diff --git a/http/cves/2018/CVE-2018-0127.yaml b/http/cves/2018/CVE-2018-0127.yaml index a9c797b79b..5baf5b4d69 100644 --- a/http/cves/2018/CVE-2018-0127.yaml +++ b/http/cves/2018/CVE-2018-0127.yaml @@ -5,6 +5,8 @@ info: author: jrolf severity: critical description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. + remediation: | + Apply the latest firmware update provided by Cisco to fix the vulnerability. reference: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 - http://web.archive.org/web/20211207054802/https://securitytracker.com/id/1040345 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-0127 cwe-id: CWE-200,CWE-306 epss-score: 0.0948 - cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:* epss-percentile: 0.93961 + cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: "cisco" diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml index 042c491e3f..a4355ca662 100644 --- a/http/cves/2018/CVE-2018-0296.yaml +++ b/http/cves/2018/CVE-2018-0296.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. + remediation: | + Apply the necessary security patches or updates provided by Cisco to fix the local file inclusion vulnerability. reference: - https://github.com/yassineaboukir/CVE-2018-0296 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-0296 cwe-id: CWE-22,CWE-20 epss-score: 0.97446 - cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* epss-percentile: 0.99918 + cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cisco diff --git a/http/cves/2018/CVE-2018-1000129.yaml b/http/cves/2018/CVE-2018-1000129.yaml index 911308436c..4ff853ba46 100644 --- a/http/cves/2018/CVE-2018-1000129.yaml +++ b/http/cves/2018/CVE-2018-1000129.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser. + remediation: | + Upgrade to a patched version of Jolokia or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://jolokia.org/#Security_fixes_with_1.5.0 - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-1000129 cwe-id: CWE-79 epss-score: 0.00232 - cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:* epss-percentile: 0.60647 + cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:* metadata: max-request: 2 vendor: jolokia diff --git a/http/cves/2018/CVE-2018-1000130.yaml b/http/cves/2018/CVE-2018-1000130.yaml index a0ff2f9fc8..46e4c5a9ac 100644 --- a/http/cves/2018/CVE-2018-1000130.yaml +++ b/http/cves/2018/CVE-2018-1000130.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the vulnerability. reference: - https://jolokia.org/#Security_fixes_with_1.5.0 - https://access.redhat.com/errata/RHSA-2018:2669 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-1000130 cwe-id: CWE-74 epss-score: 0.89191 - cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:* epss-percentile: 0.98305 + cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: jolokia diff --git a/http/cves/2018/CVE-2018-1000226.yaml b/http/cves/2018/CVE-2018-1000226.yaml index 5e0e702474..820ac1157d 100644 --- a/http/cves/2018/CVE-2018-1000226.yaml +++ b/http/cves/2018/CVE-2018-1000226.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: critical description: Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Cobbler. reference: - https://github.com/cobbler/cobbler/issues/1916 - https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/ @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-1000226 cwe-id: CWE-732 epss-score: 0.01552 - cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:* epss-percentile: 0.85554 + cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cobblerd diff --git a/http/cves/2018/CVE-2018-1000533.yaml b/http/cves/2018/CVE-2018-1000533.yaml index f5c2c4ad7c..35ac6cc1d6 100644 --- a/http/cves/2018/CVE-2018-1000533.yaml +++ b/http/cves/2018/CVE-2018-1000533.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution. + remediation: | + Upgrade GitList to version 0.6.0 or later to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000533 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-1000533 cwe-id: CWE-20 epss-score: 0.97207 - cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* epss-percentile: 0.99732 + cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: gitlist diff --git a/http/cves/2018/CVE-2018-1000600.yaml b/http/cves/2018/CVE-2018-1000600.yaml index de3d9880c8..10d5e286d1 100644 --- a/http/cves/2018/CVE-2018-1000600.yaml +++ b/http/cves/2018/CVE-2018-1000600.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. + remediation: | + Upgrade Jenkins GitHub Plugin to version 1.29.2 or later to mitigate the vulnerability. reference: - https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915 - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/ @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-1000600 cwe-id: CWE-200 epss-score: 0.95579 - cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:* epss-percentile: 0.99139 + cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 - framework: jenkins vendor: jenkins product: github + framework: jenkins tags: cve,cve2018,jenkins,ssrf,oast,github http: diff --git a/http/cves/2018/CVE-2018-1000671.yaml b/http/cves/2018/CVE-2018-1000671.yaml index 7d221aea66..4c166e0a86 100644 --- a/http/cves/2018/CVE-2018-1000671.yaml +++ b/http/cves/2018/CVE-2018-1000671.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. + remediation: | + Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor. reference: - https://github.com/sympa-community/sympa/issues/268 - https://vuldb.com/?id.123670 @@ -17,14 +19,14 @@ info: cve-id: CVE-2018-1000671 cwe-id: CWE-601 epss-score: 0.00831 - cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* epss-percentile: 0.79859 + cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"sympa" verified: true + max-request: 1 vendor: sympa product: sympa + shodan-query: http.html:"sympa" tags: cve,cve2018,redirect,sympa,debian http: diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml index 736acb1182..04f08ba604 100644 --- a/http/cves/2018/CVE-2018-1000856.yaml +++ b/http/cves/2018/CVE-2018-1000856.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/80 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000856 @@ -15,11 +17,11 @@ info: cve-id: CVE-2018-1000856 cwe-id: CWE-79 epss-score: 0.00101 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.40768 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve,cve2018,domainmod,xss,authenticated diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml index 878b09b65d..fbd4a11343 100644 --- a/http/cves/2018/CVE-2018-1000861.yaml +++ b/http/cves/2018/CVE-2018-1000861.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK,pikpikcu severity: critical description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. + remediation: | + Apply the latest security patches and updates provided by Jenkins to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-1000861 cwe-id: CWE-502 epss-score: 0.97412 - cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* epss-percentile: 0.99884 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 1 vendor: jenkins diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml index c24aac42b2..f9e1a8ec28 100644 --- a/http/cves/2018/CVE-2018-10093.yaml +++ b/http/cves/2018/CVE-2018-10093.yaml @@ -6,6 +6,8 @@ info: severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. + remediation: | + Apply the latest firmware update provided by AudioCodes to fix the vulnerability and ensure proper input validation. reference: - https://www.exploit-db.com/exploits/46164 - https://nvd.nist.gov/vuln/detail/CVE-2018-10093 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-10093 cwe-id: CWE-862 epss-score: 0.06287 - cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:* epss-percentile: 0.92688 + cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:* metadata: max-request: 1 vendor: audiocodes diff --git a/http/cves/2018/CVE-2018-10095.yaml b/http/cves/2018/CVE-2018-10095.yaml index f8151245f8..8a11077dbd 100644 --- a/http/cves/2018/CVE-2018-10095.yaml +++ b/http/cves/2018/CVE-2018-10095.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. + remediation: | + Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability. reference: - https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/ - https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-10095 cwe-id: CWE-79 epss-score: 0.95296 - cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* epss-percentile: 0.99069 + cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dolibarr diff --git a/http/cves/2018/CVE-2018-10141.yaml b/http/cves/2018/CVE-2018-10141.yaml index a3ad528525..653f661ca5 100644 --- a/http/cves/2018/CVE-2018-10141.yaml +++ b/http/cves/2018/CVE-2018-10141.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. + remediation: | + Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability. reference: - https://security.paloaltonetworks.com/CVE-2018-10141 - https://nvd.nist.gov/vuln/detail/CVE-2018-10141 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-10141 cwe-id: CWE-79 epss-score: 0.00126 - cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* epss-percentile: 0.46484 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: paloaltonetworks diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml index 02b2f9a6b9..9059365187 100644 --- a/http/cves/2018/CVE-2018-10201.yaml +++ b/http/cves/2018/CVE-2018-10201.yaml @@ -5,6 +5,8 @@ info: author: 0x_akoko severity: high description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability. + remediation: | + Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability. reference: - https://packetstormsecurity.com/files/147303/Ncomputing-vSPace-Pro-10-11-Directory-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2018-10201 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-10201 cwe-id: CWE-22 epss-score: 0.063 - cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* epss-percentile: 0.92695 + cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* metadata: max-request: 4 vendor: ncomputing diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml index 026875d4a6..861e184639 100644 --- a/http/cves/2018/CVE-2018-10230.yaml +++ b/http/cves/2018/CVE-2018-10230.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter. + remediation: | + Upgrade Zend Server to version 9.13 or later to mitigate this vulnerability. reference: - https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf - https://www.zend.com/en/products/server/release-notes @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-10230 cwe-id: CWE-79 epss-score: 0.00122 - cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:* epss-percentile: 0.45743 + cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zend diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml index b30d69e1e3..3fc4a67e12 100644 --- a/http/cves/2018/CVE-2018-10562.yaml +++ b/http/cves/2018/CVE-2018-10562.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router - https://github.com/f3d0x0/GPON/blob/master/gpon_rce.py @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-10562 cwe-id: CWE-78 epss-score: 0.97576 - cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:* epss-percentile: 0.99999 + cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: dasannetworks diff --git a/http/cves/2018/CVE-2018-10818.yaml b/http/cves/2018/CVE-2018-10818.yaml index 3cf9e915dc..76ac3674bd 100644 --- a/http/cves/2018/CVE-2018-10818.yaml +++ b/http/cves/2018/CVE-2018-10818.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter. + remediation: | + Apply the latest firmware update provided by LG to mitigate this vulnerability. reference: - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247 diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml index 67ec795841..fb52a5ef1c 100644 --- a/http/cves/2018/CVE-2018-10822.yaml +++ b/http/cves/2018/CVE-2018-10822.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface. + remediation: | + Apply the latest firmware update provided by D-Link to fix the vulnerability reference: - https://www.exploit-db.com/exploits/45678 - http://sploit.tech/2018/10/12/D-Link.html @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-10822 cwe-id: CWE-22 epss-score: 0.17386 - cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.95419 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink diff --git a/http/cves/2018/CVE-2018-10823.yaml b/http/cves/2018/CVE-2018-10823.yaml index cf60450f35..af1b49c7d2 100644 --- a/http/cves/2018/CVE-2018-10823.yaml +++ b/http/cves/2018/CVE-2018-10823.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. + remediation: | + Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45676 - https://nvd.nist.gov/vuln/detail/CVE-2018-10823 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-10823 cwe-id: CWE-78 epss-score: 0.96863 - cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.99564 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml index 297afc058a..063588bf3e 100644 --- a/http/cves/2018/CVE-2018-10956.yaml +++ b/http/cves/2018/CVE-2018-10956.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. + remediation: | + Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability. reference: - https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/ - https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-10956 cwe-id: CWE-22 epss-score: 0.65072 - cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:* epss-percentile: 0.97442 + cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.title:"Orchid Core VMS" vendor: ipconfigure product: orchid_core_vms + shodan-query: http.title:"Orchid Core VMS" tags: cve,cve2018,orchid,vms,lfi,edb http: diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml index 7916f6ab2a..0d602eaf9b 100644 --- a/http/cves/2018/CVE-2018-11227.yaml +++ b/http/cves/2018/CVE-2018-11227.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade Monstra CMS to a version higher than 3.0.4 or apply the official patch provided by the vendor. reference: - https://github.com/monstra-cms/monstra/issues/438 - https://www.exploit-db.com/exploits/44646 @@ -17,14 +19,14 @@ info: cve-id: CVE-2018-11227 cwe-id: CWE-79 epss-score: 0.02667 - cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* epss-percentile: 0.89064 + cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.favicon.hash:419828698 verified: true + max-request: 1 vendor: monstra product: monstra_cms + shodan-query: http.favicon.hash:419828698 tags: cve,cve2018,xss,mostra,mostracms,cms,edb http: diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml index a44352b3bc..71ebf9e7b3 100644 --- a/http/cves/2018/CVE-2018-11231.yaml +++ b/http/cves/2018/CVE-2018-11231.yaml @@ -6,6 +6,8 @@ info: severity: high description: | OpenCart Divido plugin is susceptible to SQL injection + remediation: | + Apply the official patch or upgrade to a version that includes the fix. reference: - https://web.archive.org/web/20220331072310/http://foreversong.cn/archives/1183 - https://nvd.nist.gov/vuln/detail/CVE-2018-11231 @@ -16,13 +18,13 @@ info: cve-id: CVE-2018-11231 cwe-id: CWE-89 epss-score: 0.00903 - cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:* epss-percentile: 0.80727 + cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:* metadata: max-request: 1 - framework: opencart vendor: divido product: divido + framework: opencart tags: cve,cve2018,opencart,sqli,intrusive variables: num: "999999999" diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml index 813b9715e1..b5118a2e4c 100644 --- a/http/cves/2018/CVE-2018-11409.yaml +++ b/http/cves/2018/CVE-2018-11409.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: medium description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. + remediation: | + Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability. reference: - https://github.com/kofa2002/splunk - https://www.exploit-db.com/exploits/44865/ @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-11409 cwe-id: CWE-200 epss-score: 0.95758 - cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* epss-percentile: 0.99181 + cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: splunk diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml index 909e83933c..9510ab55b3 100644 --- a/http/cves/2018/CVE-2018-11473.yaml +++ b/http/cves/2018/CVE-2018-11473.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/monstra-cms/monstra/issues/446 - https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-11473 cwe-id: CWE-79 epss-score: 0.00097 - cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* epss-percentile: 0.39898 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: - max-request: 2 - shodan-query: http.favicon.hash:419828698 verified: true + max-request: 2 vendor: monstra product: monstra + shodan-query: http.favicon.hash:419828698 tags: cve,cve2018,xss,mostra,mostracms,cms http: diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml index 5fe2b73bc0..f6e9e76821 100644 --- a/http/cves/2018/CVE-2018-11709.yaml +++ b/http/cves/2018/CVE-2018-11709.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. + remediation: | + Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-11709 - https://wordpress.org/plugins/wpforo/#developers @@ -16,13 +18,13 @@ info: cve-id: CVE-2018-11709 cwe-id: CWE-79 epss-score: 0.00151 - cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* epss-percentile: 0.50613 + cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: gvectors product: wpforo_forum + framework: wordpress tags: cve,cve2018,wordpress,xss,wp-plugin http: diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml index 7d08ad065d..7eea3583a6 100644 --- a/http/cves/2018/CVE-2018-11759.yaml +++ b/http/cves/2018/CVE-2018-11759.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. + remediation: | + Upgrade to a patched version of Apache Tomcat JK Connect (1.2.45 or higher) or apply the recommended security patches. reference: - https://github.com/immunIT/CVE-2018-11759 - https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E @@ -18,13 +20,13 @@ info: cve-id: CVE-2018-11759 cwe-id: CWE-22 epss-score: 0.97443 - cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* epss-percentile: 0.99916 + cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* metadata: max-request: 2 - shodan-query: title:"Apache Tomcat" vendor: apache product: tomcat_jk_connector + shodan-query: title:"Apache Tomcat" tags: cve,cve2018,apache,tomcat,httpd,mod-jk http: diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml index 8c661eb508..902cee9120 100644 --- a/http/cves/2018/CVE-2018-11776.yaml +++ b/http/cves/2018/CVE-2018-11776.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: - https://github.com/jas502n/St2-057 - https://cwiki.apache.org/confluence/display/WW/S2-057 @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-11776 cwe-id: CWE-20 epss-score: 0.97557 - cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* epss-percentile: 0.99995 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml index af52b2ed44..66e4fd3979 100644 --- a/http/cves/2018/CVE-2018-11784.yaml +++ b/http/cves/2018/CVE-2018-11784.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. + remediation: | + Upgrade to Apache Tomcat version 9.0.12 or later, or apply the relevant patch provided by the Apache Software Foundation. reference: - https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2018-11784 @@ -18,13 +20,13 @@ info: cve-id: CVE-2018-11784 cwe-id: CWE-601 epss-score: 0.96524 - cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* epss-percentile: 0.99413 + cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: title:"Apache Tomcat" vendor: apache product: tomcat + shodan-query: title:"Apache Tomcat" tags: packetstorm,tomcat,redirect,cve,cve2018,apache http: diff --git a/http/cves/2018/CVE-2018-12031.yaml b/http/cves/2018/CVE-2018-12031.yaml index 27d6fd7b53..5ad0f2efe6 100644 --- a/http/cves/2018/CVE-2018-12031.yaml +++ b/http/cves/2018/CVE-2018-12031.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. + remediation: | + Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability. reference: - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - https://www.exploit-db.com/exploits/48614 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-12031 cwe-id: CWE-22 epss-score: 0.01411 - cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:* epss-percentile: 0.84811 + cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:* metadata: max-request: 2 vendor: eaton diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml index 1c99b61b97..d27be094e2 100644 --- a/http/cves/2018/CVE-2018-12054.yaml +++ b/http/cves/2018/CVE-2018-12054.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: high description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. + remediation: | + Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerability in the Schools Alert Management Script. reference: - https://www.exploit-db.com/exploits/44874 - https://nvd.nist.gov/vuln/detail/CVE-2018-12054 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-12054 cwe-id: CWE-22 epss-score: 0.43824 - cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:* epss-percentile: 0.96879 + cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: schools_alert_management_script_project diff --git a/http/cves/2018/CVE-2018-1207.yaml b/http/cves/2018/CVE-2018-1207.yaml index 98f218b5df..e7a0400c5f 100644 --- a/http/cves/2018/CVE-2018-1207.yaml +++ b/http/cves/2018/CVE-2018-1207.yaml @@ -8,6 +8,8 @@ info: Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. + remediation: | + Apply the latest firmware updates provided by Dell to mitigate this vulnerability. reference: - https://downloads.dell.com/solutions/dell-management-solution-resources/iDRAC_CVE%201207_1211_1000116.pdf - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py @@ -20,8 +22,8 @@ info: cve-id: CVE-2018-1207 cwe-id: CWE-94 epss-score: 0.01778 - cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:* epss-percentile: 0.86487 + cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dell diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml index 627c331bad..4351fa57e1 100644 --- a/http/cves/2018/CVE-2018-12095.yaml +++ b/http/cves/2018/CVE-2018-12095.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. + remediation: | + Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/44895 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-12095 cwe-id: CWE-79 epss-score: 0.00407 - cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:* epss-percentile: 0.70495 + cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oecms_project diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml index 1636f9a33f..89a2a6a0e5 100644 --- a/http/cves/2018/CVE-2018-12296.yaml +++ b/http/cves/2018/CVE-2018-12296.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos. + remediation: | + Upgrade to a patched version of Seagate NAS OS. reference: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12296 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-12296 cwe-id: CWE-732 epss-score: 0.01503 - cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* epss-percentile: 0.85298 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: seagate diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml index 92f7e22058..0b072cd49a 100644 --- a/http/cves/2018/CVE-2018-12300.yaml +++ b/http/cves/2018/CVE-2018-12300.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. + remediation: | + Apply the latest security patches or updates provided by Seagate to fix the open redirect vulnerability in NAS OS 4.3.15.1. reference: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12300 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-12300 cwe-id: CWE-601 epss-score: 0.00118 - cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: seagate diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml index f27ae5be55..9977d721cf 100644 --- a/http/cves/2018/CVE-2018-12613.yaml +++ b/http/cves/2018/CVE-2018-12613.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). + remediation: | + Upgrade PhpMyAdmin to version 4.8.2 or later to fix the vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - https://www.phpmyadmin.net/security/PMASA-2018-4/ @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-12613 cwe-id: CWE-287 epss-score: 0.97383 - cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* epss-percentile: 0.99864 + cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: phpmyadmin diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml index 794f558ad9..9a7407fd1c 100644 --- a/http/cves/2018/CVE-2018-12634.yaml +++ b/http/cves/2018/CVE-2018-12634.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. + remediation: | + Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability. reference: - https://circontrol.com/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12634 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-12634 cwe-id: CWE-200 epss-score: 0.95864 - cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* epss-percentile: 0.99211 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: circontrol diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml index 769964b0ef..63f0ae2ffc 100644 --- a/http/cves/2018/CVE-2018-12675.yaml +++ b/http/cves/2018/CVE-2018-12675.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: - https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory - https://vuldb.com/?id.125799 @@ -17,11 +19,11 @@ info: cve-id: CVE-2018-12675 cwe-id: CWE-601 epss-score: 0.00118 - cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 vendor: sv3c product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml index eb3fd429bb..aeb370861b 100644 --- a/http/cves/2018/CVE-2018-1271.yaml +++ b/http/cves/2018/CVE-2018-1271.yaml @@ -5,6 +5,8 @@ info: author: hetroublemakr severity: medium description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. + remediation: | + Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability. reference: - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d - https://pivotal.io/security/cve-2018-1271 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-1271 cwe-id: CWE-22 epss-score: 0.00803 - cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* epss-percentile: 0.79507 + cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: vmware diff --git a/http/cves/2018/CVE-2018-1273.yaml b/http/cves/2018/CVE-2018-1273.yaml index cf16f3780f..9b03d71764 100644 --- a/http/cves/2018/CVE-2018-1273.yaml +++ b/http/cves/2018/CVE-2018-1273.yaml @@ -11,6 +11,8 @@ info: An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. + remediation: | + Apply the latest security patches provided by the vendor to fix the deserialization vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-1273 - https://pivotal.io/security/cve-2018-1273 @@ -22,8 +24,8 @@ info: cve-id: CVE-2018-1273 cwe-id: CWE-94,CWE-20 epss-score: 0.97498 - cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:* epss-percentile: 0.9996 + cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: pivotal_software diff --git a/http/cves/2018/CVE-2018-12909.yaml b/http/cves/2018/CVE-2018-12909.yaml index bbc8c61928..1df5e56b81 100644 --- a/http/cves/2018/CVE-2018-12909.yaml +++ b/http/cves/2018/CVE-2018-12909.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI + remediation: | + Upgrade Webgrind to a version higher than 1.5 or apply the necessary patches provided by the vendor. reference: - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Webgrind%20fileviewer.phtml%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2018-12909.md - https://github.com/jokkedk/webgrind/issues/112 @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-12909 cwe-id: CWE-22 epss-score: 0.01119 - cpe: cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:* epss-percentile: 0.82786 + cpe: cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - fofa-query: app="Webgrind" + max-request: 1 vendor: webgrind_project product: webgrind + fofa-query: app="Webgrind" tags: cve,cve2018,lfi,webgrind http: diff --git a/http/cves/2018/CVE-2018-12998.yaml b/http/cves/2018/CVE-2018-12998.yaml index 8f2258a9d4..447f26b5d3 100644 --- a/http/cves/2018/CVE-2018-12998.yaml +++ b/http/cves/2018/CVE-2018-12998.