Added cve annotations + severity adjustments

patch-1
Ice3man543 2021-09-10 16:56:40 +05:30
parent cf4ef2ac5a
commit e9f728c321
547 changed files with 2998 additions and 143 deletions

View File

@ -10,6 +10,11 @@ info:
- https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140
tags: cve,cve2011,xss,tikiwiki
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2011-4336
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
author: geeknik
severity: critical
tags: cve,cve2014,sqli,lighttpd
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-2323
cwe-id: CWE-89
requests:
- raw:

View File

@ -9,6 +9,11 @@ info:
- https://snyk.io/vuln/npm:st:20140206
severity: high
tags: cve,cve2014,lfi,nodejs,st
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2014-3744
cwe-id: CWE-22
requests:
- method: GET

View File

@ -8,6 +8,7 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4535
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4536
cwe-id: CWE-79
description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
requests:
- method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2014-6271
info:
name: Shellshock
author: pentest_swissky
severity: high
severity: critical
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
reference:
- http://www.kb.cert.org/vuls/id/252743
- http://www.us-cert.gov/ncas/alerts/TA14-268A
tags: cve,cve2014,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-6271
cwe-id: CWE-78
requests:
- method: GET
path:

View File

@ -6,6 +6,7 @@ info:
severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi
description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
requests:
- method: GET

View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
requests:
- method: GET

View File

@ -3,7 +3,7 @@ id: CVE-2015-2080
info:
name: Eclipse Jetty Remote Leakage
author: pikpikcu
severity: medium
severity: high
reference:
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
@ -11,6 +11,11 @@ info:
description: |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
tags: cve,cve2015,jetty
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-2080
cwe-id: CWE-200
requests:
- method: POST

View File

@ -8,6 +8,7 @@ info:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
requests:
- method: GET

View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
tags: cve,cve2015,xss,itop
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-6544
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
tags: cve,cve2015,xss,sourcebans
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-8349
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,11 @@ info:
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
tags: cve,cve2015,atlassian,confluence
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4.30
cve-id: CVE-2015-8399
cwe-id: CWE-200
requests:
- method: GET

View File

@ -9,6 +9,11 @@ info:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
tags: cve,cve2015,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
cvss-score: 8.20
cve-id: CVE-2015-8813
cwe-id: CWE-918
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
tags: cve,cve2015,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-9414
cwe-id: CWE-79
description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-9480
cwe-id: CWE-22
description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
requests:
- method: GET

View File

@ -7,6 +7,10 @@ info:
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
severity: high
tags: cve,cve2016,adobe,aem
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-0957
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000126
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000127
cwe-id: CWE-79
requests:
- method: GET

View File

@ -9,6 +9,11 @@ info:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000128
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000129
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin e-search v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000130
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000131
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin e-search v1.0"
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000132
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000133
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000134
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000135
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000137
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000138
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000139
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000140
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000146
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000148
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin s3-video v0.983"
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000149
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin tidio-form v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000152
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000153
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin whizz v1.0.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000154
cwe-id: CWE-79
requests:
- method: GET

View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000155
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
requests:
- method: GET

View File

@ -2,10 +2,15 @@ id: CVE-2016-10033
info:
name: Wordpress 4.6 Remote Code Execution
author: princechaddha
severity: high
severity: critical
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
tags: wordpress,cve,cve2016,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-10033
cwe-id: CWE-77
requests:
- raw:

View File

@ -9,6 +9,11 @@ info:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-10956
cwe-id: CWE-20
requests:
- method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2016-10960
info:
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
author: daffainfo
severity: critical
severity: high
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
tags: cve,cve2016,wordpress,wp-plugin,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-10960
cwe-id: CWE-20
requests:
- method: POST

View File

@ -8,6 +8,12 @@ info:
- https://www.vulnerability-lab.com/get_content.php?id=1808
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
tags: cve,cve2016,wordpress,wp-theme,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2016-10993
cwe-id: CWE-79
description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
requests:
- method: GET

View File

@ -9,6 +9,11 @@ info:
reference:
- https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-2004
cwe-id: CWE-306
network:
- inputs:

View File

@ -9,6 +9,11 @@ info:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-2389
cwe-id: CWE-22
requests:
- method: GET

View File

@ -10,6 +10,11 @@ info:
- https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html
tags: cve,cve2016,struts,rce,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2016-3081
cwe-id: CWE-77
requests:
- raw:

View File

@ -7,6 +7,11 @@ info:
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
tags: cve,cve2016,iot,netgear,router
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-5649
cwe-id: CWE-200
requests:
- raw:

View File

@ -3,12 +3,17 @@ id: CVE-2016-6277
info:
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
author: pikpikcu
severity: critical
severity: high
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
tags: cve,cves2016,netgear,rce,iot
reference:
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-6277
cwe-id: CWE-352
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
tags: cve,cve2016,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-7552
cwe-id: CWE-22
requests:
- method: GET

View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
tags: cve,cve2016,xss,spip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-7981
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
reference: https://www.exploit-db.com/exploits/45196
tags: cve,cve2017,oracle,glassfish,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000028
cwe-id: CWE-22
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
reference: https://www.exploit-db.com/exploits/49693
description: jqueryFileTree 2.1.5 and older Directory Traversal
tags: cve,cve2017,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000170
cwe-id: CWE-22
requests:
- method: POST

View File

@ -11,6 +11,11 @@ info:
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
tags: cve,cve2017,primetek,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-1000486
cwe-id: CWE-326
requests:
- raw:

View File

@ -3,10 +3,14 @@ id: CVE-2017-10075
info:
name: Oracle Content Server XSS
author: madrobot
severity: medium
severity: high
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
tags: cve,cve2017,xss,oracle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
cvss-score: 8.20
cve-id: CVE-2017-10075
requests:
- method: GET

View File

@ -9,6 +9,10 @@ info:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
tags: cve,cve2017,rce,oracle,weblogic
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.50
cve-id: CVE-2017-10271
requests:
- raw:

View File

@ -3,12 +3,17 @@ id: CVE-2017-11444
info:
name: Subrion CMS SQL Injection
author: dwisiswant0
severity: high
severity: critical
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
reference:
- https://github.com/intelliants/subrion/issues/479
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
tags: cve,cve2017,sqli,subrion
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-11444
cwe-id: CWE-89
requests:
- method: GET

View File

@ -10,6 +10,11 @@ info:
- https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
tags: cve,cve2017,java,rce,deserialization
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12149
cwe-id: CWE-502
requests:
- raw:

View File

@ -9,6 +9,10 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542
- https://www.exploit-db.com/exploits/44005
tags: cve,cve2017,ilo4,hpe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-12542
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
reference: https://struts.apache.org/docs/s2-053.html
tags: cve,cve2017,apache,rce,struts
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12611
cwe-id: CWE-20
requests:
- method: POST

View File

@ -3,7 +3,7 @@ id: CVE-2017-12615
info:
name: Apache Tomcat RCE
author: pikpikcu
severity: critical
severity: high
tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: |
@ -11,6 +11,11 @@ info:
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-12615
cwe-id: CWE-434
requests:
- method: PUT

View File

@ -10,6 +10,12 @@ info:
- https://twitter.com/honoki/status/1298636315613974532
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12629
cwe-id: CWE-611
description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr."
requests:
- raw:

View File

@ -3,10 +3,15 @@ id: CVE-2017-12635
info:
name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
author: pikpikcu
severity: high
severity: critical
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
reference: https://github.com/assalielmehdi/CVE-2017-12635
tags: cve,cve2017,couchdb
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12635
cwe-id: CWE-269
requests:
- raw:

View File

@ -10,6 +10,11 @@ info:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-12637
cwe-id: CWE-22
requests:
- method: GET

View File

@ -10,6 +10,11 @@ info:
description: |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
tags: xss,django,cve,cve2017
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-12794
cwe-id: CWE-79
requests:
- method: GET

View File

@ -8,6 +8,12 @@ info:
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-14535
cwe-id: CWE-78
description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
requests:
- raw:

View File

@ -10,6 +10,11 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.50
cve-id: CVE-2017-14537
cwe-id: CWE-22
requests:
- raw:

View File

@ -6,6 +6,15 @@ info:
severity: medium
description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
tags: cve,cve2017,wso2,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.80
cve-id: CVE-2017-14651
cwe-id: CWE-79
reference:
- https://github.com/cybersecurityworks/Disclosed/issues/15
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
requests:
- method: GET

View File

@ -6,6 +6,15 @@ info:
severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
tags: cve,cve2017,nodejs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-14849
cwe-id: CWE-22
reference:
- https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- http://www.securityfocus.com/bid/101056
requests:
- method: GET

View File

@ -3,12 +3,17 @@ id: CVE-2017-15647
info:
name: FiberHome - Directory Traversal
author: daffainfo
severity: medium
severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference:
- https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-15647
cwe-id: CWE-22
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
severity: high
tags: cve,cve2017,apache,httpd,fileupload
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-15715
cwe-id: CWE-20
requests:
- raw:

View File

@ -7,8 +7,12 @@ info:
reference:
- https://www.exploit-db.com/exploits/43342
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: high
severity: critical
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-15944
requests:
- raw:

View File

@ -6,6 +6,12 @@ info:
reference: https://www.exploit-db.com/exploits/43141
severity: high
tags: cve,cve2017,ulterius,traversal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16806
cwe-id: CWE-22
description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal."
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
tags: cve,cve2017,nextjs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16877
cwe-id: CWE-22
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17043
cwe-id: CWE-79
requests:
- method: GET

View File

@ -9,6 +9,11 @@ info:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17059
cwe-id: CWE-79
requests:
- method: POST

View File

@ -7,6 +7,11 @@ info:
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17451
cwe-id: CWE-79
requests:
- method: GET

View File

@ -10,6 +10,11 @@ info:
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
severity: high
tags: cve,cve2017,rce,embedthis,goahead,fuzz
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-17562
cwe-id: CWE-20
requests:
- raw:

View File

@ -11,6 +11,11 @@ info:
description: |
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
tags: cve,cve2017,xss,avantfax
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18024
cwe-id: CWE-79
requests:
- raw:

View File

@ -7,6 +7,11 @@ info:
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18536
cwe-id: CWE-79
requests:
- method: GET

View File

@ -11,6 +11,11 @@ info:
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
tags: cve,cve2017,graphite,ssrf,oob
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-18638
cwe-id: CWE-918
requests:
- method: GET

View File

@ -9,6 +9,10 @@ info:
reference:
- https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.40
cve-id: CVE-2017-3506
requests:
- raw:

View File

@ -3,11 +3,17 @@ id: CVE-2017-3528
info:
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
author: 0x_Akoko
severity: low
severity: medium
reference:
- https://blog.zsec.uk/cve-2017-3528/
- https://www.exploit-db.com/exploits/43592
tags: oracle,redirect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2017-3528
cwe-id: CWE-601
description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
requests:
- method: GET

View File

@ -10,6 +10,11 @@ info:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
tags: cve,cve2017,cisco,rce,network
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-3881
cwe-id: CWE-20
network:
- inputs:

View File

@ -10,6 +10,11 @@ info:
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
tags: cve,cve2017,mcafee,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-4011
cwe-id: CWE-79
requests:
- method: GET

View File

@ -3,12 +3,17 @@ id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik
severity: info
severity: medium
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2017-5487
cwe-id: CWE-200
requests:
- method: GET

View File

@ -2,12 +2,17 @@ id: CVE-2017-5521
info:
name: Bypassing Authentication on NETGEAR Routers
author: princechaddha
severity: medium
severity: high
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
reference:
- https://www.cvedetails.com/cve/CVE-2017-5521/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-5521
cwe-id: CWE-200
requests:
- method: GET

View File

@ -6,6 +6,11 @@ info:
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce,apache
reference: https://github.com/mazen160/struts-pwn
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-5638
cwe-id: CWE-20
requests:
- raw:

View File

@ -3,9 +3,15 @@ id: CVE-2017-6090
info:
name: PhpCollab (unauthenticated) Arbitrary File Upload
author: pikpikcu
severity: critical
severity: high
tags: cve,cve2017,phpcollab,rce,fileupload
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-6090
cwe-id: CWE-434
description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
requests:
- raw:

View File

@ -9,6 +9,11 @@ info:
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
tags: cve,cve2017,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-7269
cwe-id: CWE-119
requests:
- method: OPTIONS

View File

@ -9,6 +9,11 @@ info:
reference:
- https://github.com/dweeves/magmi-git/issues/522
- https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-7391
cwe-id: CWE-79
requests:
- method: GET

View File

@ -15,6 +15,11 @@ info:
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- https://www.exploit-db.com/exploits/41890
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-7615
cwe-id: CWE-640
requests:
- method: GET

View File

@ -2,12 +2,17 @@ id: CVE-2017-7921
info:
name: Hikvision Authentication Bypass
author: princechaddha
severity: high
severity: critical
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
reference:
- http://www.hikvision.com/us/about_10805.html
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-7921
cwe-id: CWE-287
requests:
- method: GET

View File

@ -2,10 +2,15 @@ id: CVE-2017-8917
info:
name: Joomla SQL Injection
author: princechaddha
severity: high
severity: critical
description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
reference: https://www.cvedetails.com/cve/CVE-2017-8917/
tags: cve,cve2017,joomla,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-8917
cwe-id: CWE-89
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
tags: cve,cve2017,xss,telerik
description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9140
cwe-id: CWE-79
requests:
- method: GET

View File

@ -7,6 +7,11 @@ info:
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9288
cwe-id: CWE-79
requests:
- method: GET

View File

@ -3,13 +3,18 @@ id: CVE-2017-9506
info:
name: Jira IconURIServlet SSRF
author: pdteam
severity: high
severity: medium
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
reference:
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
tags: cve,cve2017,atlassian,jira,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9506
cwe-id: CWE-918
requests:
- raw:

Some files were not shown because too many files have changed in this diff Show More