Replace or remove links to sites that don't resolve based on:
https://www.linkedin.com/feed/update/urn:li:activity:7048714887870500864/patch-1
parent
36649f8aaf
commit
ef8a72868e
|
@ -7,7 +7,6 @@ info:
|
|||
description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/24068
|
||||
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
|
||||
- http://security.gentoo.org/glsa/glsa-200405-16.xml
|
||||
- http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857
|
||||
remediation: Upgrade to the latest version.
|
||||
|
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||
reference:
|
||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||
- https://web.archive.org/web/20211209003818/https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/39837/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
|
||||
reference:
|
||||
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
|
||||
- http://www.sh0w.top/index.php/archives/7/
|
||||
- https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: |
|
||||
OpenCart Divido plugin is susceptible to SQL injection
|
||||
reference:
|
||||
- http://foreversong.cn/archives/1183
|
||||
- https://web.archive.org/web/20220331072310/http://foreversong.cn/archives/1183
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-11231
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
|
|
|
@ -9,6 +9,8 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- https://www.revive-adserver.com/download/
|
||||
metadata:
|
||||
shodan-query: http.title:"OpenX"
|
||||
tags: panel,openx,login
|
||||
|
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: FIneReport 8.0 is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- http://foreversong.cn/archives/1378
|
||||
- https://web.archive.org/web/20200506020241/http://foreversong.cn/archives/1378
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
|
Loading…
Reference in New Issue