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + remediation: | + Apply the latest security patch or update provided by Zoho ManageEngine to fix the XSS vulnerability. reference: - https://github.com/unh3x/just4cve/issues/10 - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-12998 cwe-id: CWE-79 epss-score: 0.97052 - cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:* epss-percentile: 0.99648 + cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zohocorp diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml index 31b58ef8eb..6ad8f9c683 100644 --- a/http/cves/2018/CVE-2018-1335.yaml +++ b/http/cves/2018/CVE-2018-1335.yaml @@ -5,20 +5,20 @@ info: author: pikpikcu severity: high description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. + remediation: Upgrade to Tika 1.18. reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2018-1335 - http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html - remediation: Upgrade to Tika 1.18. classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-1335 epss-score: 0.97218 - cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* epss-percentile: 0.99743 + cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml index 37557205a0..85a76a35fd 100644 --- a/http/cves/2018/CVE-2018-13379.yaml +++ b/http/cves/2018/CVE-2018-13379.yaml @@ -5,6 +5,8 @@ info: author: organiccrap severity: critical description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal). + remediation: | + Apply the necessary patches or updates provided by Fortinet to fix the vulnerability. reference: - https://fortiguard.com/advisory/FG-IR-18-384 - https://www.fortiguard.com/psirt/FG-IR-20-233 @@ -15,14 +17,14 @@ info: cve-id: CVE-2018-13379 cwe-id: CWE-22 epss-score: 0.97486 - cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* epss-percentile: 0.99951 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - shodan-query: http.html:"/remote/login" "xxxxxxxx" + max-request: 1 vendor: fortinet product: fortios + shodan-query: http.html:"/remote/login" "xxxxxxxx" tags: cve,cve2018,fortios,lfi,kev http: diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml index 219b1eb3e2..e4cdcbddbb 100644 --- a/http/cves/2018/CVE-2018-13380.yaml +++ b/http/cves/2018/CVE-2018-13380.yaml @@ -5,6 +5,8 @@ info: author: shelld3v,AaronChen0 severity: medium description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. + remediation: | + Apply the latest security patches or updates provided by Fortinet to fix this vulnerability. reference: - https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html - https://fortiguard.com/advisory/FG-IR-18-383 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-13380 cwe-id: CWE-79 epss-score: 0.00122 - cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* epss-percentile: 0.45743 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: fortinet diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml index 261d2ad26d..b6835c8640 100644 --- a/http/cves/2018/CVE-2018-13980.yaml +++ b/http/cves/2018/CVE-2018-13980.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: medium description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. + remediation: | + Upgrade Zeta Producer Desktop CMS to version 14.2.1 or later to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/45016 - https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/ @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-13980 cwe-id: CWE-22 epss-score: 0.0018 - cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* epss-percentile: 0.5447 + cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zeta-producer diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml index c28957583e..210ceed65d 100644 --- a/http/cves/2018/CVE-2018-14013.yaml +++ b/http/cves/2018/CVE-2018-14013.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. + remediation: | + Upgrade to a version of Synacor Zimbra Collaboration Suite Collaboration that is equal to or greater than 8.8.11 to mitigate the vulnerability. reference: - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - https://bugzilla.zimbra.com/show_bug.cgi?id=109018 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-14013 cwe-id: CWE-79 epss-score: 0.00512 - cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* epss-percentile: 0.73663 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: synacor diff --git a/http/cves/2018/CVE-2018-14064.yaml b/http/cves/2018/CVE-2018-14064.yaml index 8b65835d54..2acb596261 100644 --- a/http/cves/2018/CVE-2018-14064.yaml +++ b/http/cves/2018/CVE-2018-14064.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in VelotiSmart Wifi. reference: - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - https://www.exploit-db.com/exploits/45030 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-14064 cwe-id: CWE-22 epss-score: 0.28372 - cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:* epss-percentile: 0.96243 + cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:* metadata: max-request: 1 vendor: velotismart_project diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml index 26f9b3ef3a..63e99199dd 100644 --- a/http/cves/2018/CVE-2018-14474.yaml +++ b/http/cves/2018/CVE-2018-14474.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a patched version of Orange Forum or apply the necessary security patches to fix the open redirect vulnerability. reference: - https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa - https://seclists.org/fulldisclosure/2019/Jan/32 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-14474 cwe-id: CWE-601 epss-score: 0.00068 - cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:* epss-percentile: 0.28011 + cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: goodoldweb diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml index 381ffabd92..704253a006 100644 --- a/http/cves/2018/CVE-2018-14574.yaml +++ b/http/cves/2018/CVE-2018-14574.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to the latest version of Django or apply the relevant patch provided by the Django project. reference: - https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ - https://usn.ubuntu.com/3726-1/ @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-14574 cwe-id: CWE-601 epss-score: 0.01218 - cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* epss-percentile: 0.83586 + cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: djangoproject diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml index b773921bb5..18e6612bb3 100644 --- a/http/cves/2018/CVE-2018-14728.yaml +++ b/http/cves/2018/CVE-2018-14728.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. + remediation: | + Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability. reference: - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html - https://www.exploit-db.com/exploits/45103/ @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-14728 cwe-id: CWE-918 epss-score: 0.96926 - cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* epss-percentile: 0.99601 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: tecrail diff --git a/http/cves/2018/CVE-2018-14912.yaml b/http/cves/2018/CVE-2018-14912.yaml index 8e756dbc09..4f0d006d13 100644 --- a/http/cves/2018/CVE-2018-14912.yaml +++ b/http/cves/2018/CVE-2018-14912.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. + remediation: | + Upgrade cgit to version 1.2.1 or later to mitigate the vulnerability. reference: - https://cxsecurity.com/issue/WLB-2018080034 - https://nvd.nist.gov/vuln/detail/CVE-2018-14912 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-14912 cwe-id: CWE-22 epss-score: 0.97246 - cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:* epss-percentile: 0.99761 + cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cgit_project diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml index 38c34817a5..e759bdd5eb 100644 --- a/http/cves/2018/CVE-2018-14916.yaml +++ b/http/cves/2018/CVE-2018-14916.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. + remediation: | + Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14916 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-14916 cwe-id: CWE-732 epss-score: 0.00483 - cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.72875 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: loytec diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml index aba7875ad8..9d564a9950 100644 --- a/http/cves/2018/CVE-2018-14918.yaml +++ b/http/cves/2018/CVE-2018-14918.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. + remediation: | + Apply the latest firmware update provided by LOYTEC to fix the LFI vulnerability. reference: - https://seclists.org/fulldisclosure/2019/Apr/12 - http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-14918 cwe-id: CWE-22 epss-score: 0.4378 - cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.96878 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"LGATE-902" verified: true + max-request: 1 vendor: loytec product: lgate-902_firmware + shodan-query: http.html:"LGATE-902" tags: loytec,lfi,seclists,packetstorm,cve,cve2018,lgate http: diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml index 2808fb78ec..ef5ed3aff6 100644 --- a/http/cves/2018/CVE-2018-14931.yaml +++ b/http/cves/2018/CVE-2018-14931.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI. + remediation: | + Apply the latest security patches or updates provided by Polarisft to fix the open redirect vulnerability. reference: - https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14931 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-14931 cwe-id: CWE-601 epss-score: 0.00118 - cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: polarisft diff --git a/http/cves/2018/CVE-2018-15138.yaml b/http/cves/2018/CVE-2018-15138.yaml index cf9de2c15d..cda46e7922 100644 --- a/http/cves/2018/CVE-2018-15138.yaml +++ b/http/cves/2018/CVE-2018-15138.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://cxsecurity.com/issue/WLB-2018080070 - https://www.exploit-db.com/exploits/45167/ @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-15138 cwe-id: CWE-22 epss-score: 0.34955 - cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:* epss-percentile: 0.96565 + cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:* metadata: max-request: 2 vendor: ericssonlg diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml index 408ab6690b..6adc88d65d 100644 --- a/http/cves/2018/CVE-2018-15517.yaml +++ b/http/cves/2018/CVE-2018-15517.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser. + remediation: | + Apply the latest security patches or updates provided by D-Link to fix the SSRF vulnerability in Central WifiManager. reference: - http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15517 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-15517 cwe-id: CWE-918 epss-score: 0.01414 - cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:* epss-percentile: 0.84824 + cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml index 2264a27770..8092a8a652 100644 --- a/http/cves/2018/CVE-2018-15535.yaml +++ b/http/cves/2018/CVE-2018-15535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion. + remediation: | + Upgrade to Responsive FileManager version 9.13.4 or later to fix the vulnerability. reference: - https://www.exploit-db.com/exploits/45271 - https://nvd.nist.gov/vuln/detail/CVE-2018-15535 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-15535 cwe-id: CWE-22 epss-score: 0.97149 - cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:* epss-percentile: 0.99695 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: tecrail diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml index b39ec0cb38..b738c9d90d 100644 --- a/http/cves/2018/CVE-2018-15745.yaml +++ b/http/cves/2018/CVE-2018-15745.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. + remediation: | + Upgrade to a patched version of Argus Surveillance DVR. reference: - http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt - http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-15745 cwe-id: CWE-22 epss-score: 0.9654 - cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:* epss-percentile: 0.99425 + cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: argussurveillance diff --git a/http/cves/2018/CVE-2018-15917.yaml b/http/cves/2018/CVE-2018-15917.yaml index 0cee8304d1..92e6aeeef7 100644 --- a/http/cves/2018/CVE-2018-15917.yaml +++ b/http/cves/2018/CVE-2018-15917.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45338 - https://nvd.nist.gov/vuln/detail/CVE-2018-15917 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-15917 cwe-id: CWE-79 metadata: - max-request: 2 verified: true + max-request: 2 shodan-query: title:"Login - Jorani" tags: cve,cve2018,jorani,xss @@ -25,12 +27,12 @@ http: - | GET /session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login=&CipheredValue= HTTP/1.1 Host: {{Hostname}} - - | GET /session/login HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml index 13eae1f356..b82515d5bc 100644 --- a/http/cves/2018/CVE-2018-15961.yaml +++ b/http/cves/2018/CVE-2018-15961.yaml @@ -5,6 +5,8 @@ info: author: SkyLark-Lab,ImNightmaree severity: critical description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. + remediation: | + Apply the necessary security patches or updates provided by Adobe to fix this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-15961 - https://github.com/xbufu/CVE-2018-15961 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-15961 cwe-id: CWE-434 epss-score: 0.97453 - cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* epss-percentile: 0.99925 + cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* metadata: max-request: 2 - shodan-query: http.component:"Adobe ColdFusion" vendor: adobe product: coldfusion + shodan-query: http.component:"Adobe ColdFusion" tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive http: diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml index bf947f6d07..c6f6b581f8 100644 --- a/http/cves/2018/CVE-2018-16059.yaml +++ b/http/cves/2018/CVE-2018-16059.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in WirelessHART Fieldgate SWG70 3.0. reference: - https://www.exploit-db.com/exploits/45342 - https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-16059 cwe-id: CWE-22 epss-score: 0.60231 - cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:* epss-percentile: 0.97328 + cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:* metadata: max-request: 1 vendor: endress diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml index 8cc1f06d94..ed4212df54 100644 --- a/http/cves/2018/CVE-2018-16133.yaml +++ b/http/cves/2018/CVE-2018-16133.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3. reference: - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html - http://www.cybrotech.com/ @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16133 cwe-id: CWE-22 epss-score: 0.11636 - cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:* epss-percentile: 0.94538 + cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cybrotech diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml index 593552d8be..1dafd59203 100644 --- a/http/cves/2018/CVE-2018-16139.yaml +++ b/http/cves/2018/CVE-2018-16139.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. + remediation: | + Apply the latest patch or upgrade to a newer version of BIBLIOsoft BIBLIOpac 2008 that addresses the XSS vulnerability. reference: - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html - https://nvd.nist.gov/vuln/detail/CVE-2018-16139 @@ -15,14 +17,14 @@ info: cve-id: CVE-2018-16139 cwe-id: CWE-79 epss-score: 0.00135 - cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:* epss-percentile: 0.47998 + cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: title:"Bibliopac" verified: true + max-request: 1 vendor: bibliosoft product: bibliopac + shodan-query: title:"Bibliopac" tags: cve,cve2018,xss,bibliopac,bibliosoft http: diff --git a/http/cves/2018/CVE-2018-16159.yaml b/http/cves/2018/CVE-2018-16159.yaml index e338ebb0d4..0d300d243b 100644 --- a/http/cves/2018/CVE-2018-16159.yaml +++ b/http/cves/2018/CVE-2018-16159.yaml @@ -6,27 +6,27 @@ info: severity: critical description: | WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: Fixed in version 4.1.8. reference: - https://wpscan.com/vulnerability/9117 - https://wordpress.org/plugins/gift-voucher/ - https://www.exploit-db.com/exploits/45255/ - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 - https://wpvulndb.com/vulnerabilities/9117 - remediation: Fixed in version 4.1.8. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16159 cwe-id: CWE-89 epss-score: 0.01247 - cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* epss-percentile: 0.83832 + cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true - framework: wordpress + max-request: 1 vendor: codemenschen product: gift_vouchers + framework: wordpress tags: sqli,wordpress,unauth,wp,gift-voucher,cve2018,edb,wpscan,cve,wp-plugin http: diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml index 006537a22d..ec49c9528f 100644 --- a/http/cves/2018/CVE-2018-16167.yaml +++ b/http/cves/2018/CVE-2018-16167.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. + remediation: | + Upgrade LogonTracer to a version higher than 1.2.0. reference: - https://www.exploit-db.com/exploits/49918 - https://nvd.nist.gov/vuln/detail/CVE-2018-16167 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16167 cwe-id: CWE-78 epss-score: 0.13203 - cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:* epss-percentile: 0.94828 + cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: jpcert diff --git a/http/cves/2018/CVE-2018-16283.yaml b/http/cves/2018/CVE-2018-16283.yaml index bea41a06ad..ac971d06a4 100644 --- a/http/cves/2018/CVE-2018-16283.yaml +++ b/http/cves/2018/CVE-2018-16283.yaml @@ -5,6 +5,8 @@ info: author: 0x240x23elu severity: critical description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter. + remediation: | + Update to the latest version of the WordPress Plugin Wechat Broadcast or apply the patch provided by the vendor to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/45438 - https://nvd.nist.gov/vuln/detail/CVE-2018-16283 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-16283 cwe-id: CWE-22 epss-score: 0.2134 - cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:* epss-percentile: 0.95789 + cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: wechat_brodcast_project product: wechat_brodcast + framework: wordpress tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi http: diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml index f1ca9f4208..536beb3d25 100644 --- a/http/cves/2018/CVE-2018-16288.yaml +++ b/http/cves/2018/CVE-2018-16288.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion. + remediation: | + Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS. reference: - https://www.exploit-db.com/exploits/45440 - http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16288 cwe-id: CWE-200 epss-score: 0.2541 - cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:* epss-percentile: 0.96066 + cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:* metadata: max-request: 1 vendor: lg diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml index 39abf3bcdd..23ed6e3846 100644 --- a/http/cves/2018/CVE-2018-16299.yaml +++ b/http/cves/2018/CVE-2018-16299.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. + remediation: | + Update to the latest version of WordPress Localize My Post plugin. reference: - https://www.exploit-db.com/exploits/45439 - https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-16299 cwe-id: CWE-22 epss-score: 0.08709 - cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:* epss-percentile: 0.93696 + cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: localize_my_post_project product: localize_my_post + framework: wordpress tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018 http: diff --git a/http/cves/2018/CVE-2018-16341.yaml b/http/cves/2018/CVE-2018-16341.yaml index cb895ebc67..b6b3cbd0b0 100644 --- a/http/cves/2018/CVE-2018-16341.yaml +++ b/http/cves/2018/CVE-2018-16341.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. + remediation: | + Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-16299 classification: diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml index 311fe57c58..d198453e33 100644 --- a/http/cves/2018/CVE-2018-16668.yaml +++ b/http/cves/2018/CVE-2018-16668.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16668 cwe-id: CWE-287 epss-score: 0.00352 - cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* epss-percentile: 0.68356 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: circontrol diff --git a/http/cves/2018/CVE-2018-16670.yaml b/http/cves/2018/CVE-2018-16670.yaml index 726a725672..620f76c662 100644 --- a/http/cves/2018/CVE-2018-16670.yaml +++ b/http/cves/2018/CVE-2018-16670.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16670 cwe-id: CWE-287 epss-score: 0.00187 - cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* epss-percentile: 0.55422 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: circontrol diff --git a/http/cves/2018/CVE-2018-16671.yaml b/http/cves/2018/CVE-2018-16671.yaml index 7f6d286344..5c9a696164 100644 --- a/http/cves/2018/CVE-2018-16671.yaml +++ b/http/cves/2018/CVE-2018-16671.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-16671 cwe-id: CWE-200 epss-score: 0.00357 - cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* epss-percentile: 0.68577 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: "circontrol" diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml index 03009b40be..c8e93a6aa6 100644 --- a/http/cves/2018/CVE-2018-16716.yaml +++ b/http/cves/2018/CVE-2018-16716.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. + remediation: | + Apply the latest patch or update from the vendor to fix the directory traversal vulnerability in the NCBI ToolBox. reference: - https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md - https://nvd.nist.gov/vuln/detail/CVE-2018-16716 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-16716 cwe-id: CWE-22 epss-score: 0.00803 - cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:* epss-percentile: 0.7951 + cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: nih diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml index 08afc87ccb..4cb92526c4 100644 --- a/http/cves/2018/CVE-2018-16761.yaml +++ b/http/cves/2018/CVE-2018-16761.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to Eventum version 3.4.0 or later to fix the open redirect vulnerability. reference: - https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/ - https://github.com/eventum/eventum/releases/tag/v3.4.0 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16761 cwe-id: CWE-601 epss-score: 0.00068 - cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:* epss-percentile: 0.28011 + cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: eventum_project diff --git a/http/cves/2018/CVE-2018-16763.yaml b/http/cves/2018/CVE-2018-16763.yaml index 8cb73dab0d..d275a79199 100644 --- a/http/cves/2018/CVE-2018-16763.yaml +++ b/http/cves/2018/CVE-2018-16763.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. + remediation: | + Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability. reference: - https://www.exploit-db.com/exploits/47138 - https://www.getfuelcms.com/ @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-16763 cwe-id: CWE-74 epss-score: 0.79948 - cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:* epss-percentile: 0.97878 + cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: thedaylightstudio diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml index 9b766218b6..d0c62d77eb 100644 --- a/http/cves/2018/CVE-2018-16836.yaml +++ b/http/cves/2018/CVE-2018-16836.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. + remediation: | + Upgrade to a patched version of Rubedo CMS (>=3.4.1) or apply the provided security patch. reference: - https://www.exploit-db.com/exploits/45385 - https://nvd.nist.gov/vuln/detail/CVE-2018-16836 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-16836 cwe-id: CWE-22 epss-score: 0.34263 - cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* epss-percentile: 0.96533 + cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubedo_project diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml index e14105ec94..e1101ed28a 100644 --- a/http/cves/2018/CVE-2018-16979.yaml +++ b/http/cves/2018/CVE-2018-16979.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943. + remediation: | + Upgrade Monstra CMS to version 3.0.5 or later to mitigate the HTTP Header Injection vulnerability. reference: - https://github.com/howchen/howchen/issues/4 - https://nvd.nist.gov/vuln/detail/CVE-2018-16979 @@ -15,11 +17,11 @@ info: cve-id: CVE-2018-16979 cwe-id: CWE-113 epss-score: 0.00118 - cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 vendor: monstra product: monstra tags: cve,cve2018,crlf,mostra,mostracms,cms diff --git a/http/cves/2018/CVE-2018-17153.yaml b/http/cves/2018/CVE-2018-17153.yaml index d67bbee289..59ca6b8d56 100644 --- a/http/cves/2018/CVE-2018-17153.yaml +++ b/http/cves/2018/CVE-2018-17153.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. + remediation: | + Apply the latest firmware update provided by Western Digital to fix the authentication bypass vulnerability. reference: - https://web.archive.org/web/20170315123948/https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/ - https://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html @@ -19,11 +21,11 @@ info: epss-score: 0.01264 cpe: cpe:2.3:o:western_digital:my_cloud_wdbctl0020hwt_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - shodan-query: http.favicon.hash:-1074357885 + max-request: 1 vendor: western_digital product: my_cloud_wdbctl0020hwt_firmware + shodan-query: http.favicon.hash:-1074357885 tags: cve,cve2018,auth-bypass,rce,wdcloud http: diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml index a026665bb4..31aee92b5e 100644 --- a/http/cves/2018/CVE-2018-17246.yaml +++ b/http/cves/2018/CVE-2018-17246.yaml @@ -5,6 +5,8 @@ info: author: princechaddha,thelicato severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. + remediation: | + Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md - https://www.elastic.co/community/security @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-17246 cwe-id: CWE-829,CWE-73 epss-score: 0.96913 - cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* epss-percentile: 0.99595 + cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: elastic diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml index e4d56b7cdf..c042fc16a0 100644 --- a/http/cves/2018/CVE-2018-17254.yaml +++ b/http/cves/2018/CVE-2018-17254.yaml @@ -5,23 +5,23 @@ info: author: Suman_Kar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. + remediation: Update or remove the affected plugin. reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - https://www.exploit-db.com/exploits/45423/ - remediation: Update or remove the affected plugin. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17254 cwe-id: CWE-89 epss-score: 0.81793 - cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:* epss-percentile: 0.97937 + cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:* metadata: max-request: 1 - framework: joomla\! vendor: arkextensions product: jck_editor + framework: joomla\! tags: cve,cve2018,packetstorm,edb,joomla,sqli variables: num: "999999999" diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml index 579f4b56dd..a8119475c3 100644 --- a/http/cves/2018/CVE-2018-17422.yaml +++ b/http/cves/2018/CVE-2018-17422.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a version of DotCMS that is higher than 5.0.2 to mitigate the open redirect vulnerability. reference: - https://github.com/dotCMS/core/issues/15286 - https://nvd.nist.gov/vuln/detail/CVE-2018-17422 @@ -15,14 +17,14 @@ info: cve-id: CVE-2018-17422 cwe-id: CWE-601 epss-score: 0.00118 - cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true - shodan-query: http.title:"dotCMS" + max-request: 2 vendor: dotcms product: dotcms + shodan-query: http.title:"dotCMS" tags: cve,cve2018,redirect,dotcms http: diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index d2a60224a0..fc0f098193 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability. + remediation: | + Apply the latest security patches or updates provided by Comodo to fix this vulnerability. reference: - https://www.exploit-db.com/exploits/48825 - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-17431 cwe-id: CWE-287 epss-score: 0.10458 - cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* epss-percentile: 0.94254 + cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: comodo diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml index 9bdb4e8caf..170c430715 100644 --- a/http/cves/2018/CVE-2018-18069.yaml +++ b/http/cves/2018/CVE-2018-18069.yaml @@ -5,6 +5,8 @@ info: author: nadino severity: medium description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. + remediation: | + Update WordPress sitepress-multilingual-cms to the latest version to mitigate the XSS vulnerability. reference: - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/ - https://nvd.nist.gov/vuln/detail/CVE-2018-18069 @@ -14,13 +16,13 @@ info: cve-id: CVE-2018-18069 cwe-id: CWE-79 epss-score: 0.00106 - cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:* epss-percentile: 0.42502 + cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: wpml product: wpml + framework: wordpress tags: cve,cve2018,wordpress,xss,plugin http: diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml index 81a0dc8fe8..28f69ae336 100644 --- a/http/cves/2018/CVE-2018-18264.yaml +++ b/http/cves/2018/CVE-2018-18264.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. + remediation: | + Upgrade to Kubernetes Dashboard version 1.10.1 or later to mitigate the authentication bypass vulnerability. reference: - https://github.com/kubernetes/dashboard/pull/3289 - https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/ @@ -18,13 +20,13 @@ info: cve-id: CVE-2018-18264 cwe-id: CWE-306 epss-score: 0.97405 - cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:* epss-percentile: 0.99881 + cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:* metadata: max-request: 2 - shodan-query: product:"Kubernetes" vendor: kubernetes product: dashboard + shodan-query: product:"Kubernetes" tags: cve,cve2018,kubernetes,k8s,auth-bypass http: diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml index 2ae82495e1..b5765e9727 100644 --- a/http/cves/2018/CVE-2018-18323.yaml +++ b/http/cves/2018/CVE-2018-18323.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. + remediation: | + Upgrade to a patched version of Centos Web Panel. reference: - https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html - http://centos-webpanel.com/ @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-18323 cwe-id: CWE-22 epss-score: 0.97376 - cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:* epss-percentile: 0.99858 + cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:* metadata: max-request: 1 vendor: control-webpanel diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml index ce5e52cc12..09f8ccea5c 100644 --- a/http/cves/2018/CVE-2018-18570.yaml +++ b/http/cves/2018/CVE-2018-18570.yaml @@ -5,6 +5,8 @@ info: author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. + remediation: | + Apply the latest patch or upgrade to a non-vulnerable version of Planon Live Build. reference: - https://www2.deloitte.com/de/de/pages/risk/articles/planon-cross-site-scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2018-18570 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-18570 cwe-id: CWE-79 epss-score: 0.00098 - cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:* epss-percentile: 0.40032 + cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: planonsoftware diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml index 2ab7dc5aca..cfa7a538cc 100644 --- a/http/cves/2018/CVE-2018-18608.yaml +++ b/http/cves/2018/CVE-2018-18608.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. + remediation: | + Upgrade to the latest version of DedeCMS or apply the official patch provided by the vendor to fix the XSS vulnerability. reference: - https://github.com/ky-j/dedecms/issues/8 - https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-18608 cwe-id: CWE-79 epss-score: 0.00177 - cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:* epss-percentile: 0.54186 + cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"DedeCms" verified: true + max-request: 1 vendor: dedecms product: dedecms + shodan-query: http.html:"DedeCms" tags: dedecms,xss,cve,cve2018 http: diff --git a/http/cves/2018/CVE-2018-18775.yaml b/http/cves/2018/CVE-2018-18775.yaml index 5092f3c21c..a142d295d1 100644 --- a/http/cves/2018/CVE-2018-18775.yaml +++ b/http/cves/2018/CVE-2018-18775.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. + remediation: | + Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application. reference: - https://www.exploit-db.com/exploits/45755 - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-18775 cwe-id: CWE-79 epss-score: 0.00235 - cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* epss-percentile: 0.60867 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: microstrategy diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml index 7c8b046296..74da5445c3 100644 --- a/http/cves/2018/CVE-2018-18777.yaml +++ b/http/cves/2018/CVE-2018-18777.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. + remediation: | + Apply the latest security patches or upgrade to a newer version of Microstrategy Web. reference: - https://www.exploit-db.com/exploits/45755 - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-18777 cwe-id: CWE-22 epss-score: 0.00238 - cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* epss-percentile: 0.61201 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: microstrategy diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml index 1faa2acf10..06e4aba825 100644 --- a/http/cves/2018/CVE-2018-18778.yaml +++ b/http/cves/2018/CVE-2018-18778.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion. + remediation: | + Upgrade ACME mini_httpd to version 1.30 or later to mitigate this vulnerability. reference: - https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/ - http://www.acme.com/software/mini_httpd/ @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-18778 cwe-id: CWE-200 epss-score: 0.95125 - cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:* epss-percentile: 0.99024 + cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: acme diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml index e28b1ed11d..9a51288ed7 100644 --- a/http/cves/2018/CVE-2018-18809.yaml +++ b/http/cves/2018/CVE-2018-18809.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. + remediation: | + Apply the latest security patches or upgrade to a patched version of TIBCO JasperReports Library. reference: - https://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html - https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html @@ -18,14 +20,14 @@ info: cve-id: CVE-2018-18809 cwe-id: CWE-22 epss-score: 0.46465 - cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:* epss-percentile: 0.96953 + cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:* metadata: - max-request: 1 verified: true - shodan-query: html:"jasperserver-pro" + max-request: 1 vendor: tibco product: jasperreports_library + shodan-query: html:"jasperserver-pro" tags: packetstorm,cve,cve2018,lfi,kev,jasperserver,jasperreport http: diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml index 3abc796b1f..dd331fb52b 100644 --- a/http/cves/2018/CVE-2018-18925.yaml +++ b/http/cves/2018/CVE-2018-18925.yaml @@ -5,20 +5,20 @@ info: author: princechaddha severity: critical description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. + remediation: This issue will be fixed by updating to the latest version of Gogs. reference: - https://www.anquanke.com/post/id/163575 - https://github.com/vulhub/vulhub/tree/master/gogs/CVE-2018-18925 - https://nvd.nist.gov/vuln/detail/cve-2018-18925 - https://github.com/gogs/gogs/issues/5469 - remediation: This issue will be fixed by updating to the latest version of Gogs. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-18925 cwe-id: CWE-384 epss-score: 0.13227 - cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* epss-percentile: 0.94833 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: gogs diff --git a/http/cves/2018/CVE-2018-19136.yaml b/http/cves/2018/CVE-2018-19136.yaml index 481d106409..1ad9c457c0 100644 --- a/http/cves/2018/CVE-2018-19136.yaml +++ b/http/cves/2018/CVE-2018-19136.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45883/ - https://github.com/domainmod/domainmod/issues/79 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19136 cwe-id: CWE-79 epss-score: 0.00247 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.61938 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 vendor: domainmod product: domainmod tags: edb,cve,cve2018,domainmod,xss,authenticated diff --git a/http/cves/2018/CVE-2018-19137.yaml b/http/cves/2018/CVE-2018-19137.yaml index 16b75b6070..444d0d5ac8 100644 --- a/http/cves/2018/CVE-2018-19137.yaml +++ b/http/cves/2018/CVE-2018-19137.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/79 - https://nvd.nist.gov/vuln/detail/CVE-2018-19137 @@ -15,11 +17,11 @@ info: cve-id: CVE-2018-19137 cwe-id: CWE-79 epss-score: 0.0008 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.33312 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 vendor: domainmod product: domainmod tags: cve,cve2018,domainmod,xss,authenticated diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml index b037766cbc..a00f827d5f 100644 --- a/http/cves/2018/CVE-2018-19287.yaml +++ b/http/cves/2018/CVE-2018-19287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of the Ninja Forms plugin (3.3.18 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/fb036dc2-0ee8-4a3e-afac-f52050b3f8c7 - https://wordpress.org/plugins/ninja-forms/ @@ -18,14 +20,14 @@ info: cve-id: CVE-2018-19287 cwe-id: CWE-79 epss-score: 0.82305 - cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:* epss-percentile: 0.97953 + cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true - framework: wordpress + max-request: 2 vendor: ninjaforma product: ninja_forms + framework: wordpress tags: wp-plugin,wp,xss,authenticated,wpscan,edb,cve,cve2018,ninja-forms,wordpress http: diff --git a/http/cves/2018/CVE-2018-19326.yaml b/http/cves/2018/CVE-2018-19326.yaml index a691be7d32..b5596e6a16 100644 --- a/http/cves/2018/CVE-2018-19326.yaml +++ b/http/cves/2018/CVE-2018-19326.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences (/../), conduct directory traversal attacks, and view arbitrary files. + remediation: | + Apply the latest firmware update provided by Zyxel to fix the Local File Inclusion vulnerability. reference: - https://www.exploit-db.com/exploits/45904 - https://www.cybersecurity-help.cz/vdb/SB2018120309 @@ -18,14 +20,14 @@ info: cve-id: CVE-2018-19326 cwe-id: CWE-22 epss-score: 0.01394 - cpe: cpe:2.3:o:zyxel:vmg1312-b10d_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.84719 + cpe: cpe:2.3:o:zyxel:vmg1312-b10d_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - shodan-query: http.html:"VMG1312-B10D" + max-request: 1 vendor: zyxel product: vmg1312-b10d_firmware + shodan-query: http.html:"VMG1312-B10D" tags: lfi,modem,router,edb,cve,cve2018,zyxel http: diff --git a/http/cves/2018/CVE-2018-19365.yaml b/http/cves/2018/CVE-2018-19365.yaml index 77029f05d6..3bc4c1bd4b 100644 --- a/http/cves/2018/CVE-2018-19365.yaml +++ b/http/cves/2018/CVE-2018-19365.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. + remediation: | + Upgrade to the latest version of Wowza Streaming Engine Manager or apply the necessary patches to fix the directory traversal vulnerability. reference: - https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html - https://nvd.nist.gov/vuln/detail/CVE-2018-19365 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-19365 cwe-id: CWE-22 epss-score: 0.01616 - cpe: cpe:2.3:a:wowza:streaming_engine:4.7.4.0.1:*:*:*:*:*:*:* epss-percentile: 0.85867 + cpe: cpe:2.3:a:wowza:streaming_engine:4.7.4.0.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: wowza diff --git a/http/cves/2018/CVE-2018-19386.yaml b/http/cves/2018/CVE-2018-19386.yaml index a4ed2c013c..c8cf32bdcc 100644 --- a/http/cves/2018/CVE-2018-19386.yaml +++ b/http/cves/2018/CVE-2018-19386.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. + remediation: | + Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer. reference: - https://i.imgur.com/Y7t2AD6.png - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-19386 cwe-id: CWE-79 epss-score: 0.00205 - cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:* epss-percentile: 0.57738 + cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:* metadata: max-request: 1 vendor: solarwinds diff --git a/http/cves/2018/CVE-2018-19439.yaml b/http/cves/2018/CVE-2018-19439.yaml index 47dad8fe4e..0b22244cc8 100644 --- a/http/cves/2018/CVE-2018-19439.yaml +++ b/http/cves/2018/CVE-2018-19439.yaml @@ -5,19 +5,19 @@ info: author: madrobot,dwisiswant0 severity: medium description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. + remediation: Fixed in later versions including 5.4. reference: - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2018-19439 - http://seclists.org/fulldisclosure/2018/Nov/58 - remediation: Fixed in later versions including 5.4. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-19439 cwe-id: CWE-79 epss-score: 0.01135 - cpe: cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:* epss-percentile: 0.82901 + cpe: cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oracle diff --git a/http/cves/2018/CVE-2018-19458.yaml b/http/cves/2018/CVE-2018-19458.yaml index 96de053589..5740248ca0 100644 --- a/http/cves/2018/CVE-2018-19458.yaml +++ b/http/cves/2018/CVE-2018-19458.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246). + remediation: | + Upgrade PHP Proxy to a version that is not affected by the vulnerability (3.0.4 or later) or apply the necessary patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/45780 - https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-19458 cwe-id: CWE-287 epss-score: 0.10992 - cpe: cpe:2.3:a:php-proxy:php-proxy:3.0.3:*:*:*:*:*:*:* epss-percentile: 0.9438 + cpe: cpe:2.3:a:php-proxy:php-proxy:3.0.3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: php-proxy diff --git a/http/cves/2018/CVE-2018-19749.yaml b/http/cves/2018/CVE-2018-19749.yaml index 46f662e2b5..2e976b03d9 100644 --- a/http/cves/2018/CVE-2018-19749.yaml +++ b/http/cves/2018/CVE-2018-19749.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/81 - https://www.exploit-db.com/exploits/45941/ @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19749 cwe-id: CWE-79 epss-score: 0.00156 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.51378 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve,cve2018,domainmod,xss,authenticated,edb diff --git a/http/cves/2018/CVE-2018-19751.yaml b/http/cves/2018/CVE-2018-19751.yaml index 003fc667d2..660a41d241 100644 --- a/http/cves/2018/CVE-2018-19751.yaml +++ b/http/cves/2018/CVE-2018-19751.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45947/ - https://github.com/domainmod/domainmod/issues/83 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19751 cwe-id: CWE-79 epss-score: 0.00156 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.51378 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve,cve2018,domainmod,xss,authenticated,edb diff --git a/http/cves/2018/CVE-2018-19752.yaml b/http/cves/2018/CVE-2018-19752.yaml index 3602e63bc4..23683ce194 100644 --- a/http/cves/2018/CVE-2018-19752.yaml +++ b/http/cves/2018/CVE-2018-19752.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/84 - https://www.exploit-db.com/exploits/45949/ @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19752 cwe-id: CWE-79 epss-score: 0.00156 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.51378 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve,cve2018,domainmod,xss,authenticated,edb diff --git a/http/cves/2018/CVE-2018-19753.yaml b/http/cves/2018/CVE-2018-19753.yaml index 2c7dd006e7..d2613321b6 100644 --- a/http/cves/2018/CVE-2018-19753.yaml +++ b/http/cves/2018/CVE-2018-19753.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion. + remediation: | + Upgrade Tarantella Enterprise to version 3.11 or higher to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2018-19753 @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-19753 cwe-id: CWE-22 epss-score: 0.01061 - cpe: cpe:2.3:a:oracle:tarantella_enterprise:*:*:*:*:*:*:*:* epss-percentile: 0.82317 + cpe: cpe:2.3:a:oracle:tarantella_enterprise:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oracle diff --git a/http/cves/2018/CVE-2018-19877.yaml b/http/cves/2018/CVE-2018-19877.yaml index 343dac18b6..1288f9a019 100644 --- a/http/cves/2018/CVE-2018-19877.yaml +++ b/http/cves/2018/CVE-2018-19877.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. + remediation: | + Upgrade Adiscon LogAnalyzer to version 4.1.7 or later to mitigate this vulnerability. reference: - https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/ - https://www.exploit-db.com/exploits/45958/ @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19877 cwe-id: CWE-79 epss-score: 0.00268 - cpe: cpe:2.3:a:adiscon:loganalyzer:*:*:*:*:*:*:*:* epss-percentile: 0.63562 + cpe: cpe:2.3:a:adiscon:loganalyzer:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 vendor: adiscon product: loganalyzer tags: adiscon,xss,edb,cve,cve2018 diff --git a/http/cves/2018/CVE-2018-19892.yaml b/http/cves/2018/CVE-2018-19892.yaml index 700f972790..2a0220487a 100644 --- a/http/cves/2018/CVE-2018-19892.yaml +++ b/http/cves/2018/CVE-2018-19892.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45959 - https://github.com/domainmod/domainmod/issues/85 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19892 cwe-id: CWE-79 epss-score: 0.00101 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.40768 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve2018,domainmod,xss,authenticated,edb,cve diff --git a/http/cves/2018/CVE-2018-19914.yaml b/http/cves/2018/CVE-2018-19914.yaml index 7141536c04..0a2ea63978 100644 --- a/http/cves/2018/CVE-2018-19914.yaml +++ b/http/cves/2018/CVE-2018-19914.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. + remediation: | + Upgrade to the latest version of DomainMOD or apply the necessary patches to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/46375/ - https://github.com/domainmod/domainmod/issues/87 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19914 cwe-id: CWE-79 epss-score: 0.0025 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.6216 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: cve2018,domainmod,xss,authenticated,edb,cve diff --git a/http/cves/2018/CVE-2018-19915.yaml b/http/cves/2018/CVE-2018-19915.yaml index 224db35096..23c58dc254 100644 --- a/http/cves/2018/CVE-2018-19915.yaml +++ b/http/cves/2018/CVE-2018-19915.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field. + remediation: | + Upgrade to the latest version of DomainMOD (>=4.11.02) to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/87 - https://www.exploit-db.com/exploits/46376/ @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-19915 cwe-id: CWE-79 epss-score: 0.00185 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.55039 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: domainmod,xss,authenticated,edb,cve,cve2018 diff --git a/http/cves/2018/CVE-2018-20009.yaml b/http/cves/2018/CVE-2018-20009.yaml index 1b08bab775..d4f809c7e3 100644 --- a/http/cves/2018/CVE-2018-20009.yaml +++ b/http/cves/2018/CVE-2018-20009.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/88 - https://www.exploit-db.com/exploits/46372/ @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-20009 cwe-id: CWE-79 epss-score: 0.0025 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.6216 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: domainmod,xss,authenticated,edb,cve,cve2018 diff --git a/http/cves/2018/CVE-2018-20010.yaml b/http/cves/2018/CVE-2018-20010.yaml index 955687a22e..3e6c0186dc 100644 --- a/http/cves/2018/CVE-2018-20010.yaml +++ b/http/cves/2018/CVE-2018-20010.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/46373/ - https://github.com/domainmod/domainmod/issues/88 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-20010 cwe-id: CWE-79 epss-score: 0.0025 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.6216 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: domainmod,xss,authenticated,edb,cve,cve2018 diff --git a/http/cves/2018/CVE-2018-20011.yaml b/http/cves/2018/CVE-2018-20011.yaml index b33446edf1..96fc7edf6a 100644 --- a/http/cves/2018/CVE-2018-20011.yaml +++ b/http/cves/2018/CVE-2018-20011.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/46374/ - https://github.com/domainmod/domainmod/issues/88 @@ -16,11 +18,11 @@ info: cve-id: CVE-2018-20011 cwe-id: CWE-79 epss-score: 0.0025 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-percentile: 0.6216 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 vendor: domainmod product: domainmod tags: domainmod,xss,authenticated,edb,cve,cve1028 diff --git a/http/cves/2018/CVE-2018-20462.yaml b/http/cves/2018/CVE-2018-20462.yaml index b891e9d4f5..3553bcee82 100644 --- a/http/cves/2018/CVE-2018-20462.yaml +++ b/http/cves/2018/CVE-2018-20462.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. + remediation: | + Update to the latest version of the WordPress JSmol2WP plugin (1.08 or higher) to mitigate this vulnerability. reference: - https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt - https://wpvulndb.com/vulnerabilities/9196 @@ -16,13 +18,13 @@ info: cve-id: CVE-2018-20462 cwe-id: CWE-79 epss-score: 0.00245 - cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* epss-percentile: 0.61735 + cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: jsmol2wp_project product: jsmol2wp + framework: wordpress tags: cve,cve2018,wordpress,xss,wp-plugin http: diff --git a/http/cves/2018/CVE-2018-20463.yaml b/http/cves/2018/CVE-2018-20463.yaml index e9f990df95..c8cb6a933e 100644 --- a/http/cves/2018/CVE-2018-20463.yaml +++ b/http/cves/2018/CVE-2018-20463.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery. + remediation: | + Update to the latest version of the JSmol2WP plugin (>=1.08) or remove the plugin if it is not necessary. reference: - https://wpscan.com/vulnerability/9197 - https://wordpress.org/plugins/jsmol2wp/ @@ -17,14 +19,14 @@ info: cve-id: CVE-2018-20463 cwe-id: CWE-22 epss-score: 0.02026 - cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* epss-percentile: 0.87475 + cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true - framework: wordpress + max-request: 1 vendor: jsmol2wp_project product: jsmol2wp + framework: wordpress tags: wp,wp-plugin,wordpress,jsmol2wp,wpscan,cve,cve2018,traversal http: diff --git a/http/cves/2018/CVE-2018-20470.yaml b/http/cves/2018/CVE-2018-20470.yaml index 53e4fdff97..4b7b77f79f 100644 --- a/http/cves/2018/CVE-2018-20470.yaml +++ b/http/cves/2018/CVE-2018-20470.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. + remediation: | + Apply the latest security patches or upgrade to a patched version of Tyto Sahi pro. reference: - https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/ - http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-20470 cwe-id: CWE-22 epss-score: 0.61765 - cpe: cpe:2.3:a:sahipro:sahi_pro:*:*:*:*:*:*:*:* epss-percentile: 0.97374 + cpe: cpe:2.3:a:sahipro:sahi_pro:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sahipro diff --git a/http/cves/2018/CVE-2018-20526.yaml b/http/cves/2018/CVE-2018-20526.yaml index c13f35b53d..5f4fcf7284 100644 --- a/http/cves/2018/CVE-2018-20526.yaml +++ b/http/cves/2018/CVE-2018-20526.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + remediation: | + Upgrade to a patched version of Roxy Fileman or apply the necessary security patches to prevent unrestricted file uploads. reference: - http://packetstormsecurity.com/files/151033/Roxy-Fileman-1.4.5-File-Upload-Directory-Traversal.html - https://www.exploit-db.com/exploits/46085/ @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-20526 cwe-id: CWE-434 epss-score: 0.00794 - cpe: cpe:2.3:a:roxyfileman:roxy_fileman:1.4.5:*:*:*:*:*:*:* epss-percentile: 0.7941 + cpe: cpe:2.3:a:roxyfileman:roxy_fileman:1.4.5:*:*:*:*:*:*:* metadata: - max-request: 2 - google-query: intitle:"Roxy file manager" verified: true + max-request: 2 vendor: roxyfileman product: roxy_fileman + google-query: intitle:"Roxy file manager" tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb http: diff --git a/http/cves/2018/CVE-2018-20608.yaml b/http/cves/2018/CVE-2018-20608.yaml index e03c8b0dd5..2b37f2e880 100644 --- a/http/cves/2018/CVE-2018-20608.yaml +++ b/http/cves/2018/CVE-2018-20608.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: high description: Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. + remediation: | + Update Imcat to the latest version or apply the necessary patches to fix the Phpinfo Configuration vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-20608 classification: @@ -13,8 +15,8 @@ info: cve-id: CVE-2018-20608 cwe-id: CWE-200 epss-score: 0.03654 - cpe: cpe:2.3:a:txjia:imcat:4.4:*:*:*:*:*:*:* epss-percentile: 0.90503 + cpe: cpe:2.3:a:txjia:imcat:4.4:*:*:*:*:*:*:* metadata: max-request: 1 vendor: txjia diff --git a/http/cves/2018/CVE-2018-20824.yaml b/http/cves/2018/CVE-2018-20824.yaml index 2f4bc40f9f..112dfd0b74 100644 --- a/http/cves/2018/CVE-2018-20824.yaml +++ b/http/cves/2018/CVE-2018-20824.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0 severity: medium description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. + remediation: | + Upgrade to Atlassian Jira version 7.13.1 or later to mitigate this vulnerability. reference: - https://jira.atlassian.com/browse/JRASERVER-69238 - https://nvd.nist.gov/vuln/detail/CVE-2018-20824 @@ -14,13 +16,13 @@ info: cve-id: CVE-2018-20824 cwe-id: CWE-79 epss-score: 0.00211 - cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* epss-percentile: 0.58311 + cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.component:"Atlassian Jira" vendor: atlassian product: jira + shodan-query: http.component:"Atlassian Jira" tags: cve,cve2018,atlassian,jira,xss http: diff --git a/http/cves/2018/CVE-2018-20985.yaml b/http/cves/2018/CVE-2018-20985.yaml index 257d98c2c6..53df56cad1 100644 --- a/http/cves/2018/CVE-2018-20985.yaml +++ b/http/cves/2018/CVE-2018-20985.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected. + remediation: | + Update to the latest version of WordPress Payeezy Pay plugin. reference: - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/ - https://wordpress.org/plugins/wp-payeezy-pay/#developers @@ -15,13 +17,13 @@ info: cve-id: CVE-2018-20985 cwe-id: CWE-20 epss-score: 0.01113 - cpe: cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:* epss-percentile: 0.82735 + cpe: cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: payeezy product: wp_payeezy_pay + framework: wordpress tags: cve,cve2018,wordpress,lfi,plugin http: diff --git a/http/cves/2018/CVE-2018-2392.yaml b/http/cves/2018/CVE-2018-2392.yaml index 9be966ac35..25239d8627 100644 --- a/http/cves/2018/CVE-2018-2392.yaml +++ b/http/cves/2018/CVE-2018-2392.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart. + remediation: | + Apply the latest security patches and updates provided by SAP to mitigate this vulnerability. Additionally, ensure that the SAP Internet Graphics Server (IGS) is not exposed to untrusted networks or the internet. reference: - https://launchpad.support.sap.com/#/notes/2525222 - https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ @@ -19,8 +21,8 @@ info: cve-id: CVE-2018-2392 cwe-id: CWE-611 epss-score: 0.0032 - cpe: cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:* epss-percentile: 0.66795 + cpe: cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap @@ -94,4 +96,4 @@ http: status: - 200 -# file name - /etc/passwd +# file name - /etc/passwd \ No newline at end of file diff --git a/http/cves/2018/CVE-2018-2791.yaml b/http/cves/2018/CVE-2018-2791.yaml index 4be9569149..b7b9fac828 100644 --- a/http/cves/2018/CVE-2018-2791.yaml +++ b/http/cves/2018/CVE-2018-2791.yaml @@ -5,6 +5,8 @@ info: author: madrobot,leovalcante severity: high description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. + remediation: | + Apply the latest security patches provided by Oracle to address this vulnerability. reference: - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - http://web.archive.org/web/20211206165005/https://securitytracker.com/id/1040695 @@ -16,8 +18,8 @@ info: cvss-score: 8.2 cve-id: CVE-2018-2791 epss-score: 0.03569 - cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* epss-percentile: 0.90407 + cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle diff --git a/http/cves/2018/CVE-2018-2894.yaml b/http/cves/2018/CVE-2018-2894.yaml index a511b9af15..e08a3145a0 100644 --- a/http/cves/2018/CVE-2018-2894.yaml +++ b/http/cves/2018/CVE-2018-2894.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. + remediation: | + Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: - https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/ - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2018-2894 @@ -17,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-2894 epss-score: 0.9734 - cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* epss-percentile: 0.99824 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 3 vendor: oracle diff --git a/http/cves/2018/CVE-2018-3167.yaml b/http/cves/2018/CVE-2018-3167.yaml index 9259eeaac9..155180cdf3 100644 --- a/http/cves/2018/CVE-2018-3167.yaml +++ b/http/cves/2018/CVE-2018-3167.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. + remediation: | + Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - http://web.archive.org/web/20211206102649/https://securitytracker.com/id/1041897 @@ -16,13 +18,13 @@ info: cvss-score: 5.3 cve-id: CVE-2018-3167 epss-score: 0.01454 - cpe: cpe:2.3:a:oracle:application_management_pack:12.1.3:*:*:*:*:e-business_suite:*:* epss-percentile: 0.85018 + cpe: cpe:2.3:a:oracle:application_management_pack:12.1.3:*:*:*:*:e-business_suite:*:* metadata: max-request: 1 - framework: e-business_suite vendor: oracle product: application_management_pack + framework: e-business_suite tags: cve,cve2018,oracle,ebs,ssrf,blind http: diff --git a/http/cves/2018/CVE-2018-3238.yaml b/http/cves/2018/CVE-2018-3238.yaml index fd2f039960..08a4134021 100644 --- a/http/cves/2018/CVE-2018-3238.yaml +++ b/http/cves/2018/CVE-2018-3238.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: medium description: The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. + remediation: | + Apply the latest patches and updates provided by Oracle to mitigate this vulnerability. reference: - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites - https://www.oracle.com/security-alerts/cpuoct2018.html @@ -15,8 +17,8 @@ info: cvss-score: 6.9 cve-id: CVE-2018-3238 epss-score: 0.00332 - cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* epss-percentile: 0.67419 + cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* metadata: max-request: 3 vendor: oracle diff --git a/http/cves/2018/CVE-2018-3714.yaml b/http/cves/2018/CVE-2018-3714.yaml index 292f62f1a6..a3998b8bfb 100644 --- a/http/cves/2018/CVE-2018-3714.yaml +++ b/http/cves/2018/CVE-2018-3714.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the node-srv application. reference: - https://hackerone.com/reports/309124 - https://nvd.nist.gov/vuln/detail/CVE-2018-3714 @@ -14,13 +16,13 @@ info: cve-id: CVE-2018-3714 cwe-id: CWE-22 epss-score: 0.00364 - cpe: cpe:2.3:a:node-srv_project:node-srv:*:*:*:*:*:node.js:*:* epss-percentile: 0.68884 + cpe: cpe:2.3:a:node-srv_project:node-srv:*:*:*:*:*:node.js:*:* metadata: max-request: 1 - framework: node.js vendor: node-srv_project product: node-srv + framework: node.js tags: cve,cve2018,nodejs,lfi,hackerone http: diff --git a/http/cves/2018/CVE-2018-3760.yaml b/http/cves/2018/CVE-2018-3760.yaml index 909f4e89e0..364fd0adf1 100644 --- a/http/cves/2018/CVE-2018-3760.yaml +++ b/http/cves/2018/CVE-2018-3760.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. + remediation: | + Apply the latest security patches and updates for Ruby On Rails framework to fix the Local File Inclusion vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/rails/CVE-2018-3760 - https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-3760 cwe-id: CWE-200,CWE-22 epss-score: 0.05013 - cpe: cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:* epss-percentile: 0.91853 + cpe: cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: redhat diff --git a/http/cves/2018/CVE-2018-3810.yaml b/http/cves/2018/CVE-2018-3810.yaml index 02428449e6..6015f58d35 100644 --- a/http/cves/2018/CVE-2018-3810.yaml +++ b/http/cves/2018/CVE-2018-3810.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. + remediation: | + Update to the latest version of the Oturia WordPress Smart Google Code Inserter plugin (3.5 or higher) to fix the authentication bypass vulnerability. reference: - https://www.exploit-db.com/exploits/43420 - https://nvd.nist.gov/vuln/detail/CVE-2018-3810 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-3810 cwe-id: CWE-287 epss-score: 0.8409 - cpe: cpe:2.3:a:oturia:smart_google_code_inserter:*:*:*:*:*:wordpress:*:* epss-percentile: 0.9803 + cpe: cpe:2.3:a:oturia:smart_google_code_inserter:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 - framework: wordpress vendor: oturia product: smart_google_code_inserter + framework: wordpress tags: wordpress,cve,cve2018,google,edb http: diff --git a/http/cves/2018/CVE-2018-5230.yaml b/http/cves/2018/CVE-2018-5230.yaml index 508be2f986..0b1fb91c96 100644 --- a/http/cves/2018/CVE-2018-5230.yaml +++ b/http/cves/2018/CVE-2018-5230.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified. + remediation: | + Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability. reference: - https://jira.atlassian.com/browse/JRASERVER-67289 - https://nvd.nist.gov/vuln/detail/CVE-2018-5230 @@ -15,13 +17,13 @@ info: cve-id: CVE-2018-5230 cwe-id: CWE-79 epss-score: 0.00211 - cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* epss-percentile: 0.58311 + cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.component:"Atlassian Confluence" vendor: atlassian product: jira + shodan-query: http.component:"Atlassian Confluence" tags: cve,cve2018,atlassian,confluence,xss http: diff --git a/http/cves/2018/CVE-2018-5233.yaml b/http/cves/2018/CVE-2018-5233.yaml index 880d80e11d..cb532547f1 100644 --- a/http/cves/2018/CVE-2018-5233.yaml +++ b/http/cves/2018/CVE-2018-5233.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. + remediation: | + Upgrade Grav CMS to version 1.3.0 or later, which includes proper input sanitization to mitigate the XSS vulnerability. reference: - https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/ - http://www.openwall.com/lists/oss-security/2018/03/15/1 @@ -16,13 +18,13 @@ info: cve-id: CVE-2018-5233 cwe-id: CWE-79 epss-score: 0.00295 - cpe: cpe:2.3:a:getgrav:grav_cms:*:*:*:*:*:*:*:* epss-percentile: 0.65386 + cpe: cpe:2.3:a:getgrav:grav_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: html:"Grav CMS" vendor: getgrav product: grav_cms + shodan-query: html:"Grav CMS" tags: cve,cve2018,xss,grav http: diff --git a/http/cves/2018/CVE-2018-5316.yaml b/http/cves/2018/CVE-2018-5316.yaml index 7287513a41..7cd3557aab 100644 --- a/http/cves/2018/CVE-2018-5316.yaml +++ b/http/cves/2018/CVE-2018-5316.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter. + remediation: | + Update to the latest version of the WordPress SagePay Server Gateway for WooCommerce plugin (1.0.9 or higher) to mitigate this vulnerability. reference: - https://wordpress.org/support/topic/sagepay-server-gateway-for-woocommerce-1-0-7-cross-site-scripting/#post-9792337 - https://wordpress.org/plugins/sagepay-server-gateway-for-woocommerce/#developers @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-5316 cwe-id: CWE-79 epss-score: 0.00175 - cpe: cpe:2.3:a:patsatech:sagepay_server_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:* epss-percentile: 0.53966 + cpe: cpe:2.3:a:patsatech:sagepay_server_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true - framework: wordpress + max-request: 1 vendor: patsatech product: sagepay_server_gateway_for_woocommerce + framework: wordpress tags: cve2018,wordpress,xss,wp-plugin,wp,woocommerce,packetstorm,cve http: diff --git a/http/cves/2018/CVE-2018-5715.yaml b/http/cves/2018/CVE-2018-5715.yaml index cf425d264f..4838050190 100644 --- a/http/cves/2018/CVE-2018-5715.yaml +++ b/http/cves/2018/CVE-2018-5715.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable). + remediation: | + Upgrade to a patched version of SugarCRM or apply the necessary security patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/43683 - https://m4k4br0.github.io/sugarcrm-xss/ @@ -16,14 +18,14 @@ info: cve-id: CVE-2018-5715 cwe-id: CWE-79 epss-score: 0.00129 - cpe: cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:* epss-percentile: 0.46905 + cpe: cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:* metadata: max-request: 1 - google-query: intext:"SugarCRM Inc. All Rights Reserved" - shodan-query: http.html:"SugarCRM Inc. All Rights Reserved" vendor: sugarcrm product: sugarcrm + shodan-query: http.html:"SugarCRM Inc. All Rights Reserved" + google-query: intext:"SugarCRM Inc. All Rights Reserved" tags: sugarcrm,xss,edb,cve,cve2018 http: diff --git a/http/cves/2018/CVE-2018-6008.yaml b/http/cves/2018/CVE-2018-6008.yaml index 469f68fb44..3ebfdbd1d3 100644 --- a/http/cves/2018/CVE-2018-6008.yaml +++ b/http/cves/2018/CVE-2018-6008.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter. + remediation: | + Update Joomla! Jtag Members Directory to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/43913 - https://packetstormsecurity.com/files/146137/Joomla-Jtag-Members-Directory-5.3.7-Arbitrary-File-Download.html @@ -15,13 +17,13 @@ info: cve-id: CVE-2018-6008 cwe-id: CWE-200 epss-score: 0.41482 - cpe: cpe:2.3:a:joomlatag:jtag_members_directory:5.3.7:*:*:*:*:joomla\!:*:* epss-percentile: 0.96813 + cpe: cpe:2.3:a:joomlatag:jtag_members_directory:5.3.7:*:*:*:*:joomla\!:*:* metadata: max-request: 1 - framework: joomla\! vendor: joomlatag product: jtag_members_directory + framework: joomla\! tags: cve,cve2018,joomla,lfi,edb,packetstorm http: diff --git a/http/cves/2018/CVE-2018-6184.yaml b/http/cves/2018/CVE-2018-6184.yaml index 4a005c7c1b..51685d4f02 100644 --- a/http/cves/2018/CVE-2018-6184.yaml +++ b/http/cves/2018/CVE-2018-6184.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Upgrade to the latest version of Zeit Next.js (>=4.2.3) to mitigate this vulnerability. reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/NextFrameworkPathTraversal.java - https://github.com/zeit/next.js/releases/tag/4.2.3 @@ -16,13 +18,13 @@ info: cve-id: CVE-2018-6184 cwe-id: CWE-22 epss-score: 0.00396 - cpe: cpe:2.3:a:zeit:next.js:4.0.0:*:*:*:*:*:*:* epss-percentile: 0.70146 + cpe: cpe:2.3:a:zeit:next.js:4.0.0:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: html:"/_next/static" vendor: zeit product: next.js + shodan-query: html:"/_next/static" tags: cve,cve2018,nextjs,lfi,traversal http: diff --git a/http/cves/2018/CVE-2018-6200.yaml b/http/cves/2018/CVE-2018-6200.yaml index a319400f37..7202a33a02 100644 --- a/http/cves/2018/CVE-2018-6200.yaml +++ b/http/cves/2018/CVE-2018-6200.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest security patches and updates provided by vBulletin to fix the open redirect vulnerability. reference: - https://cxsecurity.com/issue/WLB-2018010251 - https://nvd.nist.gov/vuln/detail/CVE-2018-6200 @@ -15,11 +17,11 @@ info: cve-id: CVE-2018-6200 cwe-id: CWE-601 epss-score: 0.00118 - cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* epss-percentile: 0.45103 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 vendor: vbulletin product: vbulletin tags: cve,cve2018,redirect,vbulletin diff --git a/http/cves/2018/CVE-2018-6530.yaml b/http/cves/2018/CVE-2018-6530.yaml index c03239d6c2..a7cc520681 100644 --- a/http/cves/2018/CVE-2018-6530.yaml +++ b/http/cves/2018/CVE-2018-6530.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. + remediation: | + Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-6530 - https://github.com/soh0ro0t/Pwn-Multiple-Dlink-Router-Via-Soap-Proto @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-6530 cwe-id: CWE-78 epss-score: 0.94099 - cpe: cpe:2.3:o:d-link:dir-860l_firmware:*:*:*:*:*:*:*:* epss-percentile: 0.98828 + cpe: cpe:2.3:o:d-link:dir-860l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: d-link diff --git a/http/cves/2018/CVE-2018-6910.yaml b/http/cves/2018/CVE-2018-6910.yaml index 2aa22de0f2..920a4ac028 100644 --- a/http/cves/2018/CVE-2018-6910.yaml +++ b/http/cves/2018/CVE-2018-6910.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php + remediation: | + Apply the latest patch or upgrade to a newer version of DedeCMS to fix the path disclosure vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-6910 - https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-6910 cwe-id: CWE-668 epss-score: 0.03367 - cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* epss-percentile: 0.90157 + cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dedecms diff --git a/http/cves/2018/CVE-2018-7251.yaml b/http/cves/2018/CVE-2018-7251.yaml index bbc1fac9f7..ffcde7f0b8 100644 --- a/http/cves/2018/CVE-2018-7251.yaml +++ b/http/cves/2018/CVE-2018-7251.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. + remediation: | + Upgrade to the latest version of Anchor CMS or apply the necessary patches to fix the error log exposure vulnerability. reference: - https://github.com/anchorcms/anchor-cms/issues/1247 - https://twitter.com/finnwea/status/965279233030393856 @@ -18,8 +20,8 @@ info: cve-id: CVE-2018-7251 cwe-id: CWE-200 epss-score: 0.06473 - cpe: cpe:2.3:a:anchorcms:anchor:0.12.3:*:*:*:*:*:*:* epss-percentile: 0.92792 + cpe: cpe:2.3:a:anchorcms:anchor:0.12.3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: anchorcms diff --git a/http/cves/2018/CVE-2018-7422.yaml b/http/cves/2018/CVE-2018-7422.yaml index 1fa86fc2fa..c102ed681b 100644 --- a/http/cves/2018/CVE-2018-7422.yaml +++ b/http/cves/2018/CVE-2018-7422.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php. + remediation: | + Update WordPress Site Editor plugin to the latest version to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/44340 - http://seclists.org/fulldisclosure/2018/Mar/40 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-7422 cwe-id: CWE-22 epss-score: 0.95295 - cpe: cpe:2.3:a:siteeditor:site_editor:*:*:*:*:*:wordpress:*:* epss-percentile: 0.99068 + cpe: cpe:2.3:a:siteeditor:site_editor:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 - framework: wordpress vendor: siteeditor product: site_editor + framework: wordpress tags: cve,cve2018,wordpress,wp-plugin,lfi,edb,seclists http: diff --git a/http/cves/2018/CVE-2018-7467.yaml b/http/cves/2018/CVE-2018-7467.yaml index cfd937634e..b48bb98918 100644 --- a/http/cves/2018/CVE-2018-7467.yaml +++ b/http/cves/2018/CVE-2018-7467.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. + remediation: | + Apply the latest security patches or updates provided by AxxonSoft to fix the local file inclusion vulnerability. reference: - https://packetstormsecurity.com/files/146604/AxxonSoft-Axxon-Next-Directory-Traversal.html - https://github.com/sullo/advisory-archives/blob/master/axxonsoft-next-CVE-2018-7467.txt @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-7467 cwe-id: CWE-22 epss-score: 0.00396 - cpe: cpe:2.3:a:axxonsoft:next:-:*:*:*:*:*:*:* epss-percentile: 0.70146 + cpe: cpe:2.3:a:axxonsoft:next:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: axxonsoft diff --git a/http/cves/2018/CVE-2018-7490.yaml b/http/cves/2018/CVE-2018-7490.yaml index 61dc578f76..cdd2ec627d 100644 --- a/http/cves/2018/CVE-2018-7490.yaml +++ b/http/cves/2018/CVE-2018-7490.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. + remediation: | + Update to the latest version of uWSGI PHP Plugin or apply the necessary patches to fix the local file inclusion vulnerability. reference: - https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html - https://www.exploit-db.com/exploits/44223/ @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-7490 cwe-id: CWE-22 epss-score: 0.9656 - cpe: cpe:2.3:a:unbit:uwsgi:*:*:*:*:*:*:*:* epss-percentile: 0.99436 + cpe: cpe:2.3:a:unbit:uwsgi:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: unbit diff --git a/http/cves/2018/CVE-2018-7600.yaml b/http/cves/2018/CVE-2018-7600.yaml index c9a9f3184e..5b9652b300 100644 --- a/http/cves/2018/CVE-2018-7600.yaml +++ b/http/cves/2018/CVE-2018-7600.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. + remediation: | + Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team. reference: - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600 - https://nvd.nist.gov/vuln/detail/CVE-2018-7600 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-7600 cwe-id: CWE-20 epss-score: 0.97553 - cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* epss-percentile: 0.99994 + cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.component:"drupal" vendor: drupal product: drupal + shodan-query: http.component:"drupal" tags: cve,cve2018,drupal,rce,kev,vulhub,intrusive http: diff --git a/http/cves/2018/CVE-2018-7602.yaml b/http/cves/2018/CVE-2018-7602.yaml index a7e9233e51..719a62f934 100644 --- a/http/cves/2018/CVE-2018-7602.yaml +++ b/http/cves/2018/CVE-2018-7602.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. + remediation: | + Upgrade to Drupal 7.58, 8.3.9, 8.4.6, or 8.5.1 or apply the necessary patches provided by Drupal. reference: - https://github.com/vulhub/vulhub/blob/master/drupal/CVE-2018-7602/drupa7-CVE-2018-7602.py - https://nvd.nist.gov/vuln/detail/CVE-2018-7602 @@ -16,13 +18,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-7602 epss-score: 0.97471 - cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* epss-percentile: 0.99942 + cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 4 - shodan-query: http.component:"drupal" vendor: drupal product: drupal + shodan-query: http.component:"drupal" tags: cve2018,drupal,authenticated,kev,vulhub,edb,cve http: diff --git a/http/cves/2018/CVE-2018-7653.yaml b/http/cves/2018/CVE-2018-7653.yaml index 92e74e1589..3df5928ba7 100644 --- a/http/cves/2018/CVE-2018-7653.yaml +++ b/http/cves/2018/CVE-2018-7653.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. + remediation: | + To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: - https://packetstormsecurity.com/files/147065/YzmCMS-3.6-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2018-7653 @@ -15,14 +17,14 @@ info: cve-id: CVE-2018-7653 cwe-id: CWE-79 epss-score: 0.00797 - cpe: cpe:2.3:a:yzmcms:yzmcms:3.6:*:*:*:*:*:*:* epss-percentile: 0.79437 + cpe: cpe:2.3:a:yzmcms:yzmcms:3.6:*:*:*:*:*:*:* metadata: max-request: 1 - fofa-query: title="YzmCMS" - shodan-query: title:"YzmCMS" vendor: yzmcms product: yzmcms + shodan-query: title:"YzmCMS" + fofa-query: title="YzmCMS" tags: packetstorm,cve,cve2018,yzmcms,cms,xss http: diff --git a/http/cves/2018/CVE-2018-7662.yaml b/http/cves/2018/CVE-2018-7662.yaml index 5251c442d2..d48712c65a 100644 --- a/http/cves/2018/CVE-2018-7662.yaml +++ b/http/cves/2018/CVE-2018-7662.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: medium description: CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. + remediation: | + Upgrade to the latest version of CouchCMS (2.1 or higher) to mitigate this vulnerability. reference: - https://github.com/CouchCMS/CouchCMS/issues/46 - https://nvd.nist.gov/vuln/detail/CVE-2018-7662 @@ -14,8 +16,8 @@ info: cve-id: CVE-2018-7662 cwe-id: CWE-200 epss-score: 0.00286 - cpe: cpe:2.3:a:couchcms:couch:*:*:*:*:*:*:*:* epss-percentile: 0.64709 + cpe: cpe:2.3:a:couchcms:couch:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: couchcms diff --git a/http/cves/2018/CVE-2018-7700.yaml b/http/cves/2018/CVE-2018-7700.yaml index 6a792813d7..7404528811 100644 --- a/http/cves/2018/CVE-2018-7700.yaml +++ b/http/cves/2018/CVE-2018-7700.yaml @@ -6,6 +6,8 @@ info: severity: high description: | DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. + remediation: | + Apply the latest security patches and update to a newer version of DedeCMS. reference: - https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/ - https://nvd.nist.gov/vuln/detail/CVE-2018-7700 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-7700 cwe-id: CWE-352 epss-score: 0.73235 - cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* epss-percentile: 0.97671 + cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dedecms diff --git a/http/cves/2018/CVE-2018-7719.yaml b/http/cves/2018/CVE-2018-7719.yaml index 8284e89463..1f965478a7 100644 --- a/http/cves/2018/CVE-2018-7719.yaml +++ b/http/cves/2018/CVE-2018-7719.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. + remediation: | + Upgrade Acrolinx Server to version 5.2.5 or later to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/146911/Acrolinx-Server-Directory-Traversal.html - https://support.acrolinx.com/hc/en-us/articles/213987685-Acrolinx-Server-Version-5-1-including-subsequent-service-releases- @@ -17,8 +19,8 @@ info: cve-id: CVE-2018-7719 cwe-id: CWE-22 epss-score: 0.09221 - cpe: cpe:2.3:a:acrolinx:acrolinx_server:*:*:*:*:*:*:*:* epss-percentile: 0.93888 + cpe: cpe:2.3:a:acrolinx:acrolinx_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: acrolinx diff --git a/http/cves/2018/CVE-2018-8006.yaml b/http/cves/2018/CVE-2018-8006.yaml index 6672e0dbf0..4662ee2398 100644 --- a/http/cves/2018/CVE-2018-8006.yaml +++ b/http/cves/2018/CVE-2018-8006.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. + remediation: | + Upgrade Apache ActiveMQ to a version higher than 5.15.5 or apply the necessary patches provided by the vendor. reference: - http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt - https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E @@ -22,8 +24,8 @@ info: cve-id: CVE-2018-8006 cwe-id: CWE-79 epss-score: 0.97239 - cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* epss-percentile: 0.99756 + cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache diff --git a/http/cves/2018/CVE-2018-8033.yaml b/http/cves/2018/CVE-2018-8033.yaml index 430fcdd63d..7da175bf75 100644 --- a/http/cves/2018/CVE-2018-8033.yaml +++ b/http/cves/2018/CVE-2018-8033.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection). + remediation: | + Apply the necessary patches or upgrade to a non-vulnerable version of Apache OFBiz. reference: - https://lists.apache.org/thread.html/e8fb551e86e901932081f81ee9985bb72052b4d412f23d89b1282777@%3Cuser.ofbiz.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2018-8033 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-8033 cwe-id: CWE-200 epss-score: 0.20111 - cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* epss-percentile: 0.95689 + cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache diff --git a/http/cves/2018/CVE-2018-8715.yaml b/http/cves/2018/CVE-2018-8715.yaml index 55db64892d..6dd4ddc8f7 100644 --- a/http/cves/2018/CVE-2018-8715.yaml +++ b/http/cves/2018/CVE-2018-8715.yaml @@ -5,6 +5,8 @@ info: author: milo2012 severity: high description: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. + remediation: | + Apply the necessary patches or updates provided by the vendor to fix the authentication bypass vulnerability in AppWeb. reference: - https://github.com/embedthis/appweb/issues/610 - https://blogs.securiteam.com/index.php/archives/3676 @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-8715 cwe-id: CWE-287 epss-score: 0.05837 - cpe: cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:* epss-percentile: 0.92425 + cpe: cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: embedthis diff --git a/http/cves/2018/CVE-2018-8719.yaml b/http/cves/2018/CVE-2018-8719.yaml index 7c43e763ee..612c11cad1 100644 --- a/http/cves/2018/CVE-2018-8719.yaml +++ b/http/cves/2018/CVE-2018-8719.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Update to the latest version of WordPress WP Security Audit Log plugin (3.1.2 or higher) to fix the information disclosure vulnerability. reference: - https://www.exploit-db.com/exploits/44371 - https://vuldb.com/?id.115817 @@ -17,13 +19,13 @@ info: cve-id: CVE-2018-8719 cwe-id: CWE-532 epss-score: 0.03177 - cpe: cpe:2.3:a:wpsecurityauditlog:wp_security_audit_log:3.1.1:*:*:*:*:wordpress:*:* epss-percentile: 0.89877 + cpe: cpe:2.3:a:wpsecurityauditlog:wp_security_audit_log:3.1.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: wpsecurityauditlog product: wp_security_audit_log + framework: wordpress tags: cve2018,exposure,edb,wordpress,wp-plugin,cve http: diff --git a/http/cves/2018/CVE-2018-8727.yaml b/http/cves/2018/CVE-2018-8727.yaml index ee6c67333b..d182ecb9e9 100644 --- a/http/cves/2018/CVE-2018-8727.yaml +++ b/http/cves/2018/CVE-2018-8727.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities. + remediation: | + Upgrade to a patched version of Mirasys DVMS Workstation (>=5.12.7) to mitigate the LFI vulnerability. reference: - https://packetstormsecurity.com/files/148266/Mirasys-DVMS-Workstation-5.12.6-Path-Traversal.html - https://www.onvio.nl/nieuws/cve-mirasys-vulnerability @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-8727 cwe-id: CWE-22 epss-score: 0.01105 - cpe: cpe:2.3:a:mirasys:dvms_workstation:*:*:*:*:*:*:*:* epss-percentile: 0.8267 + cpe: cpe:2.3:a:mirasys:dvms_workstation:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: mirasys diff --git a/http/cves/2018/CVE-2018-8770.yaml b/http/cves/2018/CVE-2018-8770.yaml index 5cad1eb764..9ae5a4a9a3 100644 --- a/http/cves/2018/CVE-2018-8770.yaml +++ b/http/cves/2018/CVE-2018-8770.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a patched version of Cobub Razor. reference: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770 - https://www.exploit-db.com/exploits/44495/ @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-8770 cwe-id: CWE-200 epss-score: 0.00197 - cpe: cpe:2.3:a:cobub:razor:0.8.0:*:*:*:*:*:*:* epss-percentile: 0.5678 + cpe: cpe:2.3:a:cobub:razor:0.8.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cobub diff --git a/http/cves/2018/CVE-2018-9118.yaml b/http/cves/2018/CVE-2018-9118.yaml index 487600f951..7474abbc50 100644 --- a/http/cves/2018/CVE-2018-9118.yaml +++ b/http/cves/2018/CVE-2018-9118.yaml @@ -6,26 +6,26 @@ info: severity: high description: | WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php. + remediation: | + Upgrade to 4.1.15. reference: - https://www.exploit-db.com/exploits/44417 - https://wpvulndb.com/vulnerabilities/9056 - https://99robots.com/docs/wp-background-takeover-advertisements/ - https://nvd.nist.gov/vuln/detail/CVE-2018-9118 - remediation: | - Upgrade to 4.1.15. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-9118 cwe-id: CWE-22 epss-score: 0.11263 - cpe: cpe:2.3:a:99robots:wp_background_takeover_advertisements:*:*:*:*:*:wordpress:*:* epss-percentile: 0.94454 + cpe: cpe:2.3:a:99robots:wp_background_takeover_advertisements:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - framework: wordpress vendor: 99robots product: wp_background_takeover_advertisements + framework: wordpress tags: edb,cve,cve2018,wordpress,wp-plugin,lfi,traversal,wp http: diff --git a/http/cves/2018/CVE-2018-9161.yaml b/http/cves/2018/CVE-2018-9161.yaml index 1e8b84d719..f5ea19bd11 100644 --- a/http/cves/2018/CVE-2018-9161.yaml +++ b/http/cves/2018/CVE-2018-9161.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. + remediation: | + Ensure that sensitive credentials are properly protected and not exposed in the application's source code or configuration files. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php - https://nvd.nist.gov/vuln/detail/CVE-2018-9161 @@ -15,8 +17,8 @@ info: cve-id: CVE-2018-9161 cwe-id: CWE-798 epss-score: 0.26342 - cpe: cpe:2.3:a:prismaindustriale:checkweigher_prismaweb:1.21:*:*:*:*:*:*:* epss-percentile: 0.96118 + cpe: cpe:2.3:a:prismaindustriale:checkweigher_prismaweb:1.21:*:*:*:*:*:*:* metadata: max-request: 1 vendor: prismaindustriale diff --git a/http/cves/2018/CVE-2018-9205.yaml b/http/cves/2018/CVE-2018-9205.yaml index 8556ebcaee..a0a84a981f 100644 --- a/http/cves/2018/CVE-2018-9205.yaml +++ b/http/cves/2018/CVE-2018-9205.yaml @@ -5,25 +5,25 @@ info: author: daffainfo severity: high description: In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. + remediation: Upgrade to the latest version of avatar_uploader. reference: - https://www.exploit-db.com/exploits/44501 - https://nvd.nist.gov/vuln/detail/CVE-2018-9205 - https://www.drupal.org/project/avatar_uploader/issues/2957966 - https://www.drupal.org/project/avatar_uploader - remediation: Upgrade to the latest version of avatar_uploader. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-9205 cwe-id: CWE-22 epss-score: 0.0276 - cpe: cpe:2.3:a:drupal:avatar_uploader:7.x-1.0:beta8:*:*:*:*:*:* epss-percentile: 0.89249 + cpe: cpe:2.3:a:drupal:avatar_uploader:7.x-1.0:beta8:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: http.component:"drupal" vendor: drupal product: avatar_uploader + shodan-query: http.component:"drupal" tags: cve,cve2018,lfi,drupal,edb http: diff --git a/http/cves/2018/CVE-2018-9845.yaml b/http/cves/2018/CVE-2018-9845.yaml index 13fa5e18d7..58ed8b2179 100644 --- a/http/cves/2018/CVE-2018-9845.yaml +++ b/http/cves/2018/CVE-2018-9845.yaml @@ -5,6 +5,8 @@ info: author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. + remediation: | + Upgrade to Etherpad Lite version 1.6.4 or later to fix the vulnerability. reference: - https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4 - https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b @@ -16,8 +18,8 @@ info: cve-id: CVE-2018-9845 cwe-id: CWE-178 epss-score: 0.01342 - cpe: cpe:2.3:a:etherpad:etherpad_lite:*:*:*:*:*:*:*:* epss-percentile: 0.84419 + cpe: cpe:2.3:a:etherpad:etherpad_lite:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: etherpad diff --git a/http/cves/2018/CVE-2018-9995.yaml b/http/cves/2018/CVE-2018-9995.yaml index 01868660b5..3ab43f3cde 100644 --- a/http/cves/2018/CVE-2018-9995.yaml +++ b/http/cves/2018/CVE-2018-9995.yaml @@ -8,6 +8,8 @@ info: TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. + remediation: | + Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability and ensure strong and unique passwords are used for device access. reference: - https://www.exploit-db.com/exploits/44577/ - http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html @@ -19,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-9995 epss-score: 0.93843 - cpe: cpe:2.3:o:tbkvision:tbk-dvr4216_firmware:-:*:*:*:*:*:*:* epss-percentile: 0.98791 + cpe: cpe:2.3:o:tbkvision:tbk-dvr4216_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: tbkvision