Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] 🤖
GitHub Action
parent
11b2ae6eb4
commit
ec58f83a13
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
|
- https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
|
||||||
- https://www.exploit-db.com/exploits/39575
|
- https://www.exploit-db.com/exploits/39575
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10924
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-10924
|
||||||
|
- https://wordpress.org/plugins/ebook-download/#developers
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/46164
|
- https://www.exploit-db.com/exploits/46164
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10093
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-10093
|
||||||
|
- https://www.exploit-db.com/exploits/46164/
|
||||||
|
- http://seclists.org/fulldisclosure/2019/Jan/38
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 8.8
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/45678
|
- https://www.exploit-db.com/exploits/45678
|
||||||
- http://sploit.tech/2018/10/12/D-Link.html
|
- http://sploit.tech/2018/10/12/D-Link.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
|
||||||
|
- https://seclists.org/fulldisclosure/2018/Oct/36
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45676
|
- https://www.exploit-db.com/exploits/45676
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10823
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-10823
|
||||||
|
- https://seclists.org/fulldisclosure/2018/Oct/36
|
||||||
|
- http://sploit.tech/2018/10/12/D-Link.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 8.8
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html
|
- https://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19753
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-19753
|
||||||
|
- http://seclists.org/fulldisclosure/2018/Nov/66
|
||||||
|
- http://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,13 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
|
WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
|
||||||
remediation: |
|
|
||||||
Upgrade to 4.1.15.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/44417
|
- https://www.exploit-db.com/exploits/44417
|
||||||
- https://wpvulndb.com/vulnerabilities/9056
|
- https://wpvulndb.com/vulnerabilities/9056
|
||||||
- https://99robots.com/docs/wp-background-takeover-advertisements/
|
- https://99robots.com/docs/wp-background-takeover-advertisements/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-9118
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-9118
|
||||||
|
remediation: |
|
||||||
|
Upgrade to 4.1.15.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,13 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
|
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
|
||||||
remediation: |
|
|
||||||
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
|
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
|
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
|
||||||
- https://paper.seebug.org/1009/
|
- https://paper.seebug.org/1009/
|
||||||
- https://issues.apache.org/jira/browse/SOLR-13669
|
- https://issues.apache.org/jira/browse/SOLR-13669
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
|
||||||
|
remediation: |
|
||||||
|
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 7.2
|
cvss-score: 7.2
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,13 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
|
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
|
||||||
remediation: |
|
|
||||||
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
|
||||||
reference:
|
reference:
|
||||||
- https://security401.com/grandnode-path-traversal/
|
- https://security401.com/grandnode-path-traversal/
|
||||||
- https://grandnode.com
|
- https://grandnode.com
|
||||||
- https://github.com/grandnode/grandnode
|
- https://github.com/grandnode/grandnode
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-12276
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-12276
|
||||||
|
remediation: |
|
||||||
|
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,13 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
|
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
|
||||||
remediation: |
|
|
||||||
Cisco has released firmware updates that address this vulnerability.
|
|
||||||
reference:
|
reference:
|
||||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
|
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
|
||||||
- https://www.exploit-db.com/exploits/46262/
|
- https://www.exploit-db.com/exploits/46262/
|
||||||
- https://www.exploit-db.com/exploits/46655/
|
- https://www.exploit-db.com/exploits/46655/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1653
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-1653
|
||||||
|
remediation: |
|
||||||
|
Cisco has released firmware updates that address this vulnerability.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
|
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
|
||||||
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
|
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19824
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-19824
|
||||||
|
- https://sploit.tech
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 8.8
|
||||||
|
|
|
||||||
|
|
@ -11,12 +11,12 @@ info:
|
||||||
- https://gist.github.com/mhaskar/2153d66a0928492d76b799ba13b9e3f9
|
- https://gist.github.com/mhaskar/2153d66a0928492d76b799ba13b9e3f9
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20224
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-20224
|
||||||
- https://drive.google.com/file/d/1DkWR5MylzeNr20jmHXTaAIJmf3YN-lnO/view
|
- https://drive.google.com/file/d/1DkWR5MylzeNr20jmHXTaAIJmf3YN-lnO/view
|
||||||
|
remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 8.8
|
||||||
cve-id: CVE-2019-20224
|
cve-id: CVE-2019-20224
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
|
|
||||||
tags: pandorafms,rce,cve,cve2019,authenticated,oast
|
tags: pandorafms,rce,cve,cve2019,authenticated,oast
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue