{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"medium","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"} {"ID":"CVE-2000-0760","Info":{"Name":"Jakarta Tomcat 3.1 and 3.0 - Exposure","Severity":"low","Description":"The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2000/CVE-2000-0760.yaml"} {"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"critical","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"} {"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"high","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"} {"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"} {"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"} {"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"} {"ID":"CVE-2005-3344","Info":{"Name":"Horde Groupware Unauthenticated Admin Access","Severity":"critical","Description":"Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2005/CVE-2005-3344.yaml"} {"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"} {"ID":"CVE-2005-4385","Info":{"Name":"Cofax \u003c=2.0RC3 - Cross-Site Scripting","Severity":"medium","Description":"Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2005/CVE-2005-4385.yaml"} {"ID":"CVE-2006-1681","Info":{"Name":"Cherokee HTTPD \u003c=0.5 - Cross-Site Scripting","Severity":"medium","Description":"Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2006/CVE-2006-1681.yaml"} {"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"} {"ID":"CVE-2007-0885","Info":{"Name":"Jira Rainbow.Zen - Cross-Site Scripting","Severity":"medium","Description":"Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-0885.yaml"} {"ID":"CVE-2007-2449","Info":{"Name":"Apache Tomcat 4.x-7.x - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2007/CVE-2007-2449.yaml"} {"ID":"CVE-2007-3010","Info":{"Name":"Alcatel-Lucent OmniPCX - Remote Command Execution","Severity":"critical","Description":"The OmniPCX web interface has a script \"masterCGI\" with a remote command execution vulnerability via the \"user\" parameter.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2007/CVE-2007-3010.yaml"} {"ID":"CVE-2007-4504","Info":{"Name":"Joomla! RSfiles \u003c=1.0.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2007/CVE-2007-4504.yaml"} {"ID":"CVE-2007-4556","Info":{"Name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","Severity":"medium","Description":"Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for\"m input beginning with a \"%{\" sequence and ending with a \"}\" character.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-4556.yaml"} {"ID":"CVE-2007-5728","Info":{"Name":"phpPgAdmin \u003c=4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2007/CVE-2007-5728.yaml"} {"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"} {"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"} {"ID":"CVE-2008-1547","Info":{"Name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","Severity":"medium","Description":"Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1547.yaml"} {"ID":"CVE-2008-2398","Info":{"Name":"AppServ Open Project \u003c=2.5.10 - Cross-Site Scripting","Severity":"medium","Description":"AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-2398.yaml"} {"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"medium","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"} {"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"critical","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"} {"ID":"CVE-2008-4764","Info":{"Name":"Joomla! \u003c=2.0.0 RC2 - Local File Inclusion","Severity":"medium","Description":"Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-4764.yaml"} {"ID":"CVE-2008-5587","Info":{"Name":"phpPgAdmin \u003c=4.2.1 - Local File Inclusion","Severity":"medium","Description":"phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-5587.yaml"} {"ID":"CVE-2008-6080","Info":{"Name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6080.yaml"} {"ID":"CVE-2008-6172","Info":{"Name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-6172.yaml"} {"ID":"CVE-2008-6222","Info":{"Name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6222.yaml"} {"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"} {"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"medium","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"} {"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"medium","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"} {"ID":"CVE-2008-7269","Info":{"Name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2008/CVE-2008-7269.yaml"} {"ID":"CVE-2009-0347","Info":{"Name":"Autonomy Ultraseek - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-0347.yaml"} {"ID":"CVE-2009-0545","Info":{"Name":"ZeroShell \u003c= 1.0beta11 Remote Code Execution","Severity":"critical","Description":"ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-0545.yaml"} {"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"medium","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"} {"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"high","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"} {"ID":"CVE-2009-1496","Info":{"Name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","Severity":"medium","Description":"Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-1496.yaml"} {"ID":"CVE-2009-1558","Info":{"Name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","Severity":"high","Description":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2009/CVE-2009-1558.yaml"} {"ID":"CVE-2009-1872","Info":{"Name":"Adobe Coldfusion \u003c=8.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2009/CVE-2009-1872.yaml"} {"ID":"CVE-2009-2015","Info":{"Name":"Joomla! MooFAQ 1.0 - Local File Inclusion","Severity":"high","Description":"Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-2015.yaml"} {"ID":"CVE-2009-2100","Info":{"Name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","Severity":"medium","Description":"Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-2100.yaml"} {"ID":"CVE-2009-3053","Info":{"Name":"Joomla! Agora 3.0.0b - Local File Inclusion","Severity":"medium","Description":"Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2009/CVE-2009-3053.yaml"} {"ID":"CVE-2009-3318","Info":{"Name":"Joomla! Roland Breedveld Album 1.14 - Local File Inclusion","Severity":"high","Description":"Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-3318.yaml"} {"ID":"CVE-2009-4202","Info":{"Name":"Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion","Severity":"high","Description":"Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4202.yaml"} {"ID":"CVE-2009-4223","Info":{"Name":"KR-Web \u003c=1.1b2 - Remote File Inclusion","Severity":"high","Description":"KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4223.yaml"} {"ID":"CVE-2009-4679","Info":{"Name":"Joomla! Portfolio Nexus - Remote File Inclusion","Severity":"high","Description":"Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4679.yaml"} {"ID":"CVE-2009-5020","Info":{"Name":"AWStats \u003c 6.95 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability in awredir.pl in AWStats \u003c 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-5020.yaml"} {"ID":"CVE-2009-5114","Info":{"Name":"WebGlimpse 2.18.7 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-5114.yaml"} {"ID":"CVE-2010-0157","Info":{"Name":"Joomla! Component com_biblestudy - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0157.yaml"} {"ID":"CVE-2010-0219","Info":{"Name":"Apache Axis2 Default Login","Severity":"critical","Description":"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-0219.yaml"} {"ID":"CVE-2010-0467","Info":{"Name":"Joomla! Component CCNewsLetter - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2010/CVE-2010-0467.yaml"} {"ID":"CVE-2010-0696","Info":{"Name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0696.yaml"} {"ID":"CVE-2010-0759","Info":{"Name":"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0759.yaml"} {"ID":"CVE-2010-0942","Info":{"Name":"Joomla! Component com_jvideodirect - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0942.yaml"} {"ID":"CVE-2010-0943","Info":{"Name":"Joomla! Component com_jashowcase - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0943.yaml"} {"ID":"CVE-2010-0944","Info":{"Name":"Joomla! Component com_jcollection - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0944.yaml"} {"ID":"CVE-2010-0972","Info":{"Name":"Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0972.yaml"} {"ID":"CVE-2010-0982","Info":{"Name":"Joomla! Component com_cartweberp - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-0982.yaml"} {"ID":"CVE-2010-0985","Info":{"Name":"Joomla! Component com_abbrev - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0985.yaml"} {"ID":"CVE-2010-1056","Info":{"Name":"Joomla! Component com_rokdownloads - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1056.yaml"} {"ID":"CVE-2010-1081","Info":{"Name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1081.yaml"} {"ID":"CVE-2010-1217","Info":{"Name":"Joomla! Component \u0026 Plugin JE Tooltip 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1217.yaml"} {"ID":"CVE-2010-1219","Info":{"Name":"Joomla! Component com_janews - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1219.yaml"} {"ID":"CVE-2010-1302","Info":{"Name":"Joomla! Component DW Graph - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1302.yaml"} {"ID":"CVE-2010-1304","Info":{"Name":"Joomla! Component User Status - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1304.yaml"} {"ID":"CVE-2010-1305","Info":{"Name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1305.yaml"} {"ID":"CVE-2010-1306","Info":{"Name":"Joomla! Component Picasa 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1306.yaml"} {"ID":"CVE-2010-1307","Info":{"Name":"Joomla! Component Magic Updater - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1307.yaml"} {"ID":"CVE-2010-1308","Info":{"Name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1308.yaml"} {"ID":"CVE-2010-1312","Info":{"Name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1312.yaml"} {"ID":"CVE-2010-1313","Info":{"Name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1313.yaml"} {"ID":"CVE-2010-1314","Info":{"Name":"Joomla! Component Highslide 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1314.yaml"} {"ID":"CVE-2010-1315","Info":{"Name":"Joomla! Component webERPcustomer - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1315.yaml"} {"ID":"CVE-2010-1340","Info":{"Name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1340.yaml"} {"ID":"CVE-2010-1345","Info":{"Name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1345.yaml"} {"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1352.yaml"} {"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1353.yaml"} {"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1354.yaml"} {"ID":"CVE-2010-1429","Info":{"Name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","Severity":"medium","Description":"Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1429.yaml"} {"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1461.yaml"} {"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1469.yaml"} {"ID":"CVE-2010-1470","Info":{"Name":"Joomla! Component Web TV 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1470.yaml"} {"ID":"CVE-2010-1471","Info":{"Name":"Joomla! Component Address Book 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1471.yaml"} {"ID":"CVE-2010-1472","Info":{"Name":"Joomla! Component Horoscope 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1472.yaml"} {"ID":"CVE-2010-1473","Info":{"Name":"Joomla! Component Advertising 0.25 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1473.yaml"} {"ID":"CVE-2010-1474","Info":{"Name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1474.yaml"} {"ID":"CVE-2010-1475","Info":{"Name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Preventive \u0026 Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1475.yaml"} {"ID":"CVE-2010-1476","Info":{"Name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1476.yaml"} {"ID":"CVE-2010-1478","Info":{"Name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1478.yaml"} {"ID":"CVE-2010-1491","Info":{"Name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1491.yaml"} {"ID":"CVE-2010-1494","Info":{"Name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1494.yaml"} {"ID":"CVE-2010-1495","Info":{"Name":"Joomla! Component Matamko 1.01 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1495.yaml"} {"ID":"CVE-2010-1531","Info":{"Name":"Joomla! Component redSHOP 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1531.yaml"} {"ID":"CVE-2010-1532","Info":{"Name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1532.yaml"} {"ID":"CVE-2010-1533","Info":{"Name":"Joomla! Component TweetLA 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1533.yaml"} {"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"} {"ID":"CVE-2010-1535","Info":{"Name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1535.yaml"} {"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"} {"ID":"CVE-2010-1586","Info":{"Name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1586.yaml"} {"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"} {"ID":"CVE-2010-1602","Info":{"Name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1602.yaml"} {"ID":"CVE-2010-1603","Info":{"Name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1603.yaml"} {"ID":"CVE-2010-1607","Info":{"Name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1607.yaml"} {"ID":"CVE-2010-1653","Info":{"Name":"Joomla! Component Graphics 1.0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1653.yaml"} {"ID":"CVE-2010-1657","Info":{"Name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1657.yaml"} {"ID":"CVE-2010-1658","Info":{"Name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1658.yaml"} {"ID":"CVE-2010-1659","Info":{"Name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1659.yaml"} {"ID":"CVE-2010-1714","Info":{"Name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1714.yaml"} {"ID":"CVE-2010-1715","Info":{"Name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1715.yaml"} {"ID":"CVE-2010-1717","Info":{"Name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1717.yaml"} {"ID":"CVE-2010-1718","Info":{"Name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1718.yaml"} {"ID":"CVE-2010-1719","Info":{"Name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1719.yaml"} {"ID":"CVE-2010-1722","Info":{"Name":"Joomla! Component Online Market 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1722.yaml"} {"ID":"CVE-2010-1723","Info":{"Name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1723.yaml"} {"ID":"CVE-2010-1858","Info":{"Name":"Joomla! Component SMEStorage - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1858.yaml"} {"ID":"CVE-2010-1870","Info":{"Name":"ListSERV Maestro \u003c= 9.0-8 RCE","Severity":"medium","Description":"A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1870.yaml"} {"ID":"CVE-2010-1875","Info":{"Name":"Joomla! Component Property - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1875.yaml"} {"ID":"CVE-2010-1878","Info":{"Name":"Joomla! Component OrgChart 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1878.yaml"} {"ID":"CVE-2010-1952","Info":{"Name":"Joomla! Component BeeHeard 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1952.yaml"} {"ID":"CVE-2010-1953","Info":{"Name":"Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1953.yaml"} {"ID":"CVE-2010-1954","Info":{"Name":"Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1954.yaml"} {"ID":"CVE-2010-1955","Info":{"Name":"Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1955.yaml"} {"ID":"CVE-2010-1956","Info":{"Name":"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1956.yaml"} {"ID":"CVE-2010-1957","Info":{"Name":"Joomla! Component Love Factory 1.3.4 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1957.yaml"} {"ID":"CVE-2010-1977","Info":{"Name":"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1977.yaml"} {"ID":"CVE-2010-1979","Info":{"Name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1979.yaml"} {"ID":"CVE-2010-1980","Info":{"Name":"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1980.yaml"} {"ID":"CVE-2010-1981","Info":{"Name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1981.yaml"} {"ID":"CVE-2010-1982","Info":{"Name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1982.yaml"} {"ID":"CVE-2010-1983","Info":{"Name":"Joomla! Component redTWITTER 1.0 - Local File Inclusion","Severity":"high","Description":"A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1983.yaml"} {"ID":"CVE-2010-2033","Info":{"Name":"Joomla! Percha Categories Tree 0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2033.yaml"} {"ID":"CVE-2010-2034","Info":{"Name":"Joomla! Component Percha Image Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2034.yaml"} {"ID":"CVE-2010-2035","Info":{"Name":"Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2035.yaml"} {"ID":"CVE-2010-2036","Info":{"Name":"Joomla! Component Percha Fields Attach 1.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2036.yaml"} {"ID":"CVE-2010-2037","Info":{"Name":"Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2037.yaml"} {"ID":"CVE-2010-2045","Info":{"Name":"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2045.yaml"} {"ID":"CVE-2010-2050","Info":{"Name":"Joomla! Component MS Comment 0.8.0b - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2050.yaml"} {"ID":"CVE-2010-2122","Info":{"Name":"Joomla! Component simpledownload \u003c=0.9.5 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2122.yaml"} {"ID":"CVE-2010-2128","Info":{"Name":"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2128.yaml"} {"ID":"CVE-2010-2259","Info":{"Name":"Joomla! Component com_bfsurvey - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2259.yaml"} {"ID":"CVE-2010-2307","Info":{"Name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) \"//\" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-2307.yaml"} {"ID":"CVE-2010-2507","Info":{"Name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2507.yaml"} {"ID":"CVE-2010-2680","Info":{"Name":"Joomla! Component jesectionfinder - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2680.yaml"} {"ID":"CVE-2010-2682","Info":{"Name":"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2682.yaml"} {"ID":"CVE-2010-2857","Info":{"Name":"Joomla! Component Music Manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2857.yaml"} {"ID":"CVE-2010-2861","Info":{"Name":"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2861.yaml"} {"ID":"CVE-2010-2918","Info":{"Name":"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion","Severity":"high","Description":"A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2918.yaml"} {"ID":"CVE-2010-2920","Info":{"Name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2920.yaml"} {"ID":"CVE-2010-3203","Info":{"Name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-3203.yaml"} {"ID":"CVE-2010-3426","Info":{"Name":"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-3426.yaml"} {"ID":"CVE-2010-4231","Info":{"Name":"Camtron CMNC-200 IP Camera - Directory Traversal","Severity":"high","Description":"The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2010/CVE-2010-4231.yaml"} {"ID":"CVE-2010-4239","Info":{"Name":"Tiki Wiki CMS Groupware 5.2 - Local File Inclusion","Severity":"critical","Description":"Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2010/CVE-2010-4239.yaml"} {"ID":"CVE-2010-4282","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4282.yaml"} {"ID":"CVE-2010-4617","Info":{"Name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-4617.yaml"} {"ID":"CVE-2010-4719","Info":{"Name":"Joomla! Component JRadio - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4719.yaml"} {"ID":"CVE-2010-4769","Info":{"Name":"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4769.yaml"} {"ID":"CVE-2010-4977","Info":{"Name":"Joomla! Component Canteen 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4977.yaml"} {"ID":"CVE-2010-5028","Info":{"Name":"Joomla! Component JE Job 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-5028.yaml"} {"ID":"CVE-2010-5278","Info":{"Name":"MODx manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-5278.yaml"} {"ID":"CVE-2010-5286","Info":{"Name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","Severity":"critical","Description":"A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-5286.yaml"} {"ID":"CVE-2011-0049","Info":{"Name":"Majordomo2 - SMTP/HTTP Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-0049.yaml"} {"ID":"CVE-2011-1669","Info":{"Name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-1669.yaml"} {"ID":"CVE-2011-2744","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2011/CVE-2011-2744.yaml"} {"ID":"CVE-2011-2780","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-2780.yaml"} {"ID":"CVE-2011-3315","Info":{"Name":"Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2011/CVE-2011-3315.yaml"} {"ID":"CVE-2011-4336","Info":{"Name":"Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting","Severity":"medium","Description":"Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET \"ajax\" parameter to snarf_ajax.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2011/CVE-2011-4336.yaml"} {"ID":"CVE-2011-4618","Info":{"Name":"Advanced Text Widget \u003c 2.0.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4618.yaml"} {"ID":"CVE-2011-4624","Info":{"Name":"GRAND FlAGallery 1.57 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4624.yaml"} {"ID":"CVE-2011-4640","Info":{"Name":"WebTitan \u003c 3.60 - Local File Inclusion","Severity":"medium","Description":"Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.\n","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2011/CVE-2011-4640.yaml"} {"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"} {"ID":"CVE-2011-4926","Info":{"Name":"Adminimize 1.7.22 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4926.yaml"} {"ID":"CVE-2011-5106","Info":{"Name":"WordPress Plugin Flexible Custom Post Type \u003c 0.1.7 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5106.yaml"} {"ID":"CVE-2011-5107","Info":{"Name":"Alert Before Your Post \u003c= 0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5107.yaml"} {"ID":"CVE-2011-5179","Info":{"Name":"Skysa App Bar 1.04 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5179.yaml"} {"ID":"CVE-2011-5181","Info":{"Name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5181.yaml"} {"ID":"CVE-2011-5252","Info":{"Name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2011/CVE-2011-5252.yaml"} {"ID":"CVE-2011-5265","Info":{"Name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5265.yaml"} {"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"medium","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"} {"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"medium","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"} {"ID":"CVE-2012-0896","Info":{"Name":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","Severity":"medium","Description":"An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0896.yaml"} {"ID":"CVE-2012-0901","Info":{"Name":"YouSayToo auto-publishing 1.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-0901.yaml"} {"ID":"CVE-2012-0981","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0981.yaml"} {"ID":"CVE-2012-0991","Info":{"Name":"OpenEMR 4.1 - Local File Inclusion","Severity":"low","Description":"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2012/CVE-2012-0991.yaml"} {"ID":"CVE-2012-0996","Info":{"Name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0996.yaml"} {"ID":"CVE-2012-1226","Info":{"Name":"Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1226.yaml"} {"ID":"CVE-2012-1823","Info":{"Name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","Severity":"high","Description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1823.yaml"} {"ID":"CVE-2012-1835","Info":{"Name":"WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-1835.yaml"} {"ID":"CVE-2012-2371","Info":{"Name":"WP-FaceThumb 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-2371.yaml"} {"ID":"CVE-2012-3153","Info":{"Name":"Oracle Forms \u0026 Reports RCE (CVE-2012-3152 \u0026 CVE-2012-3153)","Severity":"medium","Description":"An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,\n11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown\nvectors related to Report Server Component.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-3153.yaml"} {"ID":"CVE-2012-4032","Info":{"Name":"WebsitePanel before v1.2.2.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4032.yaml"} {"ID":"CVE-2012-4242","Info":{"Name":"WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4242.yaml"} {"ID":"CVE-2012-4253","Info":{"Name":"MySQLDumper 1.24.4 - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4253.yaml"} {"ID":"CVE-2012-4273","Info":{"Name":"2 Click Socialmedia Buttons \u003c 0.34 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4273.yaml"} {"ID":"CVE-2012-4547","Info":{"Name":"AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting","Severity":"medium","Description":"AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4547.yaml"} {"ID":"CVE-2012-4768","Info":{"Name":"WordPress Plugin Download Monitor \u003c 3.3.5.9 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4768.yaml"} {"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"medium","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"} {"ID":"CVE-2012-4889","Info":{"Name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4889.yaml"} {"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"} {"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"} {"ID":"CVE-2012-5321","Info":{"Name":"TikiWiki CMS Groupware v8.3 - Open Redirect","Severity":"medium","Description":"tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-5321.yaml"} {"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"} {"ID":"CVE-2012-6499","Info":{"Name":"WordPress Plugin Age Verification v0.4 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-6499.yaml"} {"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"} {"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"} {"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"} {"ID":"CVE-2013-2287","Info":{"Name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-2287.yaml"} {"ID":"CVE-2013-2621","Info":{"Name":"Telaen =\u003e v1.3.1 - Open Redirect","Severity":"medium","Description":"Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2621.yaml"} {"ID":"CVE-2013-3526","Info":{"Name":"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.\"","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-3526.yaml"} {"ID":"CVE-2013-3827","Info":{"Name":"Javafaces LFI","Severity":"medium","Description":"An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-3827.yaml"} {"ID":"CVE-2013-4117","Info":{"Name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4117.yaml"} {"ID":"CVE-2013-4625","Info":{"Name":"WordPress Plugin Duplicator \u003c 0.4.5 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4625.yaml"} {"ID":"CVE-2013-5528","Info":{"Name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2013/CVE-2013-5528.yaml"} {"ID":"CVE-2013-5979","Info":{"Name":"Xibo 1.2.2/1.4.1 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-5979.yaml"} {"ID":"CVE-2013-6281","Info":{"Name":"WordPress Spreadsheet - Cross-Site Scripting","Severity":"medium","Description":"WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-6281.yaml"} {"ID":"CVE-2013-7091","Info":{"Name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7091.yaml"} {"ID":"CVE-2013-7240","Info":{"Name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7240.yaml"} {"ID":"CVE-2013-7285","Info":{"Name":"XStream \u003c1.4.6/1.4.10 - Remote Code Execution","Severity":"critical","Description":"Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2013/CVE-2013-7285.yaml"} {"ID":"CVE-2014-10037","Info":{"Name":"DomPHP 0.83 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-10037.yaml"} {"ID":"CVE-2014-1203","Info":{"Name":"Eyou E-Mail \u003c3.6 - Remote Code Execution","Severity":"critical","Description":"Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-1203.yaml"} {"ID":"CVE-2014-2321","Info":{"Name":"ZTE Cable Modem Web Shell","Severity":"critical","Description":"ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-2321.yaml"} {"ID":"CVE-2014-2323","Info":{"Name":"Lighttpd 1.4.34 SQL Injection and Path Traversal","Severity":"critical","Description":"A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-2323.yaml"} {"ID":"CVE-2014-2383","Info":{"Name":"Dompdf \u003c v0.6.0 - Local File Inclusion","Severity":"medium","Description":"A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-2383.yaml"} {"ID":"CVE-2014-2908","Info":{"Name":"Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-2908.yaml"} {"ID":"CVE-2014-2962","Info":{"Name":"Belkin N150 Router 1.00.08/1.00.09 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2014/CVE-2014-2962.yaml"} {"ID":"CVE-2014-3120","Info":{"Name":"ElasticSearch v1.1.1/1.2 RCE","Severity":"medium","Description":"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-3120.yaml"} {"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"} {"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"} {"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"} {"ID":"CVE-2014-4210","Info":{"Name":"Oracle Weblogic - Server-Side Request Forgery","Severity":"medium","Description":"An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4210.yaml"} {"ID":"CVE-2014-4513","Info":{"Name":"ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-4513.yaml"} {"ID":"CVE-2014-4535","Info":{"Name":"Import Legacy Media \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4535.yaml"} {"ID":"CVE-2014-4536","Info":{"Name":"Infusionsoft Gravity Forms Add-on \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4536.yaml"} {"ID":"CVE-2014-4539","Info":{"Name":"Movies \u003c= 0.6 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4539.yaml"} {"ID":"CVE-2014-4544","Info":{"Name":"Podcast Channels \u003c 0.28 - Cross-Site Scripting","Severity":"medium","Description":"The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4544.yaml"} {"ID":"CVE-2014-4550","Info":{"Name":"Shortcode Ninja \u003c= 1.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4550.yaml"} {"ID":"CVE-2014-4558","Info":{"Name":"WooCommerce Swipe \u003c= 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4558.yaml"} {"ID":"CVE-2014-4561","Info":{"Name":"Ultimate Weather Plugin \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4561.yaml"} {"ID":"CVE-2014-4577","Info":{"Name":"WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion","Severity":"medium","Description":"Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4577.yaml"} {"ID":"CVE-2014-4592","Info":{"Name":"WP Planet \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4592.yaml"} {"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"} {"ID":"CVE-2014-4941","Info":{"Name":"Cross RSS 1.7 - Local File Inclusion","Severity":"medium","Description":"Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4941.yaml"} {"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"medium","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"} {"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"} {"ID":"CVE-2014-5181","Info":{"Name":"Last.fm Rotation 1.0 - Path Traversal","Severity":"medium","Description":"Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5181.yaml"} {"ID":"CVE-2014-5187","Info":{"Name":"Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5187.yaml"} {"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"} {"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"} {"ID":"CVE-2014-6271","Info":{"Name":"ShellShock - Remote Code Execution","Severity":"critical","Description":"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6271.yaml"} {"ID":"CVE-2014-6287","Info":{"Name":"HTTP File Server \u003c2.3c - Remote Command Execution","Severity":"critical","Description":"HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6287.yaml"} {"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-6308.yaml"} {"ID":"CVE-2014-8676","Info":{"Name":"Simple Online Planning Tool \u003c1.3.2 - Local File Inclusion","Severity":"medium","Description":"SOPlanning \u003c1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2014/CVE-2014-8676.yaml"} {"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"high","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-8682.yaml"} {"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"} {"ID":"CVE-2014-9094","Info":{"Name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9094.yaml"} {"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"medium","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"} {"ID":"CVE-2014-9180","Info":{"Name":"Eleanor CMS - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9180.yaml"} {"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"} {"ID":"CVE-2014-9606","Info":{"Name":"Netsweeper 4.0.8 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9606.yaml"} {"ID":"CVE-2014-9607","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9607.yaml"} {"ID":"CVE-2014-9608","Info":{"Name":"Netsweeper 4.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9608.yaml"} {"ID":"CVE-2014-9609","Info":{"Name":"Netsweeper 4.0.8 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2014/CVE-2014-9609.yaml"} {"ID":"CVE-2014-9614","Info":{"Name":"Netsweeper 4.0.5 - Default Weak Account","Severity":"critical","Description":"The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-9614.yaml"} {"ID":"CVE-2014-9615","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9615.yaml"} {"ID":"CVE-2014-9617","Info":{"Name":"Netsweeper 3.0.6 - Open Redirection","Severity":"medium","Description":"An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9617.yaml"} {"ID":"CVE-2014-9618","Info":{"Name":"Netsweeper - Authentication Bypass","Severity":"critical","Description":"The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-9618.yaml"} {"ID":"CVE-2015-0554","Info":{"Name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","Severity":"critical","Description":"ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2015/CVE-2015-0554.yaml"} {"ID":"CVE-2015-1000005","Info":{"Name":"WordPress Candidate Application Form \u003c= 1.3 - Local File Inclusion","Severity":"high","Description":"WordPress Candidate Application Form \u003c= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000005.yaml"} {"ID":"CVE-2015-1000010","Info":{"Name":"WordPress Simple Image Manipulator \u003c 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000010.yaml"} {"ID":"CVE-2015-1000012","Info":{"Name":"WordPress MyPixs \u003c=0.3 - Local File Inclusion","Severity":"high","Description":"WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000012.yaml"} {"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"} {"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"} {"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"} {"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"} {"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"} {"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"} {"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"} {"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2068.yaml"} {"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2080.yaml"} {"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"} {"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"} {"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"} {"ID":"CVE-2015-2794","Info":{"Name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","Severity":"critical","Description":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2794.yaml"} {"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"} {"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"} {"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"} {"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2015/CVE-2015-3035.yaml"} {"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"medium","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3224.yaml"} {"ID":"CVE-2015-3337","Info":{"Name":"Elasticsearch - Local File Inclusion","Severity":"medium","Description":"Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3337.yaml"} {"ID":"CVE-2015-3648","Info":{"Name":"ResourceSpace - Local File inclusion","Severity":"high","Description":"ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-3648.yaml"} {"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"medium","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-3897.yaml"} {"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"medium","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4050.yaml"} {"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"medium","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-4062.yaml"} {"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"low","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2015/CVE-2015-4063.yaml"} {"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4074.yaml"} {"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"} {"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"medium","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"} {"ID":"CVE-2015-4455","Info":{"Name":"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload","Severity":"critical","Description":"Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-4455.yaml"} {"ID":"CVE-2015-4632","Info":{"Name":"Koha 3.20.1 - Directory Traversal","Severity":"high","Description":"Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4632.yaml"} {"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"medium","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"} {"ID":"CVE-2015-4668","Info":{"Name":"Xsuite \u003c=2.4.4.5 - Open Redirect","Severity":"medium","Description":"Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-4668.yaml"} {"ID":"CVE-2015-4694","Info":{"Name":"WordPress Zip Attachments \u003c= 1.1.4 - Arbitrary File Retrieval","Severity":"high","Description":"WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2015/CVE-2015-4694.yaml"} {"ID":"CVE-2015-5354","Info":{"Name":"Novius OS 5.0.1-elche - Open Redirect","Severity":"medium","Description":"Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-5354.yaml"} {"ID":"CVE-2015-5461","Info":{"Name":"WordPress StageShow \u003c5.0.9 - Open Redirect","Severity":"medium","Description":"WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2015/CVE-2015-5461.yaml"} {"ID":"CVE-2015-5469","Info":{"Name":"WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion","Severity":"high","Description":"WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-5469.yaml"} {"ID":"CVE-2015-5471","Info":{"Name":"Swim Team \u003c= v1.44.10777 - Local File Inclusion","Severity":"medium","Description":"The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2015/CVE-2015-5471.yaml"} {"ID":"CVE-2015-5531","Info":{"Name":"ElasticSearch \u003c1.6.1 - Local File Inclusion","Severity":"medium","Description":"ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5531.yaml"} {"ID":"CVE-2015-5688","Info":{"Name":"Geddy \u003c13.0.8 - Local File Inclusion","Severity":"medium","Description":"Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5688.yaml"} {"ID":"CVE-2015-6477","Info":{"Name":"Nordex NC2 - Cross-Site Scripting","Severity":"medium","Description":"Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6477.yaml"} {"ID":"CVE-2015-6544","Info":{"Name":"Combodo iTop \u003c2.2.0-2459 - Cross-Site Scripting","Severity":"medium","Description":"Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-6544.yaml"} {"ID":"CVE-2015-6920","Info":{"Name":"WordPress sourceAFRICA \u003c=0.1.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6920.yaml"} {"ID":"CVE-2015-7245","Info":{"Name":"D-Link DVG-N5402SP - Local File Inclusion","Severity":"high","Description":"D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-7245.yaml"} {"ID":"CVE-2015-7297","Info":{"Name":"Joomla! Core SQL Injection","Severity":"high","Description":"A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-7297.yaml"} {"ID":"CVE-2015-7377","Info":{"Name":"WordPress Pie-Register \u003c2.0.19 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-7377.yaml"} {"ID":"CVE-2015-7450","Info":{"Name":"IBM WebSphere Java Object Deserialization - Remote Code Execution","Severity":"critical","Description":"IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-7450.yaml"} {"ID":"CVE-2015-7780","Info":{"Name":"ManageEngine Firewall Analyzer \u003c8.0 - Local File Inclusion","Severity":"medium","Description":"ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-7780.yaml"} {"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"medium","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"} {"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-8349.yaml"} {"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-8399.yaml"} {"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2015/CVE-2015-8813.yaml"} {"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c=1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file \"includes/nsp_search.php\", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9312.yaml"} {"ID":"CVE-2015-9323","Info":{"Name":"404 to 301 \u003c= 2.0.2 - Authenticated Blind SQL Injection","Severity":"critical","Description":"The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-9323.yaml"} {"ID":"CVE-2015-9414","Info":{"Name":"WordPress Symposium \u003c=15.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9414.yaml"} {"ID":"CVE-2015-9480","Info":{"Name":"WordPress RobotCPA 5 - Directory Traversal","Severity":"high","Description":"The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-9480.yaml"} {"ID":"CVE-2016-0957","Info":{"Name":"Adobe AEM Dispatcher \u003c4.15 - Rules Bypass","Severity":"high","Description":"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-0957.yaml"} {"ID":"CVE-2016-1000126","Info":{"Name":"WordPress Admin Font Editor \u003c=1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000126.yaml"} {"ID":"CVE-2016-1000127","Info":{"Name":"WordPress AJAX Random Post \u003c=2.00 - Cross-Site Scripting","Severity":"medium","Description":"WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000127.yaml"} {"ID":"CVE-2016-1000128","Info":{"Name":"WordPress anti-plagiarism \u003c=3.60 - Cross-Site Scripting","Severity":"medium","Description":"WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000128.yaml"} {"ID":"CVE-2016-1000129","Info":{"Name":"WordPress defa-online-image-protector \u003c=3.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000129.yaml"} {"ID":"CVE-2016-1000130","Info":{"Name":"WordPress e-search \u003c=1.0 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via date_select.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000130.yaml"} {"ID":"CVE-2016-1000131","Info":{"Name":"WordPress e-search \u003c=1.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via title_az.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000131.yaml"} {"ID":"CVE-2016-1000132","Info":{"Name":"WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000132.yaml"} {"ID":"CVE-2016-1000133","Info":{"Name":"WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000133.yaml"} {"ID":"CVE-2016-1000134","Info":{"Name":"WordPress HDW Video Gallery \u003c=1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000134.yaml"} {"ID":"CVE-2016-1000135","Info":{"Name":"WordPress HDW Video Gallery \u003c=1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000135.yaml"} {"ID":"CVE-2016-1000136","Info":{"Name":"WordPress heat-trackr 1.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackr_abtest_add.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000136.yaml"} {"ID":"CVE-2016-1000137","Info":{"Name":"WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000137.yaml"} {"ID":"CVE-2016-1000138","Info":{"Name":"WordPress Admin Font Editor \u003c=1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000138.yaml"} {"ID":"CVE-2016-1000139","Info":{"Name":"WordPress Infusionsoft Gravity Forms \u003c=1.5.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000139.yaml"} {"ID":"CVE-2016-1000140","Info":{"Name":"WordPress New Year Firework \u003c=1.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000140.yaml"} {"ID":"CVE-2016-1000141","Info":{"Name":"WordPress Page Layout builder v1.9.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000141.yaml"} {"ID":"CVE-2016-1000142","Info":{"Name":"WordPress MW Font Changer \u003c=4.2.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000142.yaml"} {"ID":"CVE-2016-1000143","Info":{"Name":"WordPress Photoxhibit 2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000143.yaml"} {"ID":"CVE-2016-1000146","Info":{"Name":"WordPress Pondol Form to Mail \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000146.yaml"} {"ID":"CVE-2016-1000148","Info":{"Name":"WordPress S3 Video \u003c=0.983 - Cross-Site Scripting","Severity":"medium","Description":"WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000148.yaml"} {"ID":"CVE-2016-1000149","Info":{"Name":"WordPress Simpel Reserveren \u003c=3.5.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000149.yaml"} {"ID":"CVE-2016-1000152","Info":{"Name":"WordPress Tidio-form \u003c=1.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000152.yaml"} {"ID":"CVE-2016-1000153","Info":{"Name":"WordPress Tidio Gallery \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000153.yaml"} {"ID":"CVE-2016-1000154","Info":{"Name":"WordPress WHIZZ \u003c=1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000154.yaml"} {"ID":"CVE-2016-1000155","Info":{"Name":"WordPress WPSOLR \u003c=8.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000155.yaml"} {"ID":"CVE-2016-10033","Info":{"Name":"WordPress PHPMailer \u003c 5.2.18 - Remote Code Execution","Severity":"critical","Description":"WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property in isMail transport.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10033.yaml"} {"ID":"CVE-2016-10108","Info":{"Name":"Western Digital MyCloud NAS - Command Injection","Severity":"critical","Description":"Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10108.yaml"} {"ID":"CVE-2016-10134","Info":{"Name":"Zabbix - SQL Injection","Severity":"critical","Description":"Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10134.yaml"} {"ID":"CVE-2016-10367","Info":{"Name":"Opsview Monitor Pro - Local File Inclusion","Severity":"high","Description":"Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10367.yaml"} {"ID":"CVE-2016-10368","Info":{"Name":"Opsview Monitor Pro - Open Redirect","Severity":"medium","Description":"Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10368.yaml"} {"ID":"CVE-2016-10924","Info":{"Name":"Wordpress Zedna eBook download \u003c1.2 - Local File Inclusion","Severity":"high","Description":"Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10924.yaml"} {"ID":"CVE-2016-10940","Info":{"Name":"WordPress zm-gallery plugin 1.0 SQL Injection","Severity":"high","Description":"zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2016/CVE-2016-10940.yaml"} {"ID":"CVE-2016-10956","Info":{"Name":"WordPress Mail Masta 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10956.yaml"} {"ID":"CVE-2016-10960","Info":{"Name":"WordPress wSecure Lite \u003c 2.4 - Remote Code Execution","Severity":"high","Description":"WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-10960.yaml"} {"ID":"CVE-2016-10973","Info":{"Name":"Brafton WordPress Plugin \u003c 3.4.8 - Cross-Site Scripting","Severity":"medium","Description":"The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10973.yaml"} {"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"} {"ID":"CVE-2016-1555","Info":{"Name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","Severity":"critical","Description":"NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-1555.yaml"} {"ID":"CVE-2016-2389","Info":{"Name":"SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion","Severity":"high","Description":"SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-2389.yaml"} {"ID":"CVE-2016-3081","Info":{"Name":"Apache S2-032 Struts - Remote Code Execution","Severity":"high","Description":"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2016/CVE-2016-3081.yaml"} {"ID":"CVE-2016-3088","Info":{"Name":"Apache ActiveMQ Fileserver - Arbitrary File Write","Severity":"critical","Description":"Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-3088.yaml"} {"ID":"CVE-2016-3978","Info":{"Name":"Fortinet FortiOS - Open Redirect/Cross-Site Scripting","Severity":"medium","Description":"FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the \"redirect\" parameter to \"login.\"","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-3978.yaml"} {"ID":"CVE-2016-4437","Info":{"Name":"Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability","Severity":"high","Description":"Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2016/CVE-2016-4437.yaml"} {"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"} {"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"} {"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"} {"ID":"CVE-2016-5674","Info":{"Name":"NUUO NVR camera `debugging_center_utils_.php` - Command Execution","Severity":"critical","Description":"__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5674.yaml"} {"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"} {"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"} {"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"} {"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-7552.yaml"} {"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-7834.yaml"} {"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-7981.yaml"} {"ID":"CVE-2016-8527","Info":{"Name":"Aruba Airwave \u003c8.2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-8527.yaml"} {"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-0929.yaml"} {"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000028.yaml"} {"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000029.yaml"} {"ID":"CVE-2017-1000163","Info":{"Name":"Phoenix Framework - Open Redirect","Severity":"medium","Description":"Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-1000163.yaml"} {"ID":"CVE-2017-1000170","Info":{"Name":"WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion","Severity":"high","Description":"WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000170.yaml"} {"ID":"CVE-2017-1000486","Info":{"Name":"Primetek Primefaces 5.x - Remote Code Execution","Severity":"critical","Description":"Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-1000486.yaml"} {"ID":"CVE-2017-10075","Info":{"Name":"Oracle Content Server - Cross-Site Scripting","Severity":"high","Description":"Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2017/CVE-2017-10075.yaml"} {"ID":"CVE-2017-10271","Info":{"Name":"Oracle WebLogic Server - Remote Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-10271.yaml"} {"ID":"CVE-2017-10974","Info":{"Name":"Yaws 1.91 - Local File Inclusion","Severity":"high","Description":"Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-10974.yaml"} {"ID":"CVE-2017-11165","Info":{"Name":"DataTaker DT80 dEX 1.50.012 - Information Disclosure","Severity":"critical","Description":"DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-11165.yaml"} {"ID":"CVE-2017-11444","Info":{"Name":"Subrion CMS \u003c4.1.5.10 - SQL Injection","Severity":"critical","Description":"Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-11444.yaml"} {"ID":"CVE-2017-11512","Info":{"Name":"ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval","Severity":"high","Description":"ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-11512.yaml"} {"ID":"CVE-2017-11586","Info":{"Name":"FineCMS \u003c5.0.9 - Open Redirect","Severity":"medium","Description":"FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-11586.yaml"} {"ID":"CVE-2017-11610","Info":{"Name":"XML-RPC Server - Remote Code Execution","Severity":"high","Description":"The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-11610.yaml"} {"ID":"CVE-2017-11629","Info":{"Name":"FineCMS \u003c=5.0.10 - Cross-Site Scripting","Severity":"medium","Description":"FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api\u0026m=data2 request.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-11629.yaml"} {"ID":"CVE-2017-12138","Info":{"Name":"XOOPS Core 2.5.8 - Open Redirect","Severity":"medium","Description":"XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php due to the URL filter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12138.yaml"} {"ID":"CVE-2017-12149","Info":{"Name":"Jboss Application Server - Remote Code Execution","Severity":"critical","Description":"Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12149.yaml"} {"ID":"CVE-2017-12542","Info":{"Name":"HPE Integrated Lights-out 4 (ILO4) \u003c2.53 - Authentication Bypass","Severity":"critical","Description":"HPE Integrated Lights-out 4 (iLO 4) prior to 2.53 was found to contain an authentication bypass and code execution vulnerability.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-12542.yaml"} {"ID":"CVE-2017-12544","Info":{"Name":"HPE System Management - Cross-Site Scripting","Severity":"medium","Description":"HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-12544.yaml"} {"ID":"CVE-2017-12583","Info":{"Name":"DokuWiki - Cross-Site Scripting","Severity":"medium","Description":"DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12583.yaml"} {"ID":"CVE-2017-12611","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12611.yaml"} {"ID":"CVE-2017-12615","Info":{"Name":"Apache Tomcat Servers - Remote Code Execution","Severity":"high","Description":"Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12615.yaml"} {"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"} {"ID":"CVE-2017-12629","Info":{"Name":"Apache Solr \u003c= 7.1 - XML Entity Injection","Severity":"critical","Description":"Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12629.yaml"} {"ID":"CVE-2017-12635","Info":{"Name":"Apache CouchDB 1.7.0 / 2.x \u003c 2.1.1 - Remote Privilege Escalation","Severity":"critical","Description":"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12635.yaml"} {"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-12637.yaml"} {"ID":"CVE-2017-12794","Info":{"Name":"Django Debug Page - Cross-Site Scripting","Severity":"medium","Description":"Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances (DEBUG=True) are present to allow a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12794.yaml"} {"ID":"CVE-2017-14135","Info":{"Name":"OpenDreambox 2.0.0 - Remote Code Execution","Severity":"critical","Description":"OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-14135.yaml"} {"ID":"CVE-2017-14186","Info":{"Name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","Severity":"medium","Description":"FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-14186.yaml"} {"ID":"CVE-2017-14524","Info":{"Name":"OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect","Severity":"medium","Description":"OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-14524.yaml"} {"ID":"CVE-2017-14535","Info":{"Name":"Trixbox - 2.8.0.4 OS Command Injection","Severity":"high","Description":"Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-14535.yaml"} {"ID":"CVE-2017-14537","Info":{"Name":"Trixbox 2.8.0 - Path Traversal","Severity":"medium","Description":"Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2017/CVE-2017-14537.yaml"} {"ID":"CVE-2017-14622","Info":{"Name":"WordPress 2kb Amazon Affiliates Store \u003c2.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-14622.yaml"} {"ID":"CVE-2017-14651","Info":{"Name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2017/CVE-2017-14651.yaml"} {"ID":"CVE-2017-14849","Info":{"Name":"Node.js \u003c8.6.0 - Directory Traversal","Severity":"high","Description":"Node.js before 8.6.0 allows remote attackers to access unintended files because a change to \"..\" handling is incompatible with the pathname validation used by unspecified community modules.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-14849.yaml"} {"ID":"CVE-2017-15287","Info":{"Name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-15287.yaml"} {"ID":"CVE-2017-15363","Info":{"Name":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion","Severity":"high","Description":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15363.yaml"} {"ID":"CVE-2017-15647","Info":{"Name":"FiberHome Routers - Local File Inclusion","Severity":"high","Description":"FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15647.yaml"} {"ID":"CVE-2017-15715","Info":{"Name":"Apache httpd \u003c=2.4.29 - Arbitrary File Upload","Severity":"high","Description":"Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in \u003cFilesMatch\u003e, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-15715.yaml"} {"ID":"CVE-2017-15944","Info":{"Name":"Palo Alto Network PAN-OS - Remote Code Execution","Severity":"critical","Description":"Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-15944.yaml"} {"ID":"CVE-2017-16806","Info":{"Name":"Ulterius Server \u003c 1.9.5.0 - Directory Traversal","Severity":"high","Description":"Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16806.yaml"} {"ID":"CVE-2017-16877","Info":{"Name":"Nextjs \u003c2.4.1 - Local File Inclusion","Severity":"high","Description":"ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16877.yaml"} {"ID":"CVE-2017-16894","Info":{"Name":"Laravel \u003c5.5.21 - Information Disclosure","Severity":"high","Description":"Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions. The .env filename is not used exclusively by Laravel.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16894.yaml"} {"ID":"CVE-2017-17043","Info":{"Name":"WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter \"post\" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-17043.yaml"} {"ID":"CVE-2017-17059","Info":{"Name":"WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-17059.yaml"} {"ID":"CVE-2017-17451","Info":{"Name":"WordPress Mailster \u003c=1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-17451.yaml"} {"ID":"CVE-2017-17562","Info":{"Name":"Embedthis GoAhead \u003c3.6.5 - Remote Code Execution","Severity":"high","Description":"description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-17562.yaml"} {"ID":"CVE-2017-17731","Info":{"Name":"DedeCMS 5.7 - SQL Injection","Severity":"critical","Description":"DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17731.yaml"} {"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"} {"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"} {"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"} {"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"} {"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"} {"ID":"CVE-2017-18492","Info":{"Name":"Contact Form to DB by BestWebSoft \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18492.yaml"} {"ID":"CVE-2017-18493","Info":{"Name":"Custom Admin Page by BestWebSoft \u003c 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18493.yaml"} {"ID":"CVE-2017-18494","Info":{"Name":"Custom Search by BestWebSoft \u003c 1.36 - Cross-Site Scripting","Severity":"medium","Description":"The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18494.yaml"} {"ID":"CVE-2017-18496","Info":{"Name":"Htaccess by BestWebSoft \u003c 1.7.6 - Cross-Site Scripting","Severity":"medium","Description":"The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18496.yaml"} {"ID":"CVE-2017-18500","Info":{"Name":"Social Buttons Pack by BestWebSof \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18500.yaml"} {"ID":"CVE-2017-18501","Info":{"Name":"Social Login by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18501.yaml"} {"ID":"CVE-2017-18502","Info":{"Name":"Subscriber by BestWebSoft \u003c 1.3.5 - Cross-Site Scripting","Severity":"medium","Description":"The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18502.yaml"} {"ID":"CVE-2017-18505","Info":{"Name":"BestWebSoft's Twitter \u003c 2.55 - Cross-Site Scripting","Severity":"medium","Description":"The twitter-plugin plugin before 2.55 for WordPress has XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18505.yaml"} {"ID":"CVE-2017-18516","Info":{"Name":"LinkedIn by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18516.yaml"} {"ID":"CVE-2017-18517","Info":{"Name":"Pinterest by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18517.yaml"} {"ID":"CVE-2017-18518","Info":{"Name":"SMTP by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18518.yaml"} {"ID":"CVE-2017-18527","Info":{"Name":"Pagination by BestWebSoft \u003c 1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18527.yaml"} {"ID":"CVE-2017-18528","Info":{"Name":"PDF \u0026 Print by BestWebSoft \u003c 1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18528.yaml"} {"ID":"CVE-2017-18529","Info":{"Name":"PromoBar by BestWebSoft \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18529.yaml"} {"ID":"CVE-2017-18530","Info":{"Name":"Rating by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18530.yaml"} {"ID":"CVE-2017-18532","Info":{"Name":"Realty by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The realty plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18532.yaml"} {"ID":"CVE-2017-18536","Info":{"Name":"WordPress Stop User Enumeration \u003c=1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18536.yaml"} {"ID":"CVE-2017-18537","Info":{"Name":"Visitors Online by BestWebSoft \u003c 1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18537.yaml"} {"ID":"CVE-2017-18542","Info":{"Name":"Zendesk Help Center by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18542.yaml"} {"ID":"CVE-2017-18556","Info":{"Name":"Google Analytics by BestWebSoft \u003c 1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18556.yaml"} {"ID":"CVE-2017-18557","Info":{"Name":"Google Maps by BestWebSoft \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18557.yaml"} {"ID":"CVE-2017-18558","Info":{"Name":"Testimonials by BestWebSoft \u003c 0.1.9 - Cross-Site Scripting","Severity":"medium","Description":"The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18558.yaml"} {"ID":"CVE-2017-18562","Info":{"Name":"Error Log Viewer by BestWebSoft \u003c 1.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18562.yaml"} {"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"} {"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"} {"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"} {"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"} {"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"} {"ID":"CVE-2017-3131","Info":{"Name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in \"Applications\" under FortiView.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3131.yaml"} {"ID":"CVE-2017-3132","Info":{"Name":"Fortinet FortiOS \u003c 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-3132.yaml"} {"ID":"CVE-2017-3133","Info":{"Name":"Fortinet FortiOS \u003c 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-3133.yaml"} {"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"} {"ID":"CVE-2017-3528","Info":{"Name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","Severity":"medium","Description":"The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3528.yaml"} {"ID":"CVE-2017-4011","Info":{"Name":"McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting","Severity":"medium","Description":"McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-4011.yaml"} {"ID":"CVE-2017-5521","Info":{"Name":"NETGEAR Routers - Authentication Bypass","Severity":"high","Description":"NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-5521.yaml"} {"ID":"CVE-2017-5631","Info":{"Name":"KMCIS CaseAware - Cross-Site Scripting","Severity":"medium","Description":"KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-5631.yaml"} {"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-5638.yaml"} {"ID":"CVE-2017-5689","Info":{"Name":"Intel Active Management - Authentication Bypass","Severity":"critical","Description":"Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-5689.yaml"} {"ID":"CVE-2017-5871","Info":{"Name":"Odoo \u003c= 8.0-20160726 \u0026 9.0 - Open Redirect","Severity":"medium","Description":"An Open Redirect vulnerability in Odoo versions \u003c= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-5871.yaml"} {"ID":"CVE-2017-5982","Info":{"Name":"Kodi 17.1 - Local File Inclusion","Severity":"high","Description":"Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-5982.yaml"} {"ID":"CVE-2017-6090","Info":{"Name":"PhpColl 2.5.1 Arbitrary File Upload","Severity":"high","Description":"PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-6090.yaml"} {"ID":"CVE-2017-7269","Info":{"Name":"Windows Server 2003 \u0026 IIS 6.0 - Remote Code Execution","Severity":"critical","Description":"Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with \"If \u003chttp://\" in a PROPFIND request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7269.yaml"} {"ID":"CVE-2017-7391","Info":{"Name":"Magmi 0.7.22 - Cross-Site Scripting","Severity":"medium","Description":"Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-7391.yaml"} {"ID":"CVE-2017-7615","Info":{"Name":"MantisBT \u003c=2.30 - Arbitrary Password Reset/Admin Access","Severity":"high","Description":"MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-7615.yaml"} {"ID":"CVE-2017-7855","Info":{"Name":"IceWarp WebMail 11.3.1.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-7855.yaml"} {"ID":"CVE-2017-7921","Info":{"Name":"Hikvision - Authentication Bypass","Severity":"critical","Description":"Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-7921.yaml"} {"ID":"CVE-2017-7925","Info":{"Name":"Dahua Security - Configuration File Disclosure","Severity":"critical","Description":"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7925.yaml"} {"ID":"CVE-2017-8229","Info":{"Name":"Amcrest IP Camera Web Management - Data Exposure","Severity":"critical","Description":"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-8229.yaml"} {"ID":"CVE-2017-8917","Info":{"Name":"Joomla! \u003c3.7.1 - SQL Injection","Severity":"critical","Description":"Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-8917.yaml"} {"ID":"CVE-2017-9140","Info":{"Name":"Reflected XSS - Telerik Reporting Module","Severity":"medium","Description":"Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9140.yaml"} {"ID":"CVE-2017-9288","Info":{"Name":"WordPress Raygun4WP \u003c=1.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9288.yaml"} {"ID":"CVE-2017-9416","Info":{"Name":"Odoo 8.0/9.0/10.0 - Local File Inclusion","Severity":"medium","Description":"Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2017/CVE-2017-9416.yaml"} {"ID":"CVE-2017-9506","Info":{"Name":"Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery","Severity":"medium","Description":"The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9506.yaml"} {"ID":"CVE-2017-9791","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-9791.yaml"} {"ID":"CVE-2017-9805","Info":{"Name":"Apache Struts2 S2-052 - Remote Code Execution","Severity":"high","Description":"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-9805.yaml"} {"ID":"CVE-2017-9822","Info":{"Name":"DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution","Severity":"high","Description":"DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-9822.yaml"} {"ID":"CVE-2017-9833","Info":{"Name":"BOA Web Server 0.94.14 - Arbitrary File Access","Severity":"high","Description":"BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of \"../..\" using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-9833.yaml"} {"ID":"CVE-2017-9841","Info":{"Name":"PHPUnit - Remote Code Execution","Severity":"critical","Description":"PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a \"\u003c?php \" substring via Util/PHP/eval-stdin.php , as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-9841.yaml"} {"ID":"CVE-2018-0127","Info":{"Name":"Cisco RV132W/RV134W Router - Information Disclosure","Severity":"critical","Description":"Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-0127.yaml"} {"ID":"CVE-2018-0296","Info":{"Name":"Cisco ASA - Local File Inclusion","Severity":"high","Description":"Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-0296.yaml"} {"ID":"CVE-2018-1000129","Info":{"Name":"Jolokia 1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-1000129.yaml"} {"ID":"CVE-2018-1000130","Info":{"Name":"Jolokia Agent - JNDI Code Injection","Severity":"high","Description":"Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-1000130.yaml"} {"ID":"CVE-2018-1000226","Info":{"Name":"Cobbler - Authentication Bypass","Severity":"critical","Description":"Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1000226.yaml"} {"ID":"CVE-2018-1000533","Info":{"Name":"GitList \u003c 0.6.0 Remote Code Execution","Severity":"critical","Description":"klaussilveira GitList version \u003c= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1000533.yaml"} {"ID":"CVE-2018-1000600","Info":{"Name":"Jenkins GitHub Plugin \u003c=1.29.1 - Server-Side Request Forgery","Severity":"high","Description":"Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-1000600.yaml"} {"ID":"CVE-2018-1000671","Info":{"Name":"Sympa version =\u003e6.2.16 - Cross-Site Scripting","Severity":"medium","Description":"Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-1000671.yaml"} {"ID":"CVE-2018-1000856","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-1000856.yaml"} {"ID":"CVE-2018-1000861","Info":{"Name":"Jenkins - Remote Command Injection","Severity":"critical","Description":"Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1000861.yaml"} {"ID":"CVE-2018-10093","Info":{"Name":"AudioCodes 420HD - Remote Code Execution","Severity":"high","Description":"AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10093.yaml"} {"ID":"CVE-2018-10095","Info":{"Name":"Dolibarr \u003c7.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10095.yaml"} {"ID":"CVE-2018-10141","Info":{"Name":"Palo Alto Networks PAN-OS GlobalProtect \u003c8.1.4 - Cross-Site Scripting","Severity":"medium","Description":"Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10141.yaml"} {"ID":"CVE-2018-10201","Info":{"Name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","Severity":"high","Description":"Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10201.yaml"} {"ID":"CVE-2018-10230","Info":{"Name":"Zend Server \u003c9.13 - Cross-Site Scripting","Severity":"medium","Description":"Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10230.yaml"} {"ID":"CVE-2018-10562","Info":{"Name":"Dasan GPON Devices - Remote Code Execution","Severity":"critical","Description":"Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10562.yaml"} {"ID":"CVE-2018-10735","Info":{"Name":"NagiosXI \u003c= 5.4.12 `commandline.php` SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10735.yaml"} {"ID":"CVE-2018-10736","Info":{"Name":"NagiosXI \u003c= 5.4.12 - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10736.yaml"} {"ID":"CVE-2018-10737","Info":{"Name":"NagiosXI \u003c= 5.4.12 logbook.php SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10737.yaml"} {"ID":"CVE-2018-10738","Info":{"Name":"NagiosXI \u003c= 5.4.12 menuaccess.php - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10738.yaml"} {"ID":"CVE-2018-10818","Info":{"Name":"LG NAS Devices - Remote Code Execution","Severity":"critical","Description":"LG NAS devices contain a pre-auth remote command injection via the \"password\" parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10818.yaml"} {"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10822.yaml"} {"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10823.yaml"} {"ID":"CVE-2018-10942","Info":{"Name":"Prestashop AttributeWizardPro Module - Arbitrary File Upload","Severity":"critical","Description":"In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10942.yaml"} {"ID":"CVE-2018-10956","Info":{"Name":"IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion","Severity":"high","Description":"IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10956.yaml"} {"ID":"CVE-2018-11227","Info":{"Name":"Monstra CMS \u003c=3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-11227.yaml"} {"ID":"CVE-2018-11231","Info":{"Name":"Opencart Divido - Sql Injection","Severity":"high","Description":"OpenCart Divido plugin is susceptible to SQL injection\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-11231.yaml"} {"ID":"CVE-2018-11409","Info":{"Name":"Splunk \u003c=7.0.1 - Information Disclosure","Severity":"medium","Description":"Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-11409.yaml"} {"ID":"CVE-2018-11473","Info":{"Name":"Monstra CMS 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-11473.yaml"} {"ID":"CVE-2018-11709","Info":{"Name":"WordPress wpForo Forum \u003c= 1.4.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-11709.yaml"} {"ID":"CVE-2018-11759","Info":{"Name":"Apache Tomcat JK Connect \u003c=1.2.44 - Manager Access","Severity":"high","Description":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-11759.yaml"} {"ID":"CVE-2018-11776","Info":{"Name":"Apache Struts2 S2-057 - Remote Code Execution","Severity":"high","Description":"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-11776.yaml"} {"ID":"CVE-2018-11784","Info":{"Name":"Apache Tomcat - Open Redirect","Severity":"medium","Description":"Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-11784.yaml"} {"ID":"CVE-2018-12031","Info":{"Name":"Eaton Intelligent Power Manager 1.6 - Directory Traversal","Severity":"critical","Description":"Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-12031.yaml"} {"ID":"CVE-2018-12054","Info":{"Name":"Schools Alert Management Script - Arbitrary File Read","Severity":"high","Description":"Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12054.yaml"} {"ID":"CVE-2018-1207","Info":{"Name":"Dell iDRAC7/8 Devices - Remote Code Injection","Severity":"critical","Description":"Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability\nwhich could be used to execute remote code. A remote unauthenticated attacker may\npotentially be able to use CGI variables to execute remote code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1207.yaml"} {"ID":"CVE-2018-12095","Info":{"Name":"OEcms 3.1 - Cross-Site Scripting","Severity":"medium","Description":"OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2018/CVE-2018-12095.yaml"} {"ID":"CVE-2018-12296","Info":{"Name":"Seagate NAS OS 4.3.15.1 - Server Information Disclosure","Severity":"high","Description":"Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12296.yaml"} {"ID":"CVE-2018-12300","Info":{"Name":"Seagate NAS OS 4.3.15.1 - Open Redirect","Severity":"medium","Description":"Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12300.yaml"} {"ID":"CVE-2018-12613","Info":{"Name":"PhpMyAdmin \u003c4.8.2 - Local File Inclusion","Severity":"high","Description":"PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication).","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-12613.yaml"} {"ID":"CVE-2018-12634","Info":{"Name":"CirCarLife Scada \u003c4.3 - System Log Exposure","Severity":"critical","Description":"CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-12634.yaml"} {"ID":"CVE-2018-12675","Info":{"Name":"SV3C HD Camera L Series - Open Redirect","Severity":"medium","Description":"SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12675.yaml"} {"ID":"CVE-2018-1271","Info":{"Name":"Spring MVC Framework - Local File Inclusion","Severity":"medium","Description":"Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2018/CVE-2018-1271.yaml"} {"ID":"CVE-2018-1273","Info":{"Name":"Spring Data Commons - Remote Code Execution","Severity":"critical","Description":"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,\nand older unsupported versions, contain a property binder vulnerability\ncaused by improper neutralization of special elements.\nAn unauthenticated remote malicious user (or attacker) can supply\nspecially crafted request parameters against Spring Data REST backed HTTP resources\nor using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1273.yaml"} {"ID":"CVE-2018-12909","Info":{"Name":"Webgrind \u003c= 1.5 - Local File Inclusion","Severity":"high","Description":"Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer\u0026file= URI\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12909.yaml"} {"ID":"CVE-2018-12998","Info":{"Name":"Zoho manageengine - Cross-Site Scripting","Severity":"medium","Description":"Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12998.yaml"} {"ID":"CVE-2018-1335","Info":{"Name":"Apache Tika \u003c1.1.8- Header Command Injection","Severity":"high","Description":"Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-1335.yaml"} {"ID":"CVE-2018-13379","Info":{"Name":"Fortinet FortiOS - Credentials Disclosure","Severity":"critical","Description":"Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-13379.yaml"} {"ID":"CVE-2018-13380","Info":{"Name":"Fortinet FortiOS - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-13380.yaml"} {"ID":"CVE-2018-13980","Info":{"Name":"Zeta Producer Desktop CMS \u003c14.2.1 - Local File Inclusion","Severity":"medium","Description":"Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin \"filebrowser\" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.","Classification":{"CVSSScore":"5.5"}},"file_path":"http/cves/2018/CVE-2018-13980.yaml"} {"ID":"CVE-2018-14013","Info":{"Name":"Synacor Zimbra Collaboration Suite Collaboration \u003c8.8.11 - Cross-Site Scripting","Severity":"medium","Description":"Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-14013.yaml"} {"ID":"CVE-2018-14064","Info":{"Name":"VelotiSmart Wifi - Directory Traversal","Severity":"critical","Description":"VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-14064.yaml"} {"ID":"CVE-2018-14474","Info":{"Name":"Orange Forum 1.4.0 - Open Redirect","Severity":"medium","Description":"Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-14474.yaml"} {"ID":"CVE-2018-14574","Info":{"Name":"Django - Open Redirect","Severity":"medium","Description":"Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-14574.yaml"} {"ID":"CVE-2018-14728","Info":{"Name":"Responsive filemanager 9.13.1 Server-Side Request Forgery","Severity":"critical","Description":"Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-14728.yaml"} {"ID":"CVE-2018-14912","Info":{"Name":"cgit \u003c 1.2.1 - Directory Traversal","Severity":"high","Description":"cGit \u003c 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-14912.yaml"} {"ID":"CVE-2018-14916","Info":{"Name":"Loytec LGATE-902 \u003c6.4.2 - Local File Inclusion","Severity":"critical","Description":"Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2018/CVE-2018-14916.yaml"} {"ID":"CVE-2018-14918","Info":{"Name":"LOYTEC LGATE-902 6.3.2 - Local File Inclusion","Severity":"high","Description":"LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-14918.yaml"} {"ID":"CVE-2018-14931","Info":{"Name":"Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect","Severity":"medium","Description":"Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-14931.yaml"} {"ID":"CVE-2018-15138","Info":{"Name":"LG-Ericsson iPECS NMS 30M - Local File Inclusion","Severity":"high","Description":"Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15138.yaml"} {"ID":"CVE-2018-15517","Info":{"Name":"D-Link Central WifiManager - Server-Side Request Forgery","Severity":"high","Description":"D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2018/CVE-2018-15517.yaml"} {"ID":"CVE-2018-15535","Info":{"Name":"Responsive FileManager \u003c9.13.4 - Local File Inclusion","Severity":"high","Description":"Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15535.yaml"} {"ID":"CVE-2018-15745","Info":{"Name":"Argus Surveillance DVR 4.0.0.0 - Local File Inclusion","Severity":"high","Description":"Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15745.yaml"} {"ID":"CVE-2018-15917","Info":{"Name":"Jorani Leave Management System 0.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2018/CVE-2018-15917.yaml"} {"ID":"CVE-2018-15961","Info":{"Name":"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-15961.yaml"} {"ID":"CVE-2018-16059","Info":{"Name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","Severity":"medium","Description":"WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16059.yaml"} {"ID":"CVE-2018-16133","Info":{"Name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","Severity":"medium","Description":"Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16133.yaml"} {"ID":"CVE-2018-16139","Info":{"Name":"BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting","Severity":"medium","Description":"BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-16139.yaml"} {"ID":"CVE-2018-16159","Info":{"Name":"WordPress Gift Voucher \u003c4.1.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16159.yaml"} {"ID":"CVE-2018-16167","Info":{"Name":"LogonTracer \u003c=1.2.0 - Remote Command Injection","Severity":"critical","Description":"LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16167.yaml"} {"ID":"CVE-2018-16283","Info":{"Name":"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion","Severity":"critical","Description":"WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16283.yaml"} {"ID":"CVE-2018-16288","Info":{"Name":"LG SuperSign EZ CMS 2.5 - Local File Inclusion","Severity":"high","Description":"LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2018/CVE-2018-16288.yaml"} {"ID":"CVE-2018-16299","Info":{"Name":"WordPress Localize My Post 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-16299.yaml"} {"ID":"CVE-2018-16341","Info":{"Name":"Nuxeo \u003c10.3 - Remote Code Execution","Severity":"high","Description":"Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-16341.yaml"} {"ID":"CVE-2018-16668","Info":{"Name":"CirCarLife \u003c4.3 - Improper Authentication","Severity":"medium","Description":"CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16668.yaml"} {"ID":"CVE-2018-16670","Info":{"Name":"CirCarLife \u003c4.3 - Improper Authentication","Severity":"medium","Description":"CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16670.yaml"} {"ID":"CVE-2018-16671","Info":{"Name":"CirCarLife \u003c4.3 - Improper Authentication","Severity":"medium","Description":"CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16671.yaml"} {"ID":"CVE-2018-16716","Info":{"Name":"NCBI ToolBox - Directory Traversal","Severity":"critical","Description":"NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2018/CVE-2018-16716.yaml"} {"ID":"CVE-2018-16761","Info":{"Name":"Eventum \u003c3.4.0 - Open Redirect","Severity":"medium","Description":"Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-16761.yaml"} {"ID":"CVE-2018-16763","Info":{"Name":"FUEL CMS 1.4.1 - Remote Code Execution","Severity":"critical","Description":"FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16763.yaml"} {"ID":"CVE-2018-16836","Info":{"Name":"Rubedo CMS \u003c=3.4.0 - Directory Traversal","Severity":"critical","Description":"Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16836.yaml"} {"ID":"CVE-2018-16979","Info":{"Name":"Monstra CMS 3.0.4 - HTTP Header Injection","Severity":"medium","Description":"Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-16979.yaml"} {"ID":"CVE-2018-17153","Info":{"Name":"Western Digital MyCloud NAS - Authentication Bypass","Severity":"critical","Description":"It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \\\"cgi_get_ipv6\\\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \\\"flag\\\" with the value \\\"1\\\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17153.yaml"} {"ID":"CVE-2018-17246","Info":{"Name":"Kibana - Local File Inclusion","Severity":"critical","Description":"Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17246.yaml"} {"ID":"CVE-2018-17254","Info":{"Name":"Joomla! JCK Editor SQL Injection","Severity":"critical","Description":"The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17254.yaml"} {"ID":"CVE-2018-17422","Info":{"Name":"DotCMS \u003c 5.0.2 - Open Redirect","Severity":"medium","Description":"dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-17422.yaml"} {"ID":"CVE-2018-17431","Info":{"Name":"Comodo Unified Threat Management Web Console - Remote Code Execution","Severity":"critical","Description":"Comodo Firewall \u0026 Central Manager (UTM) All Release before 2.7.0 \u0026 1.5.0 are susceptible to a web shell based remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17431.yaml"} {"ID":"CVE-2018-18069","Info":{"Name":"WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18069.yaml"} {"ID":"CVE-2018-18264","Info":{"Name":"Kubernetes Dashboard \u003c1.10.1 - Authentication Bypass","Severity":"high","Description":"Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-18264.yaml"} {"ID":"CVE-2018-18323","Info":{"Name":"Centos Web Panel 0.9.8.480 - Local File Inclusion","Severity":"high","Description":"Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-18323.yaml"} {"ID":"CVE-2018-18570","Info":{"Name":"Planon \u003cLive Build 41 - Cross-Site Scripting","Severity":"medium","Description":"Planon before Live Build 41 is vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18570.yaml"} {"ID":"CVE-2018-18608","Info":{"Name":"DedeCMS 5.7 SP2 - Cross-Site Scripting","Severity":"medium","Description":"DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18608.yaml"} {"ID":"CVE-2018-18775","Info":{"Name":"Microstrategy Web 7 - Cross-Site Scripting","Severity":"medium","Description":"Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18775.yaml"} {"ID":"CVE-2018-18777","Info":{"Name":"Microstrategy Web 7 - Local File Inclusion","Severity":"medium","Description":"Microstrategy Web 7 is vulnerable to local file inclusion via \"/WebMstr7/servlet/mstrWeb\" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-18777.yaml"} {"ID":"CVE-2018-18778","Info":{"Name":"ACME mini_httpd \u003c1.30 - Local File Inclusion","Severity":"medium","Description":"ACME mini_httpd before 1.30 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18778.yaml"} {"ID":"CVE-2018-18809","Info":{"Name":"TIBCO JasperReports Library - Directory Traversal","Severity":"medium","Description":"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18809.yaml"} {"ID":"CVE-2018-18925","Info":{"Name":"Gogs (Go Git Service) 0.11.66 - Remote Code Execution","Severity":"critical","Description":"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-18925.yaml"} {"ID":"CVE-2018-19136","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19136.yaml"} {"ID":"CVE-2018-19137","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19137.yaml"} {"ID":"CVE-2018-19287","Info":{"Name":"WordPress Ninja Forms \u003c3.3.18 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19287.yaml"} {"ID":"CVE-2018-19326","Info":{"Name":"Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion","Severity":"high","Description":"Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing \"dot dot\" sequences (/../), conduct directory traversal attacks, and view arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-19326.yaml"} {"ID":"CVE-2018-19365","Info":{"Name":"Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal","Severity":"critical","Description":"Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2018/CVE-2018-19365.yaml"} {"ID":"CVE-2018-19386","Info":{"Name":"SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting","Severity":"medium","Description":"SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19386.yaml"} {"ID":"CVE-2018-19439","Info":{"Name":"Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting","Severity":"medium","Description":"Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19439.yaml"} {"ID":"CVE-2018-19458","Info":{"Name":"PHP Proxy 3.0.3 - Local File Inclusion","Severity":"high","Description":"PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-19458.yaml"} {"ID":"CVE-2018-19749","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19749.yaml"} {"ID":"CVE-2018-19751","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description \u0026 Notes field parameters.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19751.yaml"} {"ID":"CVE-2018-19752","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19752.yaml"} {"ID":"CVE-2018-19753","Info":{"Name":"Tarantella Enterprise \u003c3.11 - Local File Inclusion","Severity":"high","Description":"Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-19753.yaml"} {"ID":"CVE-2018-19877","Info":{"Name":"Adiscon LogAnalyzer \u003c4.1.7 - Cross-Site Scripting","Severity":"medium","Description":"Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19877.yaml"} {"ID":"CVE-2018-19892","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19892.yaml"} {"ID":"CVE-2018-19914","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19914.yaml"} {"ID":"CVE-2018-19915","Info":{"Name":"DomainMOD \u003c=4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-19915.yaml"} {"ID":"CVE-2018-20009","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-20009.yaml"} {"ID":"CVE-2018-20010","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-20010.yaml"} {"ID":"CVE-2018-20011","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2018/CVE-2018-20011.yaml"} {"ID":"CVE-2018-20462","Info":{"Name":"WordPress JSmol2WP \u003c=1.07 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-20462.yaml"} {"ID":"CVE-2018-20463","Info":{"Name":"WordPress JSmol2WP \u003c=1.07 - Local File Inclusion","Severity":"high","Description":"WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20463.yaml"} {"ID":"CVE-2018-20470","Info":{"Name":"Tyto Sahi pro 7.x/8.x - Local File Inclusion","Severity":"high","Description":"Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20470.yaml"} {"ID":"CVE-2018-20526","Info":{"Name":"Roxy Fileman 1.4.5 - Unrestricted File Upload","Severity":"critical","Description":"Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20526.yaml"} {"ID":"CVE-2018-20608","Info":{"Name":"Imcat 4.4 - Phpinfo Configuration","Severity":"high","Description":"Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20608.yaml"} {"ID":"CVE-2018-20824","Info":{"Name":"Atlassian Jira WallboardServlet \u003c7.13.1 - Cross-Site Scripting","Severity":"medium","Description":"The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-20824.yaml"} {"ID":"CVE-2018-20985","Info":{"Name":"WordPress Payeezy Pay \u003c=2.97 - Local File Inclusion","Severity":"critical","Description":"WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20985.yaml"} {"ID":"CVE-2018-2392","Info":{"Name":"SAP Internet Graphics Server (IGS) - XML External Entity Injection","Severity":"high","Description":"SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-2392.yaml"} {"ID":"CVE-2018-2791","Info":{"Name":"Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting","Severity":"high","Description":"The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2018/CVE-2018-2791.yaml"} {"ID":"CVE-2018-2894","Info":{"Name":"Oracle WebLogic Server - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-2894.yaml"} {"ID":"CVE-2018-3167","Info":{"Name":"Oracle E-Business Suite - Blind SSRF","Severity":"medium","Description":"Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-3167.yaml"} {"ID":"CVE-2018-3238","Info":{"Name":"Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting","Severity":"medium","Description":"The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.","Classification":{"CVSSScore":"6.9"}},"file_path":"http/cves/2018/CVE-2018-3238.yaml"} {"ID":"CVE-2018-3714","Info":{"Name":"node-srv - Local File Inclusion","Severity":"medium","Description":"node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-3714.yaml"} {"ID":"CVE-2018-3760","Info":{"Name":"Ruby On Rails - Local File Inclusion","Severity":"high","Description":"Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-3760.yaml"} {"ID":"CVE-2018-3810","Info":{"Name":"Oturia WordPress Smart Google Code Inserter \u003c3.5 - Authentication Bypass","Severity":"critical","Description":"Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-3810.yaml"} {"ID":"CVE-2018-5230","Info":{"Name":"Atlassian Jira Confluence - Cross-Site Scripting","Severity":"medium","Description":"Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-5230.yaml"} {"ID":"CVE-2018-5233","Info":{"Name":"Grav CMS \u003c1.3.0 - Cross-Site Scripting","Severity":"medium","Description":"Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-5233.yaml"} {"ID":"CVE-2018-5316","Info":{"Name":"WordPress SagePay Server Gateway for WooCommerce \u003c1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-5316.yaml"} {"ID":"CVE-2018-5715","Info":{"Name":"SugarCRM 3.5.1 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-5715.yaml"} {"ID":"CVE-2018-6008","Info":{"Name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","Severity":"high","Description":"Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6008.yaml"} {"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"} {"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"} {"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"} {"ID":"CVE-2018-6605","Info":{"Name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6605.yaml"} {"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"} {"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"} {"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"} {"ID":"CVE-2018-7314","Info":{"Name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7314.yaml"} {"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"} {"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"} {"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"} {"ID":"CVE-2018-7600","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7600.yaml"} {"ID":"CVE-2018-7602","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7602.yaml"} {"ID":"CVE-2018-7653","Info":{"Name":"YzmCMS v3.6 - Cross-Site Scripting","Severity":"medium","Description":"In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7653.yaml"} {"ID":"CVE-2018-7662","Info":{"Name":"CouchCMS \u003c= 2.0 - Path Disclosure","Severity":"medium","Description":"CouchCMS \u003c= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-7662.yaml"} {"ID":"CVE-2018-7700","Info":{"Name":"DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution","Severity":"high","Description":"DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-7700.yaml"} {"ID":"CVE-2018-7719","Info":{"Name":"Acrolinx Server \u003c5.2.5 - Local File Inclusion","Severity":"high","Description":"Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7719.yaml"} {"ID":"CVE-2018-8006","Info":{"Name":"Apache ActiveMQ \u003c=5.15.5 - Cross-Site Scripting","Severity":"medium","Description":"Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-8006.yaml"} {"ID":"CVE-2018-8033","Info":{"Name":"Apache OFBiz 16.11.04 - XML Entity Injection","Severity":"high","Description":"Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-8033.yaml"} {"ID":"CVE-2018-8715","Info":{"Name":"AppWeb - Authentication Bypass","Severity":"high","Description":"The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-8715.yaml"} {"ID":"CVE-2018-8719","Info":{"Name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","Severity":"medium","Description":"WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8719.yaml"} {"ID":"CVE-2018-8727","Info":{"Name":"Mirasys DVMS Workstation \u003c=5.12.6 - Local File Inclusion","Severity":"high","Description":"Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-8727.yaml"} {"ID":"CVE-2018-8770","Info":{"Name":"Cobub Razor 0.8.0 - Information Disclosure","Severity":"medium","Description":"Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-8770.yaml"} {"ID":"CVE-2018-8823","Info":{"Name":"PrestaShop Responsive Mega Menu Module - Remote Code Execution","Severity":"critical","Description":"The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-8823.yaml"} {"ID":"CVE-2018-9118","Info":{"Name":"WordPress 99 Robots WP Background Takeover Advertisements \u003c=4.1.4 - Local File Inclusion","Severity":"high","Description":"WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9118.yaml"} {"ID":"CVE-2018-9161","Info":{"Name":"PrismaWEB - Credentials Disclosure","Severity":"critical","Description":"PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9161.yaml"} {"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"} {"ID":"CVE-2018-9845","Info":{"Name":"Etherpad Lite \u003c1.6.4 - Admin Authentication Bypass","Severity":"critical","Description":"Etherpad Lite before 1.6.4 is exploitable for admin access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9845.yaml"} {"ID":"CVE-2018-9995","Info":{"Name":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","Severity":"critical","Description":"TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and\nMDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass\nauthentication via a \"Cookie: uid=admin\" header, as demonstrated by a device.rsp?opt=user\u0026cmd=list request that provides credentials within JSON data in a response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9995.yaml"} {"ID":"CVE-2019-0193","Info":{"Name":"Apache Solr DataImportHandler \u003c8.2.0 - Remote Code Execution","Severity":"high","Description":"Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-0193.yaml"} {"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"} {"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"} {"ID":"CVE-2019-0232","Info":{"Name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","Severity":"high","Description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-0232.yaml"} {"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"} {"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"} {"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"} {"ID":"CVE-2019-1010287","Info":{"Name":"Timesheet Next Gen \u003c=1.5.3 - Cross-Site Scripting","Severity":"medium","Description":"Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010287.yaml"} {"ID":"CVE-2019-1010290","Info":{"Name":"Babel - Open Redirect","Severity":"medium","Description":"Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010290.yaml"} {"ID":"CVE-2019-10232","Info":{"Name":"Teclib GLPI \u003c= 9.3.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"Teclib GLPI \u003c= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10232.yaml"} {"ID":"CVE-2019-10405","Info":{"Name":"Jenkins \u003c=2.196 - Cookie Exposure","Severity":"medium","Description":"Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2019/CVE-2019-10405.yaml"} {"ID":"CVE-2019-10475","Info":{"Name":"Jenkins build-metrics 1.3 - Cross-Site Scripting","Severity":"medium","Description":"Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10475.yaml"} {"ID":"CVE-2019-10692","Info":{"Name":"WordPress Google Maps \u003c7.11.18 - SQL Injection","Severity":"critical","Description":"WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10692.yaml"} {"ID":"CVE-2019-10717","Info":{"Name":"BlogEngine.NET 3.3.7.0 - Local File Inclusion","Severity":"high","Description":"BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2019/CVE-2019-10717.yaml"} {"ID":"CVE-2019-10758","Info":{"Name":"mongo-express Remote Code Execution","Severity":"critical","Description":"mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2019/CVE-2019-10758.yaml"} {"ID":"CVE-2019-11013","Info":{"Name":"Nimble Streamer \u003c=3.5.4-9 - Local File Inclusion","Severity":"medium","Description":"Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-11013.yaml"} {"ID":"CVE-2019-11248","Info":{"Name":"Debug Endpoint pprof - Exposure Detection","Severity":"high","Description":"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2019/CVE-2019-11248.yaml"} {"ID":"CVE-2019-11370","Info":{"Name":"Carel pCOWeb \u003cB1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html \"System contact\" field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2019/CVE-2019-11370.yaml"} {"ID":"CVE-2019-11510","Info":{"Name":"Pulse Connect Secure SSL VPN Arbitrary File Read","Severity":"critical","Description":"Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-11510.yaml"} {"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"} {"ID":"CVE-2019-11581","Info":{"Name":"Atlassian Jira Server-Side Template Injection","Severity":"critical","Description":"Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11581.yaml"} {"ID":"CVE-2019-11869","Info":{"Name":"WordPress Yuzo \u003c5.12.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting\nbecause it mistakenly expects that is_admin() verifies that the\nrequest comes from an admin user (it actually only verifies that the\nrequest is for an admin page). An unauthenticated attacker can consequently inject\na payload into the plugin settings, such as the\nyuzo_related_post_css_and_style setting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-11869.yaml"} {"ID":"CVE-2019-12276","Info":{"Name":"GrandNode 4.40 - Local File Inclusion","Severity":"high","Description":"GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12276.yaml"} {"ID":"CVE-2019-12314","Info":{"Name":"Deltek Maconomy 2.2.5 - Local File Inclusion","Severity":"critical","Description":"Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12314.yaml"} {"ID":"CVE-2019-12461","Info":{"Name":"WebPort 1.19.1 - Cross-Site Scripting","Severity":"medium","Description":"Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12461.yaml"} {"ID":"CVE-2019-12581","Info":{"Name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12581.yaml"} {"ID":"CVE-2019-12583","Info":{"Name":"Zyxel ZyWall UAG/USG - Account Creation Access","Severity":"critical","Description":"Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the \"Free Time\" component. This can lead to unauthorized network access or DoS attacks.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-12583.yaml"} {"ID":"CVE-2019-12593","Info":{"Name":"IceWarp Mail Server \u003c=10.4.4 - Local File Inclusion","Severity":"high","Description":"IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12593.yaml"} {"ID":"CVE-2019-12725","Info":{"Name":"Zeroshell 3.9.0 - Remote Command Execution","Severity":"critical","Description":"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12725.yaml"} {"ID":"CVE-2019-12962","Info":{"Name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","Severity":"medium","Description":"LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12962.yaml"} {"ID":"CVE-2019-12985","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12985.yaml"} {"ID":"CVE-2019-12986","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12986.yaml"} {"ID":"CVE-2019-12987","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12987.yaml"} {"ID":"CVE-2019-12988","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12988.yaml"} {"ID":"CVE-2019-12990","Info":{"Name":"Citrix SD-WAN Center - Local File Inclusion","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12990.yaml"} {"ID":"CVE-2019-13101","Info":{"Name":"D-Link DIR-600M - Authentication Bypass","Severity":"critical","Description":"D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-13101.yaml"} {"ID":"CVE-2019-13392","Info":{"Name":"MindPalette NateMail 3.0.15 - Cross-Site Scripting","Severity":"medium","Description":"MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-13392.yaml"} {"ID":"CVE-2019-13396","Info":{"Name":"FlightPath - Local File Inclusion","Severity":"medium","Description":"FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-13396.yaml"} {"ID":"CVE-2019-13462","Info":{"Name":"Lansweeper Unauthenticated SQL Injection","Severity":"critical","Description":"Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-13462.yaml"} {"ID":"CVE-2019-14205","Info":{"Name":"WordPress Nevma Adaptive Images \u003c0.6.67 - Local File Inclusion","Severity":"high","Description":"WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-14205.yaml"} {"ID":"CVE-2019-14223","Info":{"Name":"Alfresco Share - Open Redirect","Severity":"medium","Description":"Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14223.yaml"} {"ID":"CVE-2019-14251","Info":{"Name":"T24 Web Server - Local File Inclusion","Severity":"high","Description":"T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-14251.yaml"} {"ID":"CVE-2019-14312","Info":{"Name":"Aptana Jaxer 1.0.3.4547 - Local File inclusion","Severity":"medium","Description":"Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-14312.yaml"} {"ID":"CVE-2019-14322","Info":{"Name":"Pallets Werkzeug \u003c0.15.5 - Local File Inclusion","Severity":"high","Description":"Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-14322.yaml"} {"ID":"CVE-2019-14470","Info":{"Name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","Severity":"medium","Description":"WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14470.yaml"} {"ID":"CVE-2019-14530","Info":{"Name":"OpenEMR \u003c5.0.2 - Local File Inclusion","Severity":"high","Description":"OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-14530.yaml"} {"ID":"CVE-2019-14696","Info":{"Name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","Severity":"medium","Description":"Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14696.yaml"} {"ID":"CVE-2019-14750","Info":{"Name":"osTicket \u003c 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14750.yaml"} {"ID":"CVE-2019-14789","Info":{"Name":"Custom 404 Pro \u003c 3.2.8 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14789.yaml"} {"ID":"CVE-2019-14974","Info":{"Name":"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14974.yaml"} {"ID":"CVE-2019-15043","Info":{"Name":"Grafana - Improper Access Control","Severity":"high","Description":"Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-15043.yaml"} {"ID":"CVE-2019-15107","Info":{"Name":"Webmin \u003c= 1.920 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Webmin \u003c=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15107.yaml"} {"ID":"CVE-2019-15501","Info":{"Name":"L-Soft LISTSERV \u003c16.5-2018a - Cross-Site Scripting","Severity":"medium","Description":"L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15501.yaml"} {"ID":"CVE-2019-15642","Info":{"Name":"Webmin \u003c 1.920 - Authenticated Remote Code Execution","Severity":"high","Description":"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15642.yaml"} {"ID":"CVE-2019-15713","Info":{"Name":"WordPress My Calendar \u003c= 3.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin My Calendar \u003c= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15713.yaml"} {"ID":"CVE-2019-15811","Info":{"Name":"DomainMOD \u003c=4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15811.yaml"} {"ID":"CVE-2019-15829","Info":{"Name":"Gallery Photoblocks \u003c 1.1.43 - Cross-Site Scripting","Severity":"medium","Description":"The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2019/CVE-2019-15829.yaml"} {"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15858.yaml"} {"ID":"CVE-2019-15859","Info":{"Name":"Socomec DIRIS A-40 Devices Password Disclosure","Severity":"critical","Description":"Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15859.yaml"} {"ID":"CVE-2019-15889","Info":{"Name":"WordPress Download Manager \u003c2.9.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15889.yaml"} {"ID":"CVE-2019-16057","Info":{"Name":"D-Link DNS-320 - Remote Code Execution","Severity":"critical","Description":"The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16057.yaml"} {"ID":"CVE-2019-16097","Info":{"Name":"Harbor \u003c=1.82.0 - Privilege Escalation","Severity":"medium","Description":"Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-16097.yaml"} {"ID":"CVE-2019-16123","Info":{"Name":"PilusCart \u003c=1.4.1 - Local File Inclusion","Severity":"high","Description":"PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-16123.yaml"} {"ID":"CVE-2019-16278","Info":{"Name":"nostromo 1.9.6 - Remote Code Execution","Severity":"critical","Description":"nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16278.yaml"} {"ID":"CVE-2019-16313","Info":{"Name":"ifw8 Router ROM v4.31 - Credential Discovery","Severity":"high","Description":"ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-16313.yaml"} {"ID":"CVE-2019-16332","Info":{"Name":"WordPress API Bearer Auth \u003c20190907 - Cross-Site Scripting","Severity":"medium","Description":"WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-16332.yaml"} {"ID":"CVE-2019-16469","Info":{"Name":"Adobe Experience Manager - Expression Language Injection","Severity":"high","Description":"Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-16469.yaml"} {"ID":"CVE-2019-16525","Info":{"Name":"WordPress Checklist \u003c1.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-16525.yaml"} {"ID":"CVE-2019-1653","Info":{"Name":"Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure","Severity":"high","Description":"Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-1653.yaml"} {"ID":"CVE-2019-16662","Info":{"Name":"rConfig 3.9.2 - Remote Code Execution","Severity":"critical","Description":"rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16662.yaml"} {"ID":"CVE-2019-16759","Info":{"Name":"vBulletin 5.0.0-5.5.4 - Remote Command Execution","Severity":"critical","Description":"vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16759.yaml"} {"ID":"CVE-2019-16920","Info":{"Name":"D-Link Routers - Remote Code Execution","Severity":"critical","Description":"D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16920.yaml"} {"ID":"CVE-2019-16931","Info":{"Name":"WordPress Visualizer \u003c3.3.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-16931.yaml"} {"ID":"CVE-2019-16932","Info":{"Name":"Visualizer \u003c3.3.1 - Blind Server-Side Request Forgery","Severity":"critical","Description":"Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-16932.yaml"} {"ID":"CVE-2019-16996","Info":{"Name":"Metinfo 7.0.0 beta - SQL Injection","Severity":"high","Description":"Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product\u0026c=product_admin\u0026a=dopara\u0026app_type=shop id parameter.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-16996.yaml"} {"ID":"CVE-2019-16997","Info":{"Name":"Metinfo 7.0.0 beta - SQL Injection","Severity":"high","Description":"Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language\u0026c=language_general\u0026a=doExportPack appno parameter.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-16997.yaml"} {"ID":"CVE-2019-17270","Info":{"Name":"Yachtcontrol Webapplication 1.0 - Remote Command Injection","Severity":"critical","Description":"Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the \"/pages/systemcall.php?command={COMMAND}\" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17270.yaml"} {"ID":"CVE-2019-17382","Info":{"Name":"Zabbix \u003c=4.4 - Authentication Bypass","Severity":"critical","Description":"Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view\u0026dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-17382.yaml"} {"ID":"CVE-2019-17418","Info":{"Name":"MetInfo 7.0.0 beta - SQL Injection","Severity":"high","Description":"MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language\u0026c=language_general\u0026a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-17418.yaml"} {"ID":"CVE-2019-17444","Info":{"Name":"Jfrog Artifactory \u003c6.17.0 - Default Admin Password","Severity":"critical","Description":"Jfrog Artifactory prior to 6.17.0 uses default passwords (such as \"password\") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17444.yaml"} {"ID":"CVE-2019-17503","Info":{"Name":"Kirona Dynamic Resource Scheduler - Information Disclosure","Severity":"medium","Description":"Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-17503.yaml"} {"ID":"CVE-2019-17506","Info":{"Name":"D-Link DIR-868L/817LW - Information Disclosure","Severity":"critical","Description":"D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17506.yaml"} {"ID":"CVE-2019-17538","Info":{"Name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","Severity":"high","Description":"Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1\u0026name=../.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17538.yaml"} {"ID":"CVE-2019-17558","Info":{"Name":"Apache Solr \u003c=8.3.1 - Remote Code Execution","Severity":"high","Description":"Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17558.yaml"} {"ID":"CVE-2019-17574","Info":{"Name":"Popup-Maker \u003c 1.8.12 - Broken Authentication","Severity":"critical","Description":"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the \"support debug text file\").\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-17574.yaml"} {"ID":"CVE-2019-17662","Info":{"Name":"ThinVNC 1.0b1 - Authentication Bypass","Severity":"critical","Description":"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17662.yaml"} {"ID":"CVE-2019-1821","Info":{"Name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","Severity":"critical","Description":"Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-1821.yaml"} {"ID":"CVE-2019-18371","Info":{"Name":"Xiaomi Mi WiFi R3G Routers - Local file Inclusion","Severity":"high","Description":"Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18371.yaml"} {"ID":"CVE-2019-18393","Info":{"Name":"Ignite Realtime Openfire \u003c4.42 - Local File Inclusion","Severity":"medium","Description":"Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-18393.yaml"} {"ID":"CVE-2019-18394","Info":{"Name":"Ignite Realtime Openfire \u003c=4.4.2 - Server-Side Request Forgery","Severity":"critical","Description":"Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-18394.yaml"} {"ID":"CVE-2019-18665","Info":{"Name":"DOMOS 5.5 - Local File Inclusion","Severity":"high","Description":"SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18665.yaml"} {"ID":"CVE-2019-18818","Info":{"Name":"strapi CMS \u003c3.0.0-beta.17.5 - Admin Password Reset","Severity":"critical","Description":"strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-18818.yaml"} {"ID":"CVE-2019-18922","Info":{"Name":"Allied Telesis AT-GS950/8 - Local File Inclusion","Severity":"high","Description":"Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18922.yaml"} {"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"} {"ID":"CVE-2019-1898","Info":{"Name":"Cisco RV110W RV130W RV215W Router - Information leakage","Severity":"medium","Description":"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-1898.yaml"} {"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"} {"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"} {"ID":"CVE-2019-19411","Info":{"Name":"Huawei Firewall - Local File Inclusion","Severity":"low","Description":"USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.\n","Classification":{"CVSSScore":"3.7"}},"file_path":"http/cves/2019/CVE-2019-19411.yaml"} {"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"} {"ID":"CVE-2019-19781","Info":{"Name":"Citrix ADC and Gateway - Directory Traversal","Severity":"critical","Description":"Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-19781.yaml"} {"ID":"CVE-2019-19824","Info":{"Name":"TOTOLINK Realtek SD Routers - Remote Command Injection","Severity":"high","Description":"TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-19824.yaml"} {"ID":"CVE-2019-19908","Info":{"Name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","Severity":"medium","Description":"phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19908.yaml"} {"ID":"CVE-2019-19985","Info":{"Name":"WordPress Email Subscribers \u0026 Newsletters \u003c4.2.3 - Arbitrary File Retrieval","Severity":"medium","Description":"WordPress Email Subscribers \u0026 Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-19985.yaml"} {"ID":"CVE-2019-20085","Info":{"Name":"TVT NVMS 1000 - Local File Inclusion","Severity":"high","Description":"TVT NVMS-1000 devices allow GET /.. local file inclusion attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-20085.yaml"} {"ID":"CVE-2019-20141","Info":{"Name":"WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-20141.yaml"} {"ID":"CVE-2019-20183","Info":{"Name":"Simple Employee Records System 1.0 - Unrestricted File Upload","Severity":"high","Description":"Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-20183.yaml"} {"ID":"CVE-2019-20210","Info":{"Name":"WordPress CTHthemes - Cross-Site Scripting","Severity":"medium","Description":"WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-20210.yaml"} {"ID":"CVE-2019-20224","Info":{"Name":"Pandora FMS 7.0NG - Remote Command Injection","Severity":"high","Description":"Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-20224.yaml"} {"ID":"CVE-2019-20933","Info":{"Name":"InfluxDB \u003c1.7.6 - Authentication Bypass","Severity":"critical","Description":"InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-20933.yaml"} {"ID":"CVE-2019-2578","Info":{"Name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control","Severity":"high","Description":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2019/CVE-2019-2578.yaml"} {"ID":"CVE-2019-2579","Info":{"Name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection","Severity":"medium","Description":"The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2019/CVE-2019-2579.yaml"} {"ID":"CVE-2019-2588","Info":{"Name":"Oracle Business Intelligence - Path Traversal","Severity":"medium","Description":"Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2019/CVE-2019-2588.yaml"} {"ID":"CVE-2019-2616","Info":{"Name":"Oracle Business Intelligence/XML Publisher - XML External Entity Injection","Severity":"high","Description":"Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-2616.yaml"} {"ID":"CVE-2019-2725","Info":{"Name":"Oracle WebLogic Server - Remote Command Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-2725.yaml"} {"ID":"CVE-2019-2729","Info":{"Name":"Oracle WebLogic Server Administration Console - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-2729.yaml"} {"ID":"CVE-2019-2767","Info":{"Name":"Oracle Business Intelligence Publisher - XML External Entity Injection","Severity":"high","Description":"Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-2767.yaml"} {"ID":"CVE-2019-3396","Info":{"Name":"Atlassian Confluence Server - Path Traversal","Severity":"critical","Description":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-3396.yaml"} {"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"} {"ID":"CVE-2019-3401","Info":{"Name":"Atlassian Jira \u003c7.13.3/8.0.0-8.1.1 - Incorrect Authorization","Severity":"medium","Description":"Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3401.yaml"} {"ID":"CVE-2019-3402","Info":{"Name":"Jira \u003c 8.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3402.yaml"} {"ID":"CVE-2019-3403","Info":{"Name":"Jira - Incorrect Authorization","Severity":"medium","Description":"Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3403.yaml"} {"ID":"CVE-2019-3799","Info":{"Name":"Spring Cloud Config Server - Local File Inclusion","Severity":"medium","Description":"Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-3799.yaml"} {"ID":"CVE-2019-3911","Info":{"Name":"LabKey Server Community Edition \u003c18.3.0 - Cross-Site Scripting","Severity":"medium","Description":"LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3911.yaml"} {"ID":"CVE-2019-3912","Info":{"Name":"LabKey Server Community Edition \u003c18.3.0 - Open Redirect","Severity":"medium","Description":"LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /__r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3912.yaml"} {"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-3929.yaml"} {"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-5127.yaml"} {"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-5418.yaml"} {"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"critical","Description":"Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-5434.yaml"} {"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-6112.yaml"} {"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-6340.yaml"} {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-6715.yaml"} {"ID":"CVE-2019-6793","Info":{"Name":"GitLab Enterprise Edition - Server-Side Request Forgery","Severity":"high","Description":"An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.\n","Classification":{"CVSSScore":"7.0"}},"file_path":"http/cves/2019/CVE-2019-6793.yaml"} {"ID":"CVE-2019-6799","Info":{"Name":"phpMyAdmin \u003c4.8.5 - Local File Inclusion","Severity":"medium","Description":"phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2019/CVE-2019-6799.yaml"} {"ID":"CVE-2019-6802","Info":{"Name":"Pypiserver \u003c1.2.5 - Carriage Return Line Feed Injection","Severity":"medium","Description":"Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-6802.yaml"} {"ID":"CVE-2019-7139","Info":{"Name":"Magento - SQL Injection","Severity":"critical","Description":"An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7139.yaml"} {"ID":"CVE-2019-7192","Info":{"Name":"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution","Severity":"critical","Description":"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7192.yaml"} {"ID":"CVE-2019-7219","Info":{"Name":"Zarafa WebApp \u003c=2.0.1.47791 - Cross-Site Scripting","Severity":"medium","Description":"Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7219.yaml"} {"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7238.yaml"} {"ID":"CVE-2019-7254","Info":{"Name":"eMerge E3 1.00-06 - Local File Inclusion","Severity":"high","Description":"Linear eMerge E3-Series devices are vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7254.yaml"} {"ID":"CVE-2019-7255","Info":{"Name":"Linear eMerge E3 - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7255.yaml"} {"ID":"CVE-2019-7256","Info":{"Name":"eMerge E3 1.00-06 - Remote Code Execution","Severity":"critical","Description":"Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-7256.yaml"} {"ID":"CVE-2019-7275","Info":{"Name":"Optergy Proton/Enterprise Building Management System - Open Redirect","Severity":"medium","Description":"Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7275.yaml"} {"ID":"CVE-2019-7315","Info":{"Name":"Genie Access WIP3BVAF IP Camera - Local File Inclusion","Severity":"high","Description":"Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7315.yaml"} {"ID":"CVE-2019-7481","Info":{"Name":"SonicWall SRA 4600 VPN - SQL Injection","Severity":"high","Description":"The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7481.yaml"} {"ID":"CVE-2019-7543","Info":{"Name":"KindEditor 4.1.11 - Cross-Site Scripting","Severity":"medium","Description":"KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7543.yaml"} {"ID":"CVE-2019-7609","Info":{"Name":"Kibana Timelion - Arbitrary Code Execution","Severity":"critical","Description":"Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-7609.yaml"} {"ID":"CVE-2019-8086","Info":{"Name":"Adobe Experience Manager - XML External Entity Injection","Severity":"high","Description":"Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-8086.yaml"} {"ID":"CVE-2019-8390","Info":{"Name":"qdPM 9.1 - Cross-site Scripting","Severity":"medium","Description":"qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-8390.yaml"} {"ID":"CVE-2019-8442","Info":{"Name":"Jira - Local File Inclusion","Severity":"high","Description":"Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-8442.yaml"} {"ID":"CVE-2019-8446","Info":{"Name":"Jira Improper Authorization","Severity":"medium","Description":"The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-8446.yaml"} {"ID":"CVE-2019-8449","Info":{"Name":"Jira \u003c8.4.0 - Information Disclosure","Severity":"medium","Description":"Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-8449.yaml"} {"ID":"CVE-2019-8451","Info":{"Name":"Jira \u003c8.4.0 - Server-Side Request Forgery","Severity":"medium","Description":"Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-8451.yaml"} {"ID":"CVE-2019-8903","Info":{"Name":"Totaljs \u003c3.2.3 - Local File Inclusion","Severity":"high","Description":"Total.js Platform before 3.2.3 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-8903.yaml"} {"ID":"CVE-2019-8937","Info":{"Name":"HotelDruid 2.3.0 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-8937.yaml"} {"ID":"CVE-2019-8982","Info":{"Name":"Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent\u0026inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2019/CVE-2019-8982.yaml"} {"ID":"CVE-2019-9041","Info":{"Name":"ZZZCMS 1.6.1 - Remote Code Execution","Severity":"high","Description":"ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-9041.yaml"} {"ID":"CVE-2019-9618","Info":{"Name":"WordPress GraceMedia Media Player 1.0 - Local File Inclusion","Severity":"critical","Description":"WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9618.yaml"} {"ID":"CVE-2019-9632","Info":{"Name":"ESAFENET CDG - Arbitrary File Download","Severity":"high","Description":"ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9632.yaml"} {"ID":"CVE-2019-9670","Info":{"Name":"Synacor Zimbra Collaboration \u003c8.7.11p10 - XML External Entity Injection","Severity":"critical","Description":"Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9670.yaml"} {"ID":"CVE-2019-9726","Info":{"Name":"Homematic CCU3 - Local File Inclusion","Severity":"high","Description":"eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9726.yaml"} {"ID":"CVE-2019-9733","Info":{"Name":"JFrog Artifactory 6.7.3 - Admin Login Bypass","Severity":"critical","Description":"JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9733.yaml"} {"ID":"CVE-2019-9915","Info":{"Name":"GetSimple CMS 3.3.13 - Open Redirect","Severity":"medium","Description":"GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-9915.yaml"} {"ID":"CVE-2019-9922","Info":{"Name":"Joomla! Harmis Messenger 1.2.2 - Local File Inclusion","Severity":"high","Description":"Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9922.yaml"} {"ID":"CVE-2019-9955","Info":{"Name":"Zyxel - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mp_idx parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-9955.yaml"} {"ID":"CVE-2019-9978","Info":{"Name":"WordPress Social Warfare \u003c3.5.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-9978.yaml"} {"ID":"CVE-2020-0618","Info":{"Name":"Microsoft SQL Server Reporting Services - Remote Code Execution","Severity":"high","Description":"Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-0618.yaml"} {"ID":"CVE-2020-10148","Info":{"Name":"SolarWinds Orion API - Auth Bypass","Severity":"critical","Description":"SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10148.yaml"} {"ID":"CVE-2020-10189","Info":{"Name":"ManageEngine Desktop Central Java Deserialization","Severity":"critical","Description":"Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10189.yaml"} {"ID":"CVE-2020-10199","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Remote Code Execution","Severity":"high","Description":"Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-10199.yaml"} {"ID":"CVE-2020-10220","Info":{"Name":"rConfig 3.9 - SQL Injection","Severity":"critical","Description":"An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10220.yaml"} {"ID":"CVE-2020-10546","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10546.yaml"} {"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10547.yaml"} {"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10548.yaml"} {"ID":"CVE-2020-10549","Info":{"Name":"rConfig \u003c=3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10549.yaml"} {"ID":"CVE-2020-10770","Info":{"Name":"Keycloak \u003c= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)","Severity":"medium","Description":"Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-10770.yaml"} {"ID":"CVE-2020-10973","Info":{"Name":"WAVLINK - Access Control","Severity":"high","Description":"Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-10973.yaml"} {"ID":"CVE-2020-11034","Info":{"Name":"GLPI \u003c9.4.6 - Open Redirect","Severity":"medium","Description":"GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11034.yaml"} {"ID":"CVE-2020-11110","Info":{"Name":"Grafana \u003c= 6.7.1 - Cross-Site Scripting","Severity":"medium","Description":"Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-11110.yaml"} {"ID":"CVE-2020-11441","Info":{"Name":"phpMyAdmin 5.0.2 - CRLF Injection","Severity":"medium","Description":"phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states \"I don't see anything specifically exploitable.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11441.yaml"} {"ID":"CVE-2020-11450","Info":{"Name":"MicroStrategy Web 10.4 - Information Disclosure","Severity":"high","Description":"MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11450.yaml"} {"ID":"CVE-2020-11455","Info":{"Name":"LimeSurvey 4.1.11 - Local File Inclusion","Severity":"critical","Description":"LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11455.yaml"} {"ID":"CVE-2020-11529","Info":{"Name":"Grav \u003c1.7 - Open Redirect","Severity":"medium","Description":"Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11529.yaml"} {"ID":"CVE-2020-11530","Info":{"Name":"WordPress Chop Slider 3 - Blind SQL Injection","Severity":"critical","Description":"WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11530.yaml"} {"ID":"CVE-2020-11546","Info":{"Name":"SuperWebmailer 7.21.0.01526 - Remote Code Execution","Severity":"critical","Description":"SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11546.yaml"} {"ID":"CVE-2020-11547","Info":{"Name":"PRTG Network Monitor \u003c20.1.57.1745 - Information Disclosure","Severity":"medium","Description":"PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11547.yaml"} {"ID":"CVE-2020-11710","Info":{"Name":"Kong Admin \u003c=2.03 - Admin API Access","Severity":"critical","Description":"Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11710.yaml"} {"ID":"CVE-2020-11738","Info":{"Name":"WordPress Duplicator 1.3.24 \u0026 1.3.26 - Local File Inclusion","Severity":"high","Description":"WordPress Duplicator 1.3.24 \u0026 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two\nversions v1.3.24 and v1.3.26, the vulnerability wasn't\npresent in versions 1.3.22 and before.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11738.yaml"} {"ID":"CVE-2020-11798","Info":{"Name":"Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal","Severity":"medium","Description":"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11798.yaml"} {"ID":"CVE-2020-11853","Info":{"Name":"Micro Focus Operations Bridge Manager \u003c=2020.05 - Remote Code Execution","Severity":"high","Description":"Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-11853.yaml"} {"ID":"CVE-2020-11854","Info":{"Name":"Micro Focus UCMDB - Remote Code Execution","Severity":"critical","Description":"Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11854.yaml"} {"ID":"CVE-2020-11930","Info":{"Name":"WordPress GTranslate \u003c2.8.52 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11930.yaml"} {"ID":"CVE-2020-11978","Info":{"Name":"Apache Airflow \u003c=1.10.10 - Remote Code Execution","Severity":"high","Description":"Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-11978.yaml"} {"ID":"CVE-2020-11991","Info":{"Name":"Apache Cocoon 2.1.12 - XML Injection","Severity":"high","Description":"Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11991.yaml"} {"ID":"CVE-2020-12054","Info":{"Name":"WordPress Catch Breadcrumb \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-12054.yaml"} {"ID":"CVE-2020-12116","Info":{"Name":"Zoho ManageEngine OpManger - Arbitrary File Read","Severity":"high","Description":"Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12116.yaml"} {"ID":"CVE-2020-12124","Info":{"Name":"WAVLINK WN530H4 live_api.cgi - Command Injection","Severity":"critical","Description":"A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12124.yaml"} {"ID":"CVE-2020-12127","Info":{"Name":"WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure","Severity":"high","Description":"WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12127.yaml"} {"ID":"CVE-2020-12256","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12256.yaml"} {"ID":"CVE-2020-12259","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12259.yaml"} {"ID":"CVE-2020-12447","Info":{"Name":"Onkyo TX-NR585 Web Interface - Directory Traversal","Severity":"high","Description":"Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12447.yaml"} {"ID":"CVE-2020-12478","Info":{"Name":"TeamPass 2.1.27.36 - Improper Authentication","Severity":"high","Description":"TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12478.yaml"} {"ID":"CVE-2020-12720","Info":{"Name":"vBulletin SQL Injection","Severity":"critical","Description":"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12720.yaml"} {"ID":"CVE-2020-12800","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.3.3 - Remote Code Execution","Severity":"critical","Description":"WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12800.yaml"} {"ID":"CVE-2020-13117","Info":{"Name":"Wavlink Multiple AP - Remote Command Injection","Severity":"critical","Description":"Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the \"key\" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13117.yaml"} {"ID":"CVE-2020-13121","Info":{"Name":"Submitty \u003c= 20.04.01 - Open Redirect","Severity":"medium","Description":"Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13121.yaml"} {"ID":"CVE-2020-13158","Info":{"Name":"Artica Proxy Community Edition \u003c4.30.000000 - Local File Inclusion","Severity":"high","Description":"Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13158.yaml"} {"ID":"CVE-2020-13167","Info":{"Name":"Netsweeper \u003c=6.4.3 - Python Code Injection","Severity":"critical","Description":"Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13167.yaml"} {"ID":"CVE-2020-13258","Info":{"Name":"Contentful \u003c=2020-05-21 - Cross-Site Scripting","Severity":"medium","Description":"Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13258.yaml"} {"ID":"CVE-2020-13379","Info":{"Name":"Grafana 3.0.1-7.0.1 - Server-Side Request Forgery","Severity":"high","Description":"Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-13379.yaml"} {"ID":"CVE-2020-13405","Info":{"Name":"Microweber \u003c1.1.20 - Information Disclosure","Severity":"high","Description":"Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13405.yaml"} {"ID":"CVE-2020-13483","Info":{"Name":"Bitrix24 \u003c=20.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13483.yaml"} {"ID":"CVE-2020-13638","Info":{"Name":"rConfig 3.9 - Authentication Bypass(Admin Login)","Severity":"critical","Description":"lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13638.yaml"} {"ID":"CVE-2020-13700","Info":{"Name":"WordPresss acf-to-rest-api \u003c=3.1.0 - Insecure Direct Object Reference","Severity":"high","Description":"WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13700.yaml"} {"ID":"CVE-2020-13820","Info":{"Name":"Extreme Management Center 8.4.1.24 - Cross-Site Scripting","Severity":"medium","Description":"Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13820.yaml"} {"ID":"CVE-2020-13851","Info":{"Name":"Artica Pandora FMS 7.44 - Remote Code Execution","Severity":"high","Description":"Artica Pandora FMS 7.44 allows remote command execution via the events feature.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-13851.yaml"} {"ID":"CVE-2020-13927","Info":{"Name":"Airflow Experimental \u003c1.10.11 - REST API Auth Bypass","Severity":"critical","Description":"Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13927.yaml"} {"ID":"CVE-2020-13937","Info":{"Name":"Apache Kylin - Exposed Configuration File","Severity":"medium","Description":"Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-13937.yaml"} {"ID":"CVE-2020-13942","Info":{"Name":"Apache Unomi \u003c1.5.2 - Remote Code Execution","Severity":"critical","Description":"Apache Unomi allows conditions to use OGNL and MVEL scripting which\noffers the possibility to call static Java classes from the JDK\nthat could execute code with the permission level of the running Java process.\nThis vulnerability affects all versions of Apache Unomi prior to 1.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13942.yaml"} {"ID":"CVE-2020-13945","Info":{"Name":"Apache APISIX - Insufficiently Protected Credentials","Severity":"medium","Description":"Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-13945.yaml"} {"ID":"CVE-2020-14092","Info":{"Name":"WordPress PayPal Pro \u003c1.1.65 - SQL Injection","Severity":"critical","Description":"WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14092.yaml"} {"ID":"CVE-2020-14144","Info":{"Name":"Gitea 1.1.0 - 1.12.5 - Remote Code Execution","Severity":"high","Description":"Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states \"This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.\"\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-14144.yaml"} {"ID":"CVE-2020-14179","Info":{"Name":"Atlassian Jira Server/Data Center \u003c8.5.8/8.6.0 - 8.11.1 - Information Disclosure","Severity":"medium","Description":"Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-14179.yaml"} {"ID":"CVE-2020-14181","Info":{"Name":"Jira Server and Data Center - Information Disclosure","Severity":"medium","Description":"Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-14181.yaml"} {"ID":"CVE-2020-14408","Info":{"Name":"Agentejo Cockpit 0.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-14408.yaml"} {"ID":"CVE-2020-14413","Info":{"Name":"NeDi 1.9C - Cross-Site Scripting","Severity":"medium","Description":"NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-14413.yaml"} {"ID":"CVE-2020-14750","Info":{"Name":"Oracle WebLogic Server - Remote Command Execution","Severity":"critical","Description":"Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14750.yaml"} {"ID":"CVE-2020-14864","Info":{"Name":"Oracle Fusion - Directory Traversal/Local File Inclusion","Severity":"high","Description":"Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via \"getPreviewImage.\"","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-14864.yaml"} {"ID":"CVE-2020-14882","Info":{"Name":"Oracle Weblogic Server - Remote Command Execution","Severity":"critical","Description":"Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14882.yaml"} {"ID":"CVE-2020-14883","Info":{"Name":"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution","Severity":"high","Description":"The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-14883.yaml"} {"ID":"CVE-2020-15050","Info":{"Name":"Suprema BioStar \u003c2.8.2 - Local File Inclusion","Severity":"high","Description":"Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-15050.yaml"} {"ID":"CVE-2020-15129","Info":{"Name":"Traefik - Open Redirect","Severity":"medium","Description":"Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2020/CVE-2020-15129.yaml"} {"ID":"CVE-2020-15148","Info":{"Name":"Yii 2 \u003c 2.0.38 - Remote Code Execution","Severity":"critical","Description":"Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-15148.yaml"} {"ID":"CVE-2020-15227","Info":{"Name":"Nette Framework - Remote Code Execution","Severity":"critical","Description":"Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-15227.yaml"} {"ID":"CVE-2020-15500","Info":{"Name":"TileServer GL \u003c=3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-15500.yaml"} {"ID":"CVE-2020-15505","Info":{"Name":"MobileIron Core \u0026 Connector \u003c= v10.6 \u0026 Sentry \u003c= v9.8 - Remote Code Execution","Severity":"critical","Description":"A remote code execution vulnerability in MobileIron Core \u0026 Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-15505.yaml"} {"ID":"CVE-2020-15568","Info":{"Name":"TerraMaster TOS \u003c.1.29 - Remote Code Execution","Severity":"critical","Description":"TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-15568.yaml"} {"ID":"CVE-2020-15867","Info":{"Name":"Gogs 0.5.5 - 0.12.2 - Remote Code Execution","Severity":"high","Description":"Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a \"product UI does not warn user of unsafe actions\" issue.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-15867.yaml"} {"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L 2.x - Cross-Site Scripting","Severity":"medium","Description":"D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-15895.yaml"} {"ID":"CVE-2020-15920","Info":{"Name":"Mida eFramework \u003c=2.9.0 - Remote Command Execution","Severity":"critical","Description":"Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-15920.yaml"} {"ID":"CVE-2020-16139","Info":{"Name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","Severity":"high","Description":"Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-16139.yaml"} {"ID":"CVE-2020-16846","Info":{"Name":"SaltStack \u003c=3002 - Shell Injection","Severity":"critical","Description":"SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-16846.yaml"} {"ID":"CVE-2020-16952","Info":{"Name":"Microsoft SharePoint - Remote Code Execution","Severity":"high","Description":"Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2020/CVE-2020-16952.yaml"} {"ID":"CVE-2020-17362","Info":{"Name":"Nova Lite \u003c 1.3.9 - Cross-Site Scripting","Severity":"medium","Description":"Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17362.yaml"} {"ID":"CVE-2020-17453","Info":{"Name":"WSO2 Carbon Management Console \u003c=5.10 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17453.yaml"} {"ID":"CVE-2020-17456","Info":{"Name":"SEOWON INTECH SLC-130 \u0026 SLR-120S - Unauthenticated Remote Code Execution","Severity":"critical","Description":"SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17456.yaml"} {"ID":"CVE-2020-17463","Info":{"Name":"Fuel CMS 1.4.7 - SQL Injection","Severity":"critical","Description":"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17463.yaml"} {"ID":"CVE-2020-17496","Info":{"Name":"vBulletin 5.5.4 - 5.6.2- Remote Command Execution","Severity":"critical","Description":"vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17496.yaml"} {"ID":"CVE-2020-17505","Info":{"Name":"Artica Web Proxy 4.30 - OS Command Injection","Severity":"high","Description":"Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-17505.yaml"} {"ID":"CVE-2020-17506","Info":{"Name":"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection","Severity":"critical","Description":"Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17506.yaml"} {"ID":"CVE-2020-17518","Info":{"Name":"Apache Flink 1.5.1 - Local File Inclusion","Severity":"high","Description":"Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-17518.yaml"} {"ID":"CVE-2020-17519","Info":{"Name":"Apache Flink - Local File Inclusion","Severity":"high","Description":"Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-17519.yaml"} {"ID":"CVE-2020-17526","Info":{"Name":"Apache Airflow \u003c1.10.14 - Authentication Bypass","Severity":"high","Description":"Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2020/CVE-2020-17526.yaml"} {"ID":"CVE-2020-17530","Info":{"Name":"Apache Struts 2.0.0-2.5.25 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17530.yaml"} {"ID":"CVE-2020-18268","Info":{"Name":"Z-Blog \u003c=1.5.2 - Open Redirect","Severity":"medium","Description":"Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-18268.yaml"} {"ID":"CVE-2020-19282","Info":{"Name":"Jeesns 1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19282.yaml"} {"ID":"CVE-2020-19283","Info":{"Name":"Jeesns 1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19283.yaml"} {"ID":"CVE-2020-19295","Info":{"Name":"Jeesns 1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19295.yaml"} {"ID":"CVE-2020-19360","Info":{"Name":"FHEM 6.0 - Local File Inclusion","Severity":"high","Description":"FHEM version 6.0 suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-19360.yaml"} {"ID":"CVE-2020-1943","Info":{"Name":"Apache OFBiz \u003c=16.11.07 - Cross-Site Scripting","Severity":"medium","Description":"Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-1943.yaml"} {"ID":"CVE-2020-19515","Info":{"Name":"qdPM 9.1 - Cross-site Scripting","Severity":"medium","Description":"qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\\install\\modules\\database_config.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19515.yaml"} {"ID":"CVE-2020-1956","Info":{"Name":"Apache Kylin 3.0.1 - Command Injection Vulnerability","Severity":"high","Description":"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-1956.yaml"} {"ID":"CVE-2020-19625","Info":{"Name":"Gridx 1.3 - Remote Code Execution","Severity":"critical","Description":"Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-19625.yaml"} {"ID":"CVE-2020-20285","Info":{"Name":"ZZcms - Cross-Site Scripting","Severity":"medium","Description":"ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-20285.yaml"} {"ID":"CVE-2020-20300","Info":{"Name":"WeiPHP 5.0 - SQL Injection","Severity":"critical","Description":"WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-20300.yaml"} {"ID":"CVE-2020-2036","Info":{"Name":"Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting","Severity":"high","Description":"PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-2036.yaml"} {"ID":"CVE-2020-2096","Info":{"Name":"Jenkins Gitlab Hook \u003c=1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-2096.yaml"} {"ID":"CVE-2020-20982","Info":{"Name":"shadoweb wdja v1.5.1 - Cross-Site Scripting","Severity":"critical","Description":"shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2020/CVE-2020-20982.yaml"} {"ID":"CVE-2020-20988","Info":{"Name":"DomainMOD 4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the \"or Expiring Between\" parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-20988.yaml"} {"ID":"CVE-2020-2103","Info":{"Name":"Jenkins \u003c=2.218 - Information Disclosure","Severity":"medium","Description":"Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-2103.yaml"} {"ID":"CVE-2020-21224","Info":{"Name":"Inspur ClusterEngine 4.0 - Remote Code Execution","Severity":"critical","Description":"Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-21224.yaml"} {"ID":"CVE-2020-2140","Info":{"Name":"Jenkin Audit Trail \u003c=3.2 - Cross-Site Scripting","Severity":"medium","Description":"Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-2140.yaml"} {"ID":"CVE-2020-22208","Info":{"Name":"74cms - ajax_street.php 'x' SQL Injection","Severity":"critical","Description":"SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-22208.yaml"} {"ID":"CVE-2020-22209","Info":{"Name":"74cms - ajax_common.php SQL Injection","Severity":"critical","Description":"SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-22209.yaml"} {"ID":"CVE-2020-22210","Info":{"Name":"74cms - ajax_officebuilding.php SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-22210.yaml"} {"ID":"CVE-2020-22211","Info":{"Name":"74cms - ajax_street.php 'key' SQL Injection","Severity":"critical","Description":"SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-22211.yaml"} {"ID":"CVE-2020-22840","Info":{"Name":"b2evolution CMS \u003c6.11.6 - Open Redirect","Severity":"medium","Description":"b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirect_to parameter in email_passthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-22840.yaml"} {"ID":"CVE-2020-23015","Info":{"Name":"OPNsense \u003c=20.1.5 - Open Redirect","Severity":"medium","Description":"OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-23015.yaml"} {"ID":"CVE-2020-23517","Info":{"Name":"Aryanic HighMail (High CMS) - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-23517.yaml"} {"ID":"CVE-2020-23575","Info":{"Name":"Kyocera Printer d-COPIA253MF - Directory Traversal","Severity":"high","Description":"Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-23575.yaml"} {"ID":"CVE-2020-23697","Info":{"Name":"Monstra CMS 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-23697.yaml"} {"ID":"CVE-2020-23972","Info":{"Name":"Joomla! Component GMapFP 3.5 - Arbitrary File Upload","Severity":"high","Description":"Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application\nwithout authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type \u0026 name file too double ext.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-23972.yaml"} {"ID":"CVE-2020-24148","Info":{"Name":"Import XML \u0026 RSS Feeds WordPress Plugin \u003c= 2.0.1 Server-Side Request Forgery","Severity":"critical","Description":"WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2020/CVE-2020-24148.yaml"} {"ID":"CVE-2020-24186","Info":{"Name":"WordPress wpDiscuz \u003c=7.0.4 - Remote Code Execution","Severity":"critical","Description":"WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-24186.yaml"} {"ID":"CVE-2020-24223","Info":{"Name":"Mara CMS 7.5 - Cross-Site Scripting","Severity":"medium","Description":"Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24223.yaml"} {"ID":"CVE-2020-24312","Info":{"Name":"WordPress Plugin File Manager (wp-file-manager) Backup Disclosure","Severity":"high","Description":"mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-24312.yaml"} {"ID":"CVE-2020-24391","Info":{"Name":"Mongo-Express - Remote Code Execution","Severity":"critical","Description":"Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-24391.yaml"} {"ID":"CVE-2020-24550","Info":{"Name":"EpiServer Find \u003c13.2.7 - Open Redirect","Severity":"medium","Description":"EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24550.yaml"} {"ID":"CVE-2020-24571","Info":{"Name":"NexusDB \u003c4.50.23 - Local File Inclusion","Severity":"high","Description":"NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-24571.yaml"} {"ID":"CVE-2020-24579","Info":{"Name":"D-Link DSL 2888a - Authentication Bypass/Remote Command Execution","Severity":"high","Description":"D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-24579.yaml"} {"ID":"CVE-2020-24589","Info":{"Name":"WSO2 API Manager \u003c=3.1.0 - Blind XML External Entity Injection","Severity":"critical","Description":"WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2020/CVE-2020-24589.yaml"} {"ID":"CVE-2020-24701","Info":{"Name":"OX Appsuite - Cross-Site Scripting","Severity":"medium","Description":"OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24701.yaml"} {"ID":"CVE-2020-24902","Info":{"Name":"Quixplorer \u003c=2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24902.yaml"} {"ID":"CVE-2020-24903","Info":{"Name":"Cute Editor for ASP.NET 6.4 - Cross-Site Scripting","Severity":"medium","Description":"Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24903.yaml"} {"ID":"CVE-2020-24912","Info":{"Name":"QCube Cross-Site-Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-24912.yaml"} {"ID":"CVE-2020-24949","Info":{"Name":"PHP-Fusion 9.03.50 - Remote Code Execution","Severity":"high","Description":"PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-24949.yaml"} {"ID":"CVE-2020-25078","Info":{"Name":"D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure","Severity":"high","Description":"D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-25078.yaml"} {"ID":"CVE-2020-25213","Info":{"Name":"WordPress File Manager Plugin - Remote Code Execution","Severity":"critical","Description":"The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-25213.yaml"} {"ID":"CVE-2020-25223","Info":{"Name":"Sophos UTM Preauth - Remote Code Execution","Severity":"critical","Description":"Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-25223.yaml"} {"ID":"CVE-2020-25495","Info":{"Name":"Xinuo Openserver 5/6 - Cross-Site scripting","Severity":"medium","Description":"Xinuo (formerly SCO) Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-25495.yaml"} {"ID":"CVE-2020-25506","Info":{"Name":"D-Link DNS-320 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-25506.yaml"} {"ID":"CVE-2020-2551","Info":{"Name":"Oracle WebLogic Server - Remote Code Execution","Severity":"critical","Description":"Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-2551.yaml"} {"ID":"CVE-2020-25540","Info":{"Name":"ThinkAdmin 6 - Local File Inclusion","Severity":"high","Description":"ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-25540.yaml"} {"ID":"CVE-2020-25780","Info":{"Name":"Commvault CommCell - Local File Inclusion","Severity":"high","Description":"CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-25780.yaml"} {"ID":"CVE-2020-25864","Info":{"Name":"HashiCorp Consul/Consul Enterprise \u003c=1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-25864.yaml"} {"ID":"CVE-2020-26073","Info":{"Name":"Cisco SD-WAN vManage Software - Local File Inclusion","Severity":"high","Description":"Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2020/CVE-2020-26073.yaml"} {"ID":"CVE-2020-26153","Info":{"Name":"Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting","Severity":"medium","Description":"Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-26153.yaml"} {"ID":"CVE-2020-26214","Info":{"Name":"Alerta \u003c 8.1.0 - Authentication Bypass","Severity":"critical","Description":"Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26214.yaml"} {"ID":"CVE-2020-26217","Info":{"Name":"XStream \u003c1.4.14 - Remote Code Execution","Severity":"high","Description":"XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-26217.yaml"} {"ID":"CVE-2020-26248","Info":{"Name":"PrestaShop Product Comments \u003c4.2.0 - SQL Injection","Severity":"high","Description":"PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-26248.yaml"} {"ID":"CVE-2020-26258","Info":{"Name":"XStream \u003c1.4.15 - Server-Side Request Forgery","Severity":"high","Description":"XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2020/CVE-2020-26258.yaml"} {"ID":"CVE-2020-26413","Info":{"Name":"Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure","Severity":"medium","Description":"GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-26413.yaml"} {"ID":"CVE-2020-26876","Info":{"Name":"WordPress WP Courses Plugin Information Disclosure","Severity":"high","Description":"WordPress WP Courses Plugin \u003c 2.0.29 contains a critical information disclosure which exposes private course videos and materials.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-26876.yaml"} {"ID":"CVE-2020-26919","Info":{"Name":"NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution","Severity":"critical","Description":"NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26919.yaml"} {"ID":"CVE-2020-26948","Info":{"Name":"Emby Server Server-Side Request Forgery","Severity":"critical","Description":"Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26948.yaml"} {"ID":"CVE-2020-27191","Info":{"Name":"LionWiki \u003c3.2.12 - Local File Inclusion","Severity":"high","Description":"LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27191.yaml"} {"ID":"CVE-2020-2733","Info":{"Name":"JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure","Severity":"critical","Description":"JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-2733.yaml"} {"ID":"CVE-2020-27361","Info":{"Name":"Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure","Severity":"high","Description":"Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27361.yaml"} {"ID":"CVE-2020-27467","Info":{"Name":"Processwire CMS \u003c2.7.1 - Local File Inclusion","Severity":"high","Description":"Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27467.yaml"} {"ID":"CVE-2020-27481","Info":{"Name":"Good Layers LMS Plugin \u003c= 2.1.4 - SQL Injection","Severity":"critical","Description":"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin \u003c= 2.1.4 exists due to the usage of \"wp_ajax_nopriv\" call in WordPress, which allows any unauthenticated user to get access to the function \"gdlr_lms_cancel_booking\" where POST Parameter \"id\" was sent straight into SQL query without sanitization.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-27481.yaml"} {"ID":"CVE-2020-27735","Info":{"Name":"Wing FTP 6.4.4 - Cross-Site Scripting","Severity":"medium","Description":"Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27735.yaml"} {"ID":"CVE-2020-27838","Info":{"Name":"KeyCloak - Information Exposure","Severity":"medium","Description":"A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-27838.yaml"} {"ID":"CVE-2020-27866","Info":{"Name":"NETGEAR - Authentication Bypass","Severity":"high","Description":"NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-27866.yaml"} {"ID":"CVE-2020-27982","Info":{"Name":"IceWarp WebMail 11.4.5.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27982.yaml"} {"ID":"CVE-2020-27986","Info":{"Name":"SonarQube - Authentication Bypass","Severity":"high","Description":"SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,\nSVN, and GitLab credentials via the api/settings/values URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27986.yaml"} {"ID":"CVE-2020-28185","Info":{"Name":"TerraMaster TOS \u003c 4.2.06 - User Enumeration","Severity":"medium","Description":"User Enumeration vulnerability in TerraMaster TOS \u003c= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28185.yaml"} {"ID":"CVE-2020-28188","Info":{"Name":"TerraMaster TOS - Unauthenticated Remote Command Execution","Severity":"critical","Description":"TerraMaster TOS \u003c= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-28188.yaml"} {"ID":"CVE-2020-28208","Info":{"Name":"Rocket.Chat \u003c3.9.1 - Information Disclosure","Severity":"medium","Description":"Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28208.yaml"} {"ID":"CVE-2020-28351","Info":{"Name":"Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting","Severity":"medium","Description":"Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING\u0026 page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-28351.yaml"} {"ID":"CVE-2020-28429","Info":{"Name":"geojson2kml - Command Injection","Severity":"critical","Description":"Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-28429.yaml"} {"ID":"CVE-2020-28871","Info":{"Name":"Monitorr 1.7.6m - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-28871.yaml"} {"ID":"CVE-2020-28976","Info":{"Name":"WordPress Canto 1.3.0 - Blind Server-Side Request Forgery","Severity":"medium","Description":"WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28976.yaml"} {"ID":"CVE-2020-29164","Info":{"Name":"PacsOne Server \u003c7.1.1 - Cross-Site Scripting","Severity":"medium","Description":"PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-29164.yaml"} {"ID":"CVE-2020-29227","Info":{"Name":"Car Rental Management System 1.0 - Local File Inclusion","Severity":"critical","Description":"Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the \"page\" parameter, leading to code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29227.yaml"} {"ID":"CVE-2020-29395","Info":{"Name":"Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-29395.yaml"} {"ID":"CVE-2020-29453","Info":{"Name":"Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)","Severity":"medium","Description":"The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-29453.yaml"} {"ID":"CVE-2020-29583","Info":{"Name":"ZyXel USG - Hardcoded Credentials","Severity":"critical","Description":"A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29583.yaml"} {"ID":"CVE-2020-29597","Info":{"Name":"IncomCMS 2.0 - Arbitrary File Upload","Severity":"critical","Description":"IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29597.yaml"} {"ID":"CVE-2020-3187","Info":{"Name":"Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal","Severity":"critical","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2020/CVE-2020-3187.yaml"} {"ID":"CVE-2020-3452","Info":{"Name":"Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion","Severity":"high","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-3452.yaml"} {"ID":"CVE-2020-35234","Info":{"Name":"SMTP WP Plugin Directory Listing","Severity":"high","Description":"The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-35234.yaml"} {"ID":"CVE-2020-35338","Info":{"Name":"Wireless Multiplex Terminal Playout Server \u003c=20.2.8 - Default Credential Detection","Severity":"critical","Description":"Wireless Multiplex Terminal Playout Server \u003c=20.2.8 has a default account with a password of pokon available via its web administrative interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35338.yaml"} {"ID":"CVE-2020-35476","Info":{"Name":"OpenTSDB \u003c=2.4.0 - Remote Code Execution","Severity":"critical","Description":"OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35476.yaml"} {"ID":"CVE-2020-35580","Info":{"Name":"SearchBlox \u003c9.2.2 - Local File Inclusion","Severity":"high","Description":"SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-35580.yaml"} {"ID":"CVE-2020-35598","Info":{"Name":"Advanced Comment System 1.0 - Local File Inclusion","Severity":"high","Description":"ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-35598.yaml"} {"ID":"CVE-2020-35713","Info":{"Name":"Belkin Linksys RE6500 \u003c1.0.012.001 - Remote Command Execution","Severity":"critical","Description":"Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35713.yaml"} {"ID":"CVE-2020-35729","Info":{"Name":"Klog Server \u003c=2.41 - Unauthenticated Command Injection","Severity":"critical","Description":"Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35729.yaml"} {"ID":"CVE-2020-35736","Info":{"Name":"GateOne 1.1 - Local File Inclusion","Severity":"high","Description":"GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-35736.yaml"} {"ID":"CVE-2020-35749","Info":{"Name":"WordPress Simple Job Board \u003c2.9.4 - Local File Inclusion","Severity":"high","Description":"WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2020/CVE-2020-35749.yaml"} {"ID":"CVE-2020-35774","Info":{"Name":"twitter-server Cross-Site Scripting","Severity":"medium","Description":"twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35774.yaml"} {"ID":"CVE-2020-3580","Info":{"Name":"Cisco ASA/FTD Software - Cross-Site Scripting","Severity":"medium","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-3580.yaml"} {"ID":"CVE-2020-35846","Info":{"Name":"Agentejo Cockpit \u003c 0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35846.yaml"} {"ID":"CVE-2020-35847","Info":{"Name":"Agentejo Cockpit \u003c0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35847.yaml"} {"ID":"CVE-2020-35848","Info":{"Name":"Agentejo Cockpit \u003c0.12.0 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35848.yaml"} {"ID":"CVE-2020-35951","Info":{"Name":"Wordpress Quiz and Survey Master \u003c7.0.1 - Arbitrary File Deletion","Severity":"critical","Description":"Wordpress Quiz and Survey Master \u003c7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2020/CVE-2020-35951.yaml"} {"ID":"CVE-2020-35984","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35984.yaml"} {"ID":"CVE-2020-35985","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Global Lists\" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35985.yaml"} {"ID":"CVE-2020-35986","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35986.yaml"} {"ID":"CVE-2020-35987","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35987.yaml"} {"ID":"CVE-2020-36112","Info":{"Name":"CSE Bookstore 1.0 - SQL Injection","Severity":"critical","Description":"CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-36112.yaml"} {"ID":"CVE-2020-36289","Info":{"Name":"Jira Server and Data Center - Information Disclosure","Severity":"medium","Description":"Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-36289.yaml"} {"ID":"CVE-2020-36365","Info":{"Name":"Smartstore \u003c4.1.0 - Open Redirect","Severity":"medium","Description":"Smartstore (aka \"SmartStoreNET\") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-36365.yaml"} {"ID":"CVE-2020-36510","Info":{"Name":"WordPress 15Zine \u003c3.3.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-36510.yaml"} {"ID":"CVE-2020-4463","Info":{"Name":"IBM Maximo Asset Management Information Disclosure - XML External Entity Injection","Severity":"high","Description":"IBM Maximo Asset Management is vulnerable to an\nXML external entity injection (XXE) attack when processing XML data.\nA remote attacker could exploit this vulnerability to expose\nsensitive information or consume memory resources.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-4463.yaml"} {"ID":"CVE-2020-5191","Info":{"Name":"PHPGurukul Hospital Management System - Cross-Site Scripting","Severity":"medium","Description":"PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-5191.yaml"} {"ID":"CVE-2020-5192","Info":{"Name":"Hospital Management System 4.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-5192.yaml"} {"ID":"CVE-2020-5284","Info":{"Name":"Next.js \u003c9.3.2 - Local File Inclusion","Severity":"medium","Description":"Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2020/CVE-2020-5284.yaml"} {"ID":"CVE-2020-5307","Info":{"Name":"PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection","Severity":"critical","Description":"PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-5307.yaml"} {"ID":"CVE-2020-5405","Info":{"Name":"Spring Cloud Config - Local File Inclusion","Severity":"medium","Description":"Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-5405.yaml"} {"ID":"CVE-2020-5410","Info":{"Name":"Spring Cloud Config Server - Local File Inclusion","Severity":"high","Description":"Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-5410.yaml"} {"ID":"CVE-2020-5412","Info":{"Name":"Spring Cloud Netflix - Server-Side Request Forgery","Severity":"medium","Description":"Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacker can send a request to other servers and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-5412.yaml"} {"ID":"CVE-2020-5775","Info":{"Name":"Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery","Severity":"medium","Description":"Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2020/CVE-2020-5775.yaml"} {"ID":"CVE-2020-5776","Info":{"Name":"MAGMI - Cross-Site Request Forgery","Severity":"high","Description":"MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-5776.yaml"} {"ID":"CVE-2020-5777","Info":{"Name":"Magento Mass Importer \u003c0.7.24 - Remote Auth Bypass","Severity":"critical","Description":"Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-5777.yaml"} {"ID":"CVE-2020-5847","Info":{"Name":"UnRaid \u003c=6.80 - Remote Code Execution","Severity":"critical","Description":"UnRaid \u003c=6.80 allows remote unauthenticated attackers to execute arbitrary code.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-5847.yaml"} {"ID":"CVE-2020-5902","Info":{"Name":"F5 BIG-IP TMUI - Remote Code Execution","Severity":"critical","Description":"F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-5902.yaml"} {"ID":"CVE-2020-6171","Info":{"Name":"CLink Office 2.0 - Cross-Site Scripting","Severity":"medium","Description":"CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-6171.yaml"} {"ID":"CVE-2020-6207","Info":{"Name":"SAP Solution Manager 7.2 - Remote Command Execution","Severity":"critical","Description":"SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6207.yaml"} {"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-6287.yaml"} {"ID":"CVE-2020-6308","Info":{"Name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-6308.yaml"} {"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6637.yaml"} {"ID":"CVE-2020-6950","Info":{"Name":"Eclipse Mojarra - Local File Read","Severity":"medium","Description":"Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-6950.yaml"} {"ID":"CVE-2020-7107","Info":{"Name":"WordPress Ultimate FAQ \u003c1.8.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-7107.yaml"} {"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7136.yaml"} {"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7209.yaml"} {"ID":"CVE-2020-7318","Info":{"Name":"McAfee ePolicy Orchestrator \u003c5.10.9 Update 9 - Cross-Site Scripting","Severity":"medium","Description":"McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.\nreference:\n- https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/\n- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7318\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2020/CVE-2020-7318.yaml"} {"ID":"CVE-2020-7796","Info":{"Name":"Zimbra Collaboration Suite \u003c 8.8.15 Patch 7 - Server-Side Request Forgery","Severity":"critical","Description":"Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7796.yaml"} {"ID":"CVE-2020-7943","Info":{"Name":"Puppet Server/PuppetDB - Sensitive Information Disclosure","Severity":"high","Description":"Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-7943.yaml"} {"ID":"CVE-2020-7961","Info":{"Name":"Liferay Portal Unauthenticated \u003c 7.2.1 CE GA2 - Remote Code Execution","Severity":"critical","Description":"Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7961.yaml"} {"ID":"CVE-2020-7980","Info":{"Name":"Satellian Intellian Aptus Web \u003c= 1.24 - Remote Command Execution","Severity":"critical","Description":"Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7980.yaml"} {"ID":"CVE-2020-8115","Info":{"Name":"Revive Adserver \u003c=5.0.3 - Cross-Site Scripting","Severity":"medium","Description":"Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-8115.yaml"} {"ID":"CVE-2020-8163","Info":{"Name":"Ruby on Rails \u003c5.0.1 - Remote Code Execution","Severity":"high","Description":"Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8163.yaml"} {"ID":"CVE-2020-8191","Info":{"Name":"Citrix ADC/Gateway - Cross-Site Scripting","Severity":"medium","Description":"Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-8191.yaml"} {"ID":"CVE-2020-8193","Info":{"Name":"Citrix - Local File Inclusion","Severity":"medium","Description":"Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-8193.yaml"} {"ID":"CVE-2020-8194","Info":{"Name":"Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection","Severity":"medium","Description":"Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-8194.yaml"} {"ID":"CVE-2020-8209","Info":{"Name":"Citrix XenMobile Server - Local File Inclusion","Severity":"high","Description":"Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6, and Citrix XenMobile Server before 10.9 RP5 are susceptible to local file inclusion vulnerabilities.\nreference:\n- https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/\n- https://support.citrix.com/article/CTX277457\n- https://nvd.nist.gov/vuln/detail/CVE-2020-8209\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-8209.yaml"} {"ID":"CVE-2020-8497","Info":{"Name":"Artica Pandora FMS \u003c=7.42 - Arbitrary File Read","Severity":"medium","Description":"Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-8497.yaml"} {"ID":"CVE-2020-8512","Info":{"Name":"IceWarp WebMail Server \u003c=11.4.4.1 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-8512.yaml"} {"ID":"CVE-2020-8515","Info":{"Name":"DrayTek - Remote Code Execution","Severity":"critical","Description":"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8515.yaml"} {"ID":"CVE-2020-8615","Info":{"Name":"Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery","Severity":"medium","Description":"A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-8615.yaml"} {"ID":"CVE-2020-8641","Info":{"Name":"Lotus Core CMS 1.0.1 - Local File Inclusion","Severity":"high","Description":"Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8641.yaml"} {"ID":"CVE-2020-8644","Info":{"Name":"playSMS \u003c1.4.3 - Remote Code Execution","Severity":"critical","Description":"PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8644.yaml"} {"ID":"CVE-2020-8654","Info":{"Name":"EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution","Severity":"high","Description":"EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8654.yaml"} {"ID":"CVE-2020-8771","Info":{"Name":"WordPress Time Capsule \u003c 1.21.16 - Authentication Bypass","Severity":"critical","Description":"WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8771.yaml"} {"ID":"CVE-2020-8772","Info":{"Name":"WordPress InfiniteWP \u003c1.9.4.5 - Authorization Bypass","Severity":"critical","Description":"WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwp_mmb_set_request in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8772.yaml"} {"ID":"CVE-2020-8813","Info":{"Name":"Cacti v1.2.8 - Remote Code Execution","Severity":"high","Description":"Cacti v1.2.8 is susceptible to remote code execution. This vulnerability could be exploited without authentication if \"Guest Realtime Graphs\" privileges are enabled.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8813.yaml"} {"ID":"CVE-2020-8982","Info":{"Name":"Citrix ShareFile StorageZones \u003c=5.10.x - Arbitrary File Read","Severity":"high","Description":"Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-8982.yaml"} {"ID":"CVE-2020-9036","Info":{"Name":"Jeedom \u003c=4.0.38 - Cross-Site Scripting","Severity":"medium","Description":"Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-9036.yaml"} {"ID":"CVE-2020-9043","Info":{"Name":"WordPress wpCentral \u003c1.5.1 - Information Disclosure","Severity":"high","Description":"WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-9043.yaml"} {"ID":"CVE-2020-9047","Info":{"Name":"exacqVision Web Service - Remote Code Execution","Severity":"high","Description":"exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-9047.yaml"} {"ID":"CVE-2020-9054","Info":{"Name":"Zyxel NAS Firmware 5.21- Remote Code Execution","Severity":"critical","Description":"Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-9054.yaml"} {"ID":"CVE-2020-9315","Info":{"Name":"Oracle iPlanet Web Server 7.0.x - Authentication Bypass","Severity":"high","Description":"Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-9315.yaml"} {"ID":"CVE-2020-9344","Info":{"Name":"Jira Subversion ALM for Enterprise \u003c8.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-9344.yaml"} {"ID":"CVE-2020-9376","Info":{"Name":"D-Link DIR-610 Devices - Information Disclosure","Severity":"high","Description":"D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php.\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-9376.yaml"} {"ID":"CVE-2020-9402","Info":{"Name":"Django SQL Injection","Severity":"high","Description":"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-9402.yaml"} {"ID":"CVE-2020-9425","Info":{"Name":"rConfig \u003c3.9.4 - Sensitive Information Disclosure","Severity":"high","Description":"rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes, resulting in the disclosure of cleartext credentials in the response.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-9425.yaml"} {"ID":"CVE-2020-9483","Info":{"Name":"SkyWalking SQLI","Severity":"high","Description":"When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-9483.yaml"} {"ID":"CVE-2020-9484","Info":{"Name":"Apache Tomcat Remote Command Execution","Severity":"high","Description":"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if\na) an attacker is able to control the contents and name of a file on the server; and\nb) the server is configured to use the PersistenceManager with a FileStore; and\nc) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and\nd) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.\nNote that all of conditions a) to d) must be true for the attack to succeed.\n","Classification":{"CVSSScore":"7"}},"file_path":"http/cves/2020/CVE-2020-9484.yaml"} {"ID":"CVE-2020-9496","Info":{"Name":"Apache OFBiz 17.12.03 - Cross-Site Scripting","Severity":"medium","Description":"Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-9496.yaml"} {"ID":"CVE-2020-9757","Info":{"Name":"Craft CMS \u003c 3.3.0 - Server-Side Template Injection","Severity":"critical","Description":"Craft CMS before 3.3.0 is susceptible to server-side template injection via the SEOmatic component that could lead to remote code execution via malformed data submitted to the metacontainers controller.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-9757.yaml"} {"ID":"CVE-2021-1472","Info":{"Name":"Cisco Small Business RV Series - OS Command Injection","Severity":"critical","Description":"Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or bypass authentication and upload files on an affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-1472.yaml"} {"ID":"CVE-2021-1497","Info":{"Name":"Cisco HyperFlex HX Data Platform - Remote Command Execution","Severity":"critical","Description":"Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-1497.yaml"} {"ID":"CVE-2021-1498","Info":{"Name":"Cisco HyperFlex HX Data Platform - Remote Command Execution","Severity":"critical","Description":"Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-1498.yaml"} {"ID":"CVE-2021-1499","Info":{"Name":"Cisco HyperFlex HX Data Platform - Arbitrary File Upload","Severity":"medium","Description":"Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-1499.yaml"} {"ID":"CVE-2021-20031","Info":{"Name":"SonicWall SonicOS 7.0 - Open Redirect","Severity":"medium","Description":"SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations. and/or possibly redirect a user to a malicious site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20031.yaml"} {"ID":"CVE-2021-20038","Info":{"Name