Added cve annotations + severity adjustments
parent
cf4ef2ac5a
commit
e9f728c321
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://www.securityfocus.com/bid/48806/info
|
- https://www.securityfocus.com/bid/48806/info
|
||||||
- https://seclists.org/bugtraq/2011/Nov/140
|
- https://seclists.org/bugtraq/2011/Nov/140
|
||||||
tags: cve,cve2011,xss,tikiwiki
|
tags: cve,cve2011,xss,tikiwiki
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2011-4336
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
|
||||||
tags: cve,cve2012,wordpress,xss,wp-plugin
|
tags: cve,cve2012,wordpress,xss,wp-plugin
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
|
||||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
|
||||||
tags: cve,cve2013,wordpress,xss,wp-plugin
|
tags: cve,cve2013,wordpress,xss,wp-plugin
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: critical
|
severity: critical
|
||||||
tags: cve,cve2014,sqli,lighttpd
|
tags: cve,cve2014,sqli,lighttpd
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2014-2323
|
||||||
|
cwe-id: CWE-89
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://snyk.io/vuln/npm:st:20140206
|
- https://snyk.io/vuln/npm:st:20140206
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2014,lfi,nodejs,st
|
tags: cve,cve2014,lfi,nodejs,st
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2014-3744
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
||||||
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
||||||
|
description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2014-4535
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2014-4536
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,13 +3,18 @@ id: CVE-2014-6271
|
||||||
info:
|
info:
|
||||||
name: Shellshock
|
name: Shellshock
|
||||||
author: pentest_swissky
|
author: pentest_swissky
|
||||||
severity: high
|
severity: critical
|
||||||
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
|
||||||
reference:
|
reference:
|
||||||
- http://www.kb.cert.org/vuls/id/252743
|
- http://www.kb.cert.org/vuls/id/252743
|
||||||
- http://www.us-cert.gov/ncas/alerts/TA14-268A
|
- http://www.us-cert.gov/ncas/alerts/TA14-268A
|
||||||
tags: cve,cve2014,rce
|
tags: cve,cve2014,rce
|
||||||
|
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2014-6271
|
||||||
|
cwe-id: CWE-78
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
|
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
|
||||||
tags: cve,cve2014,lfi
|
tags: cve,cve2014,lfi
|
||||||
|
description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
|
||||||
tags: cve,2014,wordpress,xss,wp-plugin
|
tags: cve,2014,wordpress,xss,wp-plugin
|
||||||
|
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-1000012
|
||||||
|
cwe-id: CWE-200
|
||||||
|
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2015-2080
|
||||||
info:
|
info:
|
||||||
name: Eclipse Jetty Remote Leakage
|
name: Eclipse Jetty Remote Leakage
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
|
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
|
||||||
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
|
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
|
||||||
|
@ -11,6 +11,11 @@ info:
|
||||||
description: |
|
description: |
|
||||||
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
||||||
tags: cve,cve2015,jetty
|
tags: cve,cve2015,jetty
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-2080
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,11 @@ info:
|
||||||
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
|
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
|
||||||
tags: cve,cve2015,xss,itop
|
tags: cve,cve2015,xss,itop
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-6544
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
|
||||||
tags: cve,cve2015,xss,sourcebans
|
tags: cve,cve2015,xss,sourcebans
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-8349
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,11 @@ info:
|
||||||
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
|
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
|
||||||
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
|
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
|
||||||
tags: cve,cve2015,atlassian,confluence
|
tags: cve,cve2015,atlassian,confluence
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 4.30
|
||||||
|
cve-id: CVE-2015-8399
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
||||||
tags: cve,cve2015,ssrf,oob
|
tags: cve,cve2015,ssrf,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
|
||||||
|
cvss-score: 8.20
|
||||||
|
cve-id: CVE-2015-8813
|
||||||
|
cwe-id: CWE-918
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2015-9414
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
||||||
- https://www.exploit-db.com/exploits/37252
|
- https://www.exploit-db.com/exploits/37252
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2015-9480
|
||||||
|
cwe-id: CWE-22
|
||||||
|
description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,10 @@ info:
|
||||||
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
|
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2016,adobe,aem
|
tags: cve,cve2016,adobe,aem
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-0957
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000126
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
|
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000127
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
||||||
- https://wordpress.org/plugins/anti-plagiarism
|
- https://wordpress.org/plugins/anti-plagiarism
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000128
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
|
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000129
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin e-search v1.0
|
description: Reflected XSS in wordpress plugin e-search v1.0
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000130
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000131
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin e-search v1.0"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
|
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000132
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
|
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000133
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000134
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
description: Reflected XSS in wordpress plugin hdw-tube v1.2
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000135
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
|
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000137
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
|
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000138
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000139
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000140
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000146
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000148
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin s3-video v0.983"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000149
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin tidio-form v1.0
|
description: Reflected XSS in wordpress plugin tidio-form v1.0
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000152
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000153
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Reflected XSS in wordpress plugin whizz v1.0.
|
description: Reflected XSS in wordpress plugin whizz v1.0.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000154
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-1000155
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -2,10 +2,15 @@ id: CVE-2016-10033
|
||||||
info:
|
info:
|
||||||
name: Wordpress 4.6 Remote Code Execution
|
name: Wordpress 4.6 Remote Code Execution
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|
||||||
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
|
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
|
||||||
tags: wordpress,cve,cve2016,rce
|
tags: wordpress,cve,cve2016,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-10033
|
||||||
|
cwe-id: CWE-77
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://cxsecurity.com/issue/WLB-2016080220
|
- https://cxsecurity.com/issue/WLB-2016080220
|
||||||
- https://wpvulndb.com/vulnerabilities/8609
|
- https://wpvulndb.com/vulnerabilities/8609
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-10956
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,13 +3,18 @@ id: CVE-2016-10960
|
||||||
info:
|
info:
|
||||||
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
|
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: critical
|
severity: high
|
||||||
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
||||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,rce
|
tags: cve,cve2016,wordpress,wp-plugin,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2016-10960
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
||||||
tags: cve,cve2016,wordpress,wp-theme,xss
|
tags: cve,cve2016,wordpress,wp-theme,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 5.40
|
||||||
|
cve-id: CVE-2016-10993
|
||||||
|
cwe-id: CWE-79
|
||||||
|
description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/39858
|
- https://www.exploit-db.com/exploits/39858
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-2004
|
||||||
|
cwe-id: CWE-306
|
||||||
|
|
||||||
network:
|
network:
|
||||||
- inputs:
|
- inputs:
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||||
tags: cve,cve2016,lfi,sap
|
tags: cve,cve2016,lfi,sap
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2016-2389
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://cwiki.apache.org/confluence/display/WW/S2-032
|
- https://cwiki.apache.org/confluence/display/WW/S2-032
|
||||||
- https://struts.apache.org/docs/s2-032.html
|
- https://struts.apache.org/docs/s2-032.html
|
||||||
tags: cve,cve2016,struts,rce,apache
|
tags: cve,cve2016,struts,rce,apache
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2016-3081
|
||||||
|
cwe-id: CWE-77
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
|
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
|
||||||
tags: cve,cve2016,iot,netgear,router
|
tags: cve,cve2016,iot,netgear,router
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-5649
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,12 +3,17 @@ id: CVE-2016-6277
|
||||||
info:
|
info:
|
||||||
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
|
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: high
|
||||||
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
||||||
tags: cve,cves2016,netgear,rce,iot
|
tags: cve,cves2016,netgear,rce,iot
|
||||||
reference:
|
reference:
|
||||||
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
|
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2016-6277
|
||||||
|
cwe-id: CWE-352
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
||||||
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
|
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
|
||||||
tags: cve,cve2016,lfi
|
tags: cve,cve2016,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2016-7552
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,11 @@ info:
|
||||||
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
|
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
|
||||||
tags: cve,cve2016,xss,spip
|
tags: cve,cve2016,xss,spip
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2016-7981
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
|
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
|
||||||
reference: https://www.exploit-db.com/exploits/45196
|
reference: https://www.exploit-db.com/exploits/45196
|
||||||
tags: cve,cve2017,oracle,glassfish,lfi
|
tags: cve,cve2017,oracle,glassfish,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-1000028
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
reference: https://www.exploit-db.com/exploits/49693
|
reference: https://www.exploit-db.com/exploits/49693
|
||||||
description: jqueryFileTree 2.1.5 and older Directory Traversal
|
description: jqueryFileTree 2.1.5 and older Directory Traversal
|
||||||
tags: cve,cve2017,wordpress,wp-plugin,lfi
|
tags: cve,cve2017,wordpress,wp-plugin,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-1000170
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -11,6 +11,11 @@ info:
|
||||||
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
|
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
|
||||||
tags: cve,cve2017,primetek,rce
|
tags: cve,cve2017,primetek,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-1000486
|
||||||
|
cwe-id: CWE-326
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,10 +3,14 @@ id: CVE-2017-10075
|
||||||
info:
|
info:
|
||||||
name: Oracle Content Server XSS
|
name: Oracle Content Server XSS
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: high
|
||||||
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
|
||||||
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
||||||
tags: cve,cve2017,xss,oracle
|
tags: cve,cve2017,xss,oracle
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
||||||
|
cvss-score: 8.20
|
||||||
|
cve-id: CVE-2017-10075
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,10 @@ info:
|
||||||
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||||
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||||
tags: cve,cve2017,rce,oracle,weblogic
|
tags: cve,cve2017,rce,oracle,weblogic
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-10271
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,12 +3,17 @@ id: CVE-2017-11444
|
||||||
info:
|
info:
|
||||||
name: Subrion CMS SQL Injection
|
name: Subrion CMS SQL Injection
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: high
|
severity: critical
|
||||||
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
|
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/intelliants/subrion/issues/479
|
- https://github.com/intelliants/subrion/issues/479
|
||||||
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
|
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
|
||||||
tags: cve,cve2017,sqli,subrion
|
tags: cve,cve2017,sqli,subrion
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-11444
|
||||||
|
cwe-id: CWE-89
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://chowdera.com/2020/12/20201229190934023w.html
|
- https://chowdera.com/2020/12/20201229190934023w.html
|
||||||
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
|
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
|
||||||
tags: cve,cve2017,java,rce,deserialization
|
tags: cve,cve2017,java,rce,deserialization
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-12149
|
||||||
|
cwe-id: CWE-502
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -9,6 +9,10 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542
|
||||||
- https://www.exploit-db.com/exploits/44005
|
- https://www.exploit-db.com/exploits/44005
|
||||||
tags: cve,cve2017,ilo4,hpe
|
tags: cve,cve2017,ilo4,hpe
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 10.00
|
||||||
|
cve-id: CVE-2017-12542
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
|
description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
|
||||||
reference: https://struts.apache.org/docs/s2-053.html
|
reference: https://struts.apache.org/docs/s2-053.html
|
||||||
tags: cve,cve2017,apache,rce,struts
|
tags: cve,cve2017,apache,rce,struts
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-12611
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2017-12615
|
||||||
info:
|
info:
|
||||||
name: Apache Tomcat RCE
|
name: Apache Tomcat RCE
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: high
|
||||||
tags: cve,cve2017,apache,rce
|
tags: cve,cve2017,apache,rce
|
||||||
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
|
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
|
||||||
description: |
|
description: |
|
||||||
|
@ -11,6 +11,11 @@ info:
|
||||||
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
|
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
|
||||||
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
|
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
|
||||||
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
|
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2017-12615
|
||||||
|
cwe-id: CWE-434
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: PUT
|
- method: PUT
|
||||||
|
|
|
@ -10,6 +10,12 @@ info:
|
||||||
- https://twitter.com/honoki/status/1298636315613974532
|
- https://twitter.com/honoki/status/1298636315613974532
|
||||||
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
|
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
|
||||||
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
|
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-12629
|
||||||
|
cwe-id: CWE-611
|
||||||
|
description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,10 +3,15 @@ id: CVE-2017-12635
|
||||||
info:
|
info:
|
||||||
name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
|
name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: critical
|
||||||
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
|
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
|
||||||
reference: https://github.com/assalielmehdi/CVE-2017-12635
|
reference: https://github.com/assalielmehdi/CVE-2017-12635
|
||||||
tags: cve,cve2017,couchdb
|
tags: cve,cve2017,couchdb
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-12635
|
||||||
|
cwe-id: CWE-269
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://www.cvedetails.com/cve/CVE-2017-12637/
|
- https://www.cvedetails.com/cve/CVE-2017-12637/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
|
||||||
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
|
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-12637
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
description: |
|
description: |
|
||||||
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
|
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
|
||||||
tags: xss,django,cve,cve2017
|
tags: xss,django,cve,cve2017
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-12794
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,12 @@ info:
|
||||||
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
|
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
|
||||||
- https://www.exploit-db.com/exploits/49913
|
- https://www.exploit-db.com/exploits/49913
|
||||||
tags: cve,cve2017,trixbox,rce
|
tags: cve,cve2017,trixbox,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2017-14535
|
||||||
|
cwe-id: CWE-78
|
||||||
|
description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
|
||||||
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
|
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
|
||||||
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage
|
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 6.50
|
||||||
|
cve-id: CVE-2017-14537
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -6,6 +6,15 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
|
description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
|
||||||
tags: cve,cve2017,wso2,xss
|
tags: cve,cve2017,wso2,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 4.80
|
||||||
|
cve-id: CVE-2017-14651
|
||||||
|
cwe-id: CWE-79
|
||||||
|
reference:
|
||||||
|
- https://github.com/cybersecurityworks/Disclosed/issues/15
|
||||||
|
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
|
||||||
|
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,15 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
|
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
|
||||||
tags: cve,cve2017,nodejs,lfi
|
tags: cve,cve2017,nodejs,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-14849
|
||||||
|
cwe-id: CWE-22
|
||||||
|
reference:
|
||||||
|
- https://twitter.com/nodejs/status/913131152868876288
|
||||||
|
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
|
||||||
|
- http://www.securityfocus.com/bid/101056
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,12 +3,17 @@ id: CVE-2017-15647
|
||||||
info:
|
info:
|
||||||
name: FiberHome - Directory Traversal
|
name: FiberHome - Directory Traversal
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: high
|
||||||
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/44054
|
- https://www.exploit-db.com/exploits/44054
|
||||||
- https://www.cvedetails.com/cve/CVE-2017-15647
|
- https://www.cvedetails.com/cve/CVE-2017-15647
|
||||||
tags: cve,cve2017,lfi,router
|
tags: cve,cve2017,lfi,router
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-15647
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
|
reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2017,apache,httpd,fileupload
|
tags: cve,cve2017,apache,httpd,fileupload
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2017-15715
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -7,8 +7,12 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/43342
|
- https://www.exploit-db.com/exploits/43342
|
||||||
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
|
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
|
||||||
severity: high
|
severity: critical
|
||||||
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
|
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-15944
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -6,6 +6,12 @@ info:
|
||||||
reference: https://www.exploit-db.com/exploits/43141
|
reference: https://www.exploit-db.com/exploits/43141
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2017,ulterius,traversal
|
tags: cve,cve2017,ulterius,traversal
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-16806
|
||||||
|
cwe-id: CWE-22
|
||||||
|
description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
||||||
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
|
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
|
||||||
tags: cve,cve2017,nextjs,lfi
|
tags: cve,cve2017,nextjs,lfi
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-16877
|
||||||
|
cwe-id: CWE-22
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
|
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-17043
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
|
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-17059
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-17451
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
|
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
|
||||||
severity: high
|
severity: high
|
||||||
tags: cve,cve2017,rce,embedthis,goahead,fuzz
|
tags: cve,cve2017,rce,embedthis,goahead,fuzz
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2017-17562
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -11,6 +11,11 @@ info:
|
||||||
description: |
|
description: |
|
||||||
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
|
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
|
||||||
tags: cve,cve2017,xss,avantfax
|
tags: cve,cve2017,xss,avantfax
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-18024
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
|
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
|
||||||
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
|
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-18536
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -11,6 +11,11 @@ info:
|
||||||
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
|
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
|
||||||
tags: cve,cve2017,graphite,ssrf,oob
|
tags: cve,cve2017,graphite,ssrf,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.50
|
||||||
|
cve-id: CVE-2017-18638
|
||||||
|
cwe-id: CWE-918
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -9,6 +9,10 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://hackerone.com/reports/810778
|
- https://hackerone.com/reports/810778
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||||
|
cvss-score: 7.40
|
||||||
|
cve-id: CVE-2017-3506
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,11 +3,17 @@ id: CVE-2017-3528
|
||||||
info:
|
info:
|
||||||
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
|
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: low
|
severity: medium
|
||||||
reference:
|
reference:
|
||||||
- https://blog.zsec.uk/cve-2017-3528/
|
- https://blog.zsec.uk/cve-2017-3528/
|
||||||
- https://www.exploit-db.com/exploits/43592
|
- https://www.exploit-db.com/exploits/43592
|
||||||
tags: oracle,redirect
|
tags: oracle,redirect
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
||||||
|
cvss-score: 5.40
|
||||||
|
cve-id: CVE-2017-3528
|
||||||
|
cwe-id: CWE-601
|
||||||
|
description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
|
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
|
||||||
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
|
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
|
||||||
tags: cve,cve2017,cisco,rce,network
|
tags: cve,cve2017,cisco,rce,network
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-3881
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
network:
|
network:
|
||||||
- inputs:
|
- inputs:
|
||||||
|
|
|
@ -10,6 +10,11 @@ info:
|
||||||
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
|
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
|
||||||
tags: cve,cve2017,mcafee,xss
|
tags: cve,cve2017,mcafee,xss
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-4011
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,12 +3,17 @@ id: CVE-2017-5487
|
||||||
info:
|
info:
|
||||||
name: WordPress Core < 4.7.1 - Username Enumeration
|
name: WordPress Core < 4.7.1 - Username Enumeration
|
||||||
author: Manas_Harsh,daffainfo,geeknik
|
author: Manas_Harsh,daffainfo,geeknik
|
||||||
severity: info
|
severity: medium
|
||||||
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
|
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
|
||||||
tags: cve,cve2017,wordpress
|
tags: cve,cve2017,wordpress
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
|
||||||
- https://www.exploit-db.com/exploits/41497
|
- https://www.exploit-db.com/exploits/41497
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 5.30
|
||||||
|
cve-id: CVE-2017-5487
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -2,12 +2,17 @@ id: CVE-2017-5521
|
||||||
info:
|
info:
|
||||||
name: Bypassing Authentication on NETGEAR Routers
|
name: Bypassing Authentication on NETGEAR Routers
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: medium
|
severity: high
|
||||||
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
|
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
|
||||||
reference:
|
reference:
|
||||||
- https://www.cvedetails.com/cve/CVE-2017-5521/
|
- https://www.cvedetails.com/cve/CVE-2017-5521/
|
||||||
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
|
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
|
||||||
tags: cve,cve2017,auth-bypass
|
tags: cve,cve2017,auth-bypass
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.10
|
||||||
|
cve-id: CVE-2017-5521
|
||||||
|
cwe-id: CWE-200
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -6,6 +6,11 @@ info:
|
||||||
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
||||||
tags: cve,cve2017,struts,rce,apache
|
tags: cve,cve2017,struts,rce,apache
|
||||||
reference: https://github.com/mazen160/struts-pwn
|
reference: https://github.com/mazen160/struts-pwn
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 10.00
|
||||||
|
cve-id: CVE-2017-5638
|
||||||
|
cwe-id: CWE-20
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -3,9 +3,15 @@ id: CVE-2017-6090
|
||||||
info:
|
info:
|
||||||
name: PhpCollab (unauthenticated) Arbitrary File Upload
|
name: PhpCollab (unauthenticated) Arbitrary File Upload
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: high
|
||||||
tags: cve,cve2017,phpcollab,rce,fileupload
|
tags: cve,cve2017,phpcollab,rce,fileupload
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2017-6090
|
||||||
|
cwe-id: CWE-434
|
||||||
|
description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
|
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
|
||||||
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
|
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
|
||||||
tags: cve,cve2017,rce
|
tags: cve,cve2017,rce
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-7269
|
||||||
|
cwe-id: CWE-119
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: OPTIONS
|
- method: OPTIONS
|
||||||
|
|
|
@ -9,6 +9,11 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/dweeves/magmi-git/issues/522
|
- https://github.com/dweeves/magmi-git/issues/522
|
||||||
- https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
|
- https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-7391
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -15,6 +15,11 @@ info:
|
||||||
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/
|
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/
|
||||||
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
|
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
|
||||||
- https://www.exploit-db.com/exploits/41890
|
- https://www.exploit-db.com/exploits/41890
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.80
|
||||||
|
cve-id: CVE-2017-7615
|
||||||
|
cwe-id: CWE-640
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -2,12 +2,17 @@ id: CVE-2017-7921
|
||||||
info:
|
info:
|
||||||
name: Hikvision Authentication Bypass
|
name: Hikvision Authentication Bypass
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
|
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
|
||||||
reference:
|
reference:
|
||||||
- http://www.hikvision.com/us/about_10805.html
|
- http://www.hikvision.com/us/about_10805.html
|
||||||
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
|
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
|
||||||
tags: cve,cve2017,auth-bypass
|
tags: cve,cve2017,auth-bypass
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 10.00
|
||||||
|
cve-id: CVE-2017-7921
|
||||||
|
cwe-id: CWE-287
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -2,10 +2,15 @@ id: CVE-2017-8917
|
||||||
info:
|
info:
|
||||||
name: Joomla SQL Injection
|
name: Joomla SQL Injection
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
|
description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
|
||||||
reference: https://www.cvedetails.com/cve/CVE-2017-8917/
|
reference: https://www.cvedetails.com/cve/CVE-2017-8917/
|
||||||
tags: cve,cve2017,joomla,sqli
|
tags: cve,cve2017,joomla,sqli
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.80
|
||||||
|
cve-id: CVE-2017-8917
|
||||||
|
cwe-id: CWE-89
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
tags: cve,cve2017,xss,telerik
|
tags: cve,cve2017,xss,telerik
|
||||||
description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
|
description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
|
||||||
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
|
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-9140
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,11 @@ info:
|
||||||
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
|
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
|
||||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-9288
|
||||||
|
cwe-id: CWE-79
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,13 +3,18 @@ id: CVE-2017-9506
|
||||||
info:
|
info:
|
||||||
name: Jira IconURIServlet SSRF
|
name: Jira IconURIServlet SSRF
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: high
|
severity: medium
|
||||||
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
|
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
|
||||||
reference:
|
reference:
|
||||||
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
|
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
|
||||||
- https://ecosystem.atlassian.net/browse/OAUTH-344
|
- https://ecosystem.atlassian.net/browse/OAUTH-344
|
||||||
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
|
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
|
||||||
tags: cve,cve2017,atlassian,jira,ssrf,oob
|
tags: cve,cve2017,atlassian,jira,ssrf,oob
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.10
|
||||||
|
cve-id: CVE-2017-9506
|
||||||
|
cwe-id: CWE-918
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue