Added cve annotations + severity adjustments

patch-1
Ice3man543 2021-09-10 16:56:40 +05:30
parent cf4ef2ac5a
commit e9f728c321
547 changed files with 2998 additions and 143 deletions

View File

@ -10,6 +10,11 @@ info:
- https://www.securityfocus.com/bid/48806/info - https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140 - https://seclists.org/bugtraq/2011/Nov/140
tags: cve,cve2011,xss,tikiwiki tags: cve,cve2011,xss,tikiwiki
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2011-4336
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin tags: cve,cve2012,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287 reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526 reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
author: geeknik author: geeknik
severity: critical severity: critical
tags: cve,cve2014,sqli,lighttpd tags: cve,cve2014,sqli,lighttpd
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-2323
cwe-id: CWE-89
requests: requests:
- raw: - raw:

View File

@ -9,6 +9,11 @@ info:
- https://snyk.io/vuln/npm:st:20140206 - https://snyk.io/vuln/npm:st:20140206
severity: high severity: high
tags: cve,cve2014,lfi,nodejs,st tags: cve,cve2014,lfi,nodejs,st
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2014-3744
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,7 @@ info:
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4535
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536 - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4536
cwe-id: CWE-79
description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
requests: requests:
- method: GET - method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2014-6271
info: info:
name: Shellshock name: Shellshock
author: pentest_swissky author: pentest_swissky
severity: high severity: critical
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
reference: reference:
- http://www.kb.cert.org/vuls/id/252743 - http://www.kb.cert.org/vuls/id/252743
- http://www.us-cert.gov/ncas/alerts/TA14-268A - http://www.us-cert.gov/ncas/alerts/TA14-268A
tags: cve,cve2014,rce tags: cve,cve2014,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-6271
cwe-id: CWE-78
requests: requests:
- method: GET - method: GET
path: path:

View File

@ -6,6 +6,7 @@ info:
severity: high severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi tags: cve,cve2014,lfi
description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin tags: cve,2014,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
requests: requests:
- method: GET - method: GET

View File

@ -3,7 +3,7 @@ id: CVE-2015-2080
info: info:
name: Eclipse Jetty Remote Leakage name: Eclipse Jetty Remote Leakage
author: pikpikcu author: pikpikcu
severity: medium severity: high
reference: reference:
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
@ -11,6 +11,11 @@ info:
description: | description: |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
tags: cve,cve2015,jetty tags: cve,cve2015,jetty
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-2080
cwe-id: CWE-200
requests: requests:
- method: POST - method: POST

View File

@ -8,6 +8,7 @@ info:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807 - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544 reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
tags: cve,cve2015,xss,itop tags: cve,cve2015,xss,itop
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-6544
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349 reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
tags: cve,cve2015,xss,sourcebans tags: cve,cve2015,xss,sourcebans
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-8349
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,11 @@ info:
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
tags: cve,cve2015,atlassian,confluence tags: cve,cve2015,atlassian,confluence
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4.30
cve-id: CVE-2015-8399
cwe-id: CWE-200
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,11 @@ info:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
tags: cve,cve2015,ssrf,oob tags: cve,cve2015,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
cvss-score: 8.20
cve-id: CVE-2015-8813
cwe-id: CWE-918
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095 - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414 - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
tags: cve,cve2015,wordpress,wp-plugin,xss tags: cve,cve2015,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-9414
cwe-id: CWE-79
description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252 - https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-9480
cwe-id: CWE-22
description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,10 @@ info:
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
severity: high severity: high
tags: cve,cve2016,adobe,aem tags: cve,cve2016,adobe,aem
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-0957
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000126
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin ajax-random-post v2.00 description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000127
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,11 @@ info:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism - https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000128
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000129
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin e-search v1.0 description: Reflected XSS in wordpress plugin e-search v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000130
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000131
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin e-search v1.0"
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000132
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000133
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2 description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000134
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2 description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000135
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658 reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000137
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38 reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000138
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000139
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000140
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000146
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000148
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin s3-video v0.983"
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000149
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin tidio-form v1.0 description: Reflected XSS in wordpress plugin tidio-form v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000152
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000153
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin whizz v1.0. description: Reflected XSS in wordpress plugin whizz v1.0.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000154
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000155
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
requests: requests:
- method: GET - method: GET

View File

@ -2,10 +2,15 @@ id: CVE-2016-10033
info: info:
name: Wordpress 4.6 Remote Code Execution name: Wordpress 4.6 Remote Code Execution
author: princechaddha author: princechaddha
severity: high severity: critical
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
tags: wordpress,cve,cve2016,rce tags: wordpress,cve,cve2016,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-10033
cwe-id: CWE-77
requests: requests:
- raw: - raw:

View File

@ -9,6 +9,11 @@ info:
- https://cxsecurity.com/issue/WLB-2016080220 - https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609 - https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi tags: cve,cve2016,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-10956
cwe-id: CWE-20
requests: requests:
- method: GET - method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2016-10960
info: info:
name: wSecure Lite < 2.4 - Remote Code Execution (RCE) name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
author: daffainfo author: daffainfo
severity: critical severity: high
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference: reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
tags: cve,cve2016,wordpress,wp-plugin,rce tags: cve,cve2016,wordpress,wp-plugin,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-10960
cwe-id: CWE-20
requests: requests:
- method: POST - method: POST

View File

@ -8,6 +8,12 @@ info:
- https://www.vulnerability-lab.com/get_content.php?id=1808 - https://www.vulnerability-lab.com/get_content.php?id=1808
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993 - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
tags: cve,cve2016,wordpress,wp-theme,xss tags: cve,cve2016,wordpress,wp-theme,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2016-10993
cwe-id: CWE-79
description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,11 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/39858 - https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004 - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-2004
cwe-id: CWE-306
network: network:
- inputs: - inputs:

View File

@ -9,6 +9,11 @@ info:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389 - https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap tags: cve,cve2016,lfi,sap
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-2389
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,11 @@ info:
- https://cwiki.apache.org/confluence/display/WW/S2-032 - https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html - https://struts.apache.org/docs/s2-032.html
tags: cve,cve2016,struts,rce,apache tags: cve,cve2016,struts,rce,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2016-3081
cwe-id: CWE-77
requests: requests:
- raw: - raw:

View File

@ -7,6 +7,11 @@ info:
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
tags: cve,cve2016,iot,netgear,router tags: cve,cve2016,iot,netgear,router
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-5649
cwe-id: CWE-200
requests: requests:
- raw: - raw:

View File

@ -3,12 +3,17 @@ id: CVE-2016-6277
info: info:
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
author: pikpikcu author: pikpikcu
severity: critical severity: high
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
tags: cve,cves2016,netgear,rce,iot tags: cve,cves2016,netgear,rce,iot
reference: reference:
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - https://nvd.nist.gov/vuln/detail/CVE-2016-6277
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-6277
cwe-id: CWE-352
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
tags: cve,cve2016,lfi tags: cve,cve2016,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-7552
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
tags: cve,cve2016,xss,spip tags: cve,cve2016,xss,spip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-7981
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
reference: https://www.exploit-db.com/exploits/45196 reference: https://www.exploit-db.com/exploits/45196
tags: cve,cve2017,oracle,glassfish,lfi tags: cve,cve2017,oracle,glassfish,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000028
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
reference: https://www.exploit-db.com/exploits/49693 reference: https://www.exploit-db.com/exploits/49693
description: jqueryFileTree 2.1.5 and older Directory Traversal description: jqueryFileTree 2.1.5 and older Directory Traversal
tags: cve,cve2017,wordpress,wp-plugin,lfi tags: cve,cve2017,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000170
cwe-id: CWE-22
requests: requests:
- method: POST - method: POST

View File

@ -11,6 +11,11 @@ info:
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
tags: cve,cve2017,primetek,rce tags: cve,cve2017,primetek,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-1000486
cwe-id: CWE-326
requests: requests:
- raw: - raw:

View File

@ -3,10 +3,14 @@ id: CVE-2017-10075
info: info:
name: Oracle Content Server XSS name: Oracle Content Server XSS
author: madrobot author: madrobot
severity: medium severity: high
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site. description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
tags: cve,cve2017,xss,oracle tags: cve,cve2017,xss,oracle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
cvss-score: 8.20
cve-id: CVE-2017-10075
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,10 @@ info:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc - https://github.com/SuperHacker-liuan/cve-2017-10271-poc
tags: cve,cve2017,rce,oracle,weblogic tags: cve,cve2017,rce,oracle,weblogic
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.50
cve-id: CVE-2017-10271
requests: requests:
- raw: - raw:

View File

@ -3,12 +3,17 @@ id: CVE-2017-11444
info: info:
name: Subrion CMS SQL Injection name: Subrion CMS SQL Injection
author: dwisiswant0 author: dwisiswant0
severity: high severity: critical
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
reference: reference:
- https://github.com/intelliants/subrion/issues/479 - https://github.com/intelliants/subrion/issues/479
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
tags: cve,cve2017,sqli,subrion tags: cve,cve2017,sqli,subrion
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-11444
cwe-id: CWE-89
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,11 @@ info:
- https://chowdera.com/2020/12/20201229190934023w.html - https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149 - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
tags: cve,cve2017,java,rce,deserialization tags: cve,cve2017,java,rce,deserialization
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12149
cwe-id: CWE-502
requests: requests:
- raw: - raw:

View File

@ -9,6 +9,10 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542 - https://nvd.nist.gov/vuln/detail/CVE-2017-12542
- https://www.exploit-db.com/exploits/44005 - https://www.exploit-db.com/exploits/44005
tags: cve,cve2017,ilo4,hpe tags: cve,cve2017,ilo4,hpe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-12542
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
reference: https://struts.apache.org/docs/s2-053.html reference: https://struts.apache.org/docs/s2-053.html
tags: cve,cve2017,apache,rce,struts tags: cve,cve2017,apache,rce,struts
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12611
cwe-id: CWE-20
requests: requests:
- method: POST - method: POST

View File

@ -3,7 +3,7 @@ id: CVE-2017-12615
info: info:
name: Apache Tomcat RCE name: Apache Tomcat RCE
author: pikpikcu author: pikpikcu
severity: critical severity: high
tags: cve,cve2017,apache,rce tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615 reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: | description: |
@ -11,6 +11,11 @@ info:
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79} However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request. Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-12615
cwe-id: CWE-434
requests: requests:
- method: PUT - method: PUT

View File

@ -10,6 +10,12 @@ info:
- https://twitter.com/honoki/status/1298636315613974532 - https://twitter.com/honoki/status/1298636315613974532
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12629
cwe-id: CWE-611
description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr."
requests: requests:
- raw: - raw:

View File

@ -3,10 +3,15 @@ id: CVE-2017-12635
info: info:
name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
author: pikpikcu author: pikpikcu
severity: high severity: critical
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
reference: https://github.com/assalielmehdi/CVE-2017-12635 reference: https://github.com/assalielmehdi/CVE-2017-12635
tags: cve,cve2017,couchdb tags: cve,cve2017,couchdb
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12635
cwe-id: CWE-269
requests: requests:
- raw: - raw:

View File

@ -10,6 +10,11 @@ info:
- https://www.cvedetails.com/cve/CVE-2017-12637/ - https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637 - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-12637
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,11 @@ info:
description: | description: |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
tags: xss,django,cve,cve2017 tags: xss,django,cve,cve2017
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-12794
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,12 @@ info:
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913 - https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce tags: cve,cve2017,trixbox,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-14535
cwe-id: CWE-78
description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
requests: requests:
- raw: - raw:

View File

@ -10,6 +10,11 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage - https://sourceforge.net/projects/asteriskathome/ # vendor homepage
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.50
cve-id: CVE-2017-14537
cwe-id: CWE-22
requests: requests:
- raw: - raw:

View File

@ -6,6 +6,15 @@ info:
severity: medium severity: medium
description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
tags: cve,cve2017,wso2,xss tags: cve,cve2017,wso2,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.80
cve-id: CVE-2017-14651
cwe-id: CWE-79
reference:
- https://github.com/cybersecurityworks/Disclosed/issues/15
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,15 @@ info:
severity: high severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
tags: cve,cve2017,nodejs,lfi tags: cve,cve2017,nodejs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-14849
cwe-id: CWE-22
reference:
- https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- http://www.securityfocus.com/bid/101056
requests: requests:
- method: GET - method: GET

View File

@ -3,12 +3,17 @@ id: CVE-2017-15647
info: info:
name: FiberHome - Directory Traversal name: FiberHome - Directory Traversal
author: daffainfo author: daffainfo
severity: medium severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference: reference:
- https://www.exploit-db.com/exploits/44054 - https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647 - https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router tags: cve,cve2017,lfi,router
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-15647
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
severity: high severity: high
tags: cve,cve2017,apache,httpd,fileupload tags: cve,cve2017,apache,httpd,fileupload
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-15715
cwe-id: CWE-20
requests: requests:
- raw: - raw:

View File

@ -7,8 +7,12 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/43342 - https://www.exploit-db.com/exploits/43342
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: high severity: critical
tags: cve,cve2017,rce,vpn,paloalto,globalprotect tags: cve,cve2017,rce,vpn,paloalto,globalprotect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-15944
requests: requests:
- raw: - raw:

View File

@ -6,6 +6,12 @@ info:
reference: https://www.exploit-db.com/exploits/43141 reference: https://www.exploit-db.com/exploits/43141
severity: high severity: high
tags: cve,cve2017,ulterius,traversal tags: cve,cve2017,ulterius,traversal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16806
cwe-id: CWE-22
description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal."
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
tags: cve,cve2017,nextjs,lfi tags: cve,cve2017,nextjs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16877
cwe-id: CWE-22
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17043
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,11 @@ info:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059 - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17059
cwe-id: CWE-79
requests: requests:
- method: POST - method: POST

View File

@ -7,6 +7,11 @@ info:
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17451
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,11 @@ info:
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562 - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
severity: high severity: high
tags: cve,cve2017,rce,embedthis,goahead,fuzz tags: cve,cve2017,rce,embedthis,goahead,fuzz
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-17562
cwe-id: CWE-20
requests: requests:
- raw: - raw:

View File

@ -11,6 +11,11 @@ info:
description: | description: |
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
tags: cve,cve2017,xss,avantfax tags: cve,cve2017,xss,avantfax
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18024
cwe-id: CWE-79
requests: requests:
- raw: - raw:

View File

@ -7,6 +7,11 @@ info:
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18536
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -11,6 +11,11 @@ info:
- https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://github.com/advisories/GHSA-vfj6-275q-4pvm
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638 - https://nvd.nist.gov/vuln/detail/CVE-2017-18638
tags: cve,cve2017,graphite,ssrf,oob tags: cve,cve2017,graphite,ssrf,oob
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-18638
cwe-id: CWE-918
requests: requests:
- method: GET - method: GET

View File

@ -9,6 +9,10 @@ info:
reference: reference:
- https://hackerone.com/reports/810778 - https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.40
cve-id: CVE-2017-3506
requests: requests:
- raw: - raw:

View File

@ -3,11 +3,17 @@ id: CVE-2017-3528
info: info:
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
author: 0x_Akoko author: 0x_Akoko
severity: low severity: medium
reference: reference:
- https://blog.zsec.uk/cve-2017-3528/ - https://blog.zsec.uk/cve-2017-3528/
- https://www.exploit-db.com/exploits/43592 - https://www.exploit-db.com/exploits/43592
tags: oracle,redirect tags: oracle,redirect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2017-3528
cwe-id: CWE-601
description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,11 @@ info:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent. description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
tags: cve,cve2017,cisco,rce,network tags: cve,cve2017,cisco,rce,network
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-3881
cwe-id: CWE-20
network: network:
- inputs: - inputs:

View File

@ -10,6 +10,11 @@ info:
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - https://kc.mcafee.com/corporate/index?page=content&id=SB10198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
tags: cve,cve2017,mcafee,xss tags: cve,cve2017,mcafee,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-4011
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -3,12 +3,17 @@ id: CVE-2017-5487
info: info:
name: WordPress Core < 4.7.1 - Username Enumeration name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik author: Manas_Harsh,daffainfo,geeknik
severity: info severity: medium
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress tags: cve,cve2017,wordpress
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487 - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497 - https://www.exploit-db.com/exploits/41497
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2017-5487
cwe-id: CWE-200
requests: requests:
- method: GET - method: GET

View File

@ -2,12 +2,17 @@ id: CVE-2017-5521
info: info:
name: Bypassing Authentication on NETGEAR Routers name: Bypassing Authentication on NETGEAR Routers
author: princechaddha author: princechaddha
severity: medium severity: high
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server. description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
reference: reference:
- https://www.cvedetails.com/cve/CVE-2017-5521/ - https://www.cvedetails.com/cve/CVE-2017-5521/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
tags: cve,cve2017,auth-bypass tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-5521
cwe-id: CWE-200
requests: requests:
- method: GET - method: GET

View File

@ -6,6 +6,11 @@ info:
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server. description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce,apache tags: cve,cve2017,struts,rce,apache
reference: https://github.com/mazen160/struts-pwn reference: https://github.com/mazen160/struts-pwn
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-5638
cwe-id: CWE-20
requests: requests:
- raw: - raw:

View File

@ -3,9 +3,15 @@ id: CVE-2017-6090
info: info:
name: PhpCollab (unauthenticated) Arbitrary File Upload name: PhpCollab (unauthenticated) Arbitrary File Upload
author: pikpikcu author: pikpikcu
severity: critical severity: high
tags: cve,cve2017,phpcollab,rce,fileupload tags: cve,cve2017,phpcollab,rce,fileupload
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090 reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-6090
cwe-id: CWE-434
description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
requests: requests:
- raw: - raw:

View File

@ -9,6 +9,11 @@ info:
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
tags: cve,cve2017,rce tags: cve,cve2017,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-7269
cwe-id: CWE-119
requests: requests:
- method: OPTIONS - method: OPTIONS

View File

@ -9,6 +9,11 @@ info:
reference: reference:
- https://github.com/dweeves/magmi-git/issues/522 - https://github.com/dweeves/magmi-git/issues/522
- https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-7391
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -15,6 +15,11 @@ info:
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/ - https://sourceforge.net/projects/mantisbt/files/mantis-stable/
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- https://www.exploit-db.com/exploits/41890 - https://www.exploit-db.com/exploits/41890
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-7615
cwe-id: CWE-640
requests: requests:
- method: GET - method: GET

View File

@ -2,12 +2,17 @@ id: CVE-2017-7921
info: info:
name: Hikvision Authentication Bypass name: Hikvision Authentication Bypass
author: princechaddha author: princechaddha
severity: high severity: critical
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
reference: reference:
- http://www.hikvision.com/us/about_10805.html - http://www.hikvision.com/us/about_10805.html
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
tags: cve,cve2017,auth-bypass tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-7921
cwe-id: CWE-287
requests: requests:
- method: GET - method: GET

View File

@ -2,10 +2,15 @@ id: CVE-2017-8917
info: info:
name: Joomla SQL Injection name: Joomla SQL Injection
author: princechaddha author: princechaddha
severity: high severity: critical
description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
reference: https://www.cvedetails.com/cve/CVE-2017-8917/ reference: https://www.cvedetails.com/cve/CVE-2017-8917/
tags: cve,cve2017,joomla,sqli tags: cve,cve2017,joomla,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-8917
cwe-id: CWE-89
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
tags: cve,cve2017,xss,telerik tags: cve,cve2017,xss,telerik
description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9140
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -7,6 +7,11 @@ info:
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9288
cwe-id: CWE-79
requests: requests:
- method: GET - method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2017-9506
info: info:
name: Jira IconURIServlet SSRF name: Jira IconURIServlet SSRF
author: pdteam author: pdteam
severity: high severity: medium
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
reference: reference:
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344 - https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
tags: cve,cve2017,atlassian,jira,ssrf,oob tags: cve,cve2017,atlassian,jira,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9506
cwe-id: CWE-918
requests: requests:
- raw: - raw:

Some files were not shown because too many files have changed in this diff Show More