||
tags: packetstorm,cve,cve2018,lfi,kev,jasperserver,jasperreport
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,20 +5,20 @@ info:
|
|||
author: princechaddha
|
||||
severity: critical
|
||||
description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
|
||||
remediation: This issue will be fixed by updating to the latest version of Gogs.
|
||||
reference:
|
||||
- https://www.anquanke.com/post/id/163575
|
||||
- https://github.com/vulhub/vulhub/tree/master/gogs/CVE-2018-18925
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2018-18925
|
||||
- https://github.com/gogs/gogs/issues/5469
|
||||
remediation: This issue will be fixed by updating to the latest version of Gogs.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-18925
|
||||
cwe-id: CWE-384
|
||||
epss-score: 0.13227
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.94833
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: gogs
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.
|
||||
remediation: |
|
||||
Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45883/
|
||||
- https://github.com/domainmod/domainmod/issues/79
|
||||
|
@ -16,11 +18,11 @@ info:
|
|||
cve-id: CVE-2018-19136
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00247
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.61938
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: domainmod
|
||||
product: domainmod
|
||||
tags: edb,cve,cve2018,domainmod,xss,authenticated
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.
|
||||
remediation: |
|
||||
Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/domainmod/domainmod/issues/79
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19137
|
||||
|
@ -15,11 +17,11 @@ info:
|
|||
cve-id: CVE-2018-19137
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.0008
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.33312
|
||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: domainmod
|
||||
product: domainmod
|
||||
tags: cve,cve2018,domainmod,xss,authenticated
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Upgrade to the latest version of the Ninja Forms plugin (3.3.18 or higher) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/fb036dc2-0ee8-4a3e-afac-f52050b3f8c7
|
||||
- https://wordpress.org/plugins/ninja-forms/
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2018-19287
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.82305
|
||||
cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.97953
|
||||
cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: ninjaforma
|
||||
product: ninja_forms
|
||||
framework: wordpress
|
||||
tags: wp-plugin,wp,xss,authenticated,wpscan,edb,cve,cve2018,ninja-forms,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences (/../), conduct directory traversal attacks, and view arbitrary files.
|
||||
remediation: |
|
||||
Apply the latest firmware update provided by Zyxel to fix the Local File Inclusion vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45904
|
||||
- https://www.cybersecurity-help.cz/vdb/SB2018120309
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2018-19326
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01394
|
||||
cpe: cpe:2.3:o:zyxel:vmg1312-b10d_firmware:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.84719
|
||||
cpe: cpe:2.3:o:zyxel:vmg1312-b10d_firmware:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.html:"VMG1312-B10D"
|
||||
max-request: 1
|
||||
vendor: zyxel
|
||||
product: vmg1312-b10d_firmware
|
||||
shodan-query: http.html:"VMG1312-B10D"
|
||||
tags: lfi,modem,router,edb,cve,cve2018,zyxel
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: critical
|
||||
description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
|
||||
remediation: |
|
||||
Upgrade to the latest version of Wowza Streaming Engine Manager or apply the necessary patches to fix the directory traversal vulnerability.
|
||||
reference:
|
||||
- https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19365
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-19365
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01616
|
||||
cpe: cpe:2.3:a:wowza:streaming_engine:4.7.4.0.1:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.85867
|
||||
cpe: cpe:2.3:a:wowza:streaming_engine:4.7.4.0.1:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: wowza
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
|
||||
remediation: |
|
||||
Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer.
|
||||
reference:
|
||||
- https://i.imgur.com/Y7t2AD6.png
|
||||
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
|
||||
|
@ -15,8 +17,8 @@ info:
|
|||
cve-id: CVE-2018-19386
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00205
|
||||
cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.57738
|
||||
cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: solarwinds
|
||||
|
|
|
@ -5,19 +5,19 @@ info:
|
|||
author: madrobot,dwisiswant0
|
||||
severity: medium
|
||||
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
|
||||
remediation: Fixed in later versions including 5.4.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19439
|
||||
- http://seclists.org/fulldisclosure/2018/Nov/58
|
||||
remediation: Fixed in later versions including 5.4.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-19439
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.01135
|
||||
cpe: cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.82901
|
||||
cpe: cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: oracle
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
|
||||
remediation: |
|
||||
Upgrade PHP Proxy to a version that is not affected by the vulnerability (3.0.4 or later) or apply the necessary patches provided by the vendor.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45780
|
||||
- https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html
|
||||
|
@ -17,8 +19,8 @@ info:
|
|||
cve-id: CVE-2018-19458
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.10992
|
||||
cpe: cpe:2.3:a:php-proxy:php-proxy:3.0.3:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.9438
|
||||
cpe: cpe:2.3:a:php-proxy:php-proxy:3.0.3:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: php-proxy
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue