diff --git a/cves.json b/cves.json index 6959fa0181..4905cc85db 100644 --- a/cves.json +++ b/cves.json @@ -351,7 +351,7 @@ {"ID":"CVE-2016-10956","Info":{"Name":"WordPress Mail Masta 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10956.yaml"} {"ID":"CVE-2016-10960","Info":{"Name":"WordPress wSecure Lite \u003c 2.4 - Remote Code Execution","Severity":"high","Description":"WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-10960.yaml"} {"ID":"CVE-2016-10973","Info":{"Name":"Brafton WordPress Plugin \u003c 3.4.8 - Cross-Site Scripting","Severity":"medium","Description":"The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10973.yaml"} -{"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"} +{"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"} {"ID":"CVE-2016-1555","Info":{"Name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","Severity":"critical","Description":"NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-1555.yaml"} {"ID":"CVE-2016-2389","Info":{"Name":"SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion","Severity":"high","Description":"SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-2389.yaml"} {"ID":"CVE-2016-3081","Info":{"Name":"Apache S2-032 Struts - Remote Code Execution","Severity":"high","Description":"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2016/CVE-2016-3081.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 716c0fb175..4bd8174d7f 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -70ec4e132bf5f0a5c3a4325d6a647f3a +ceaa92ae30170d1f50df8be86bd9762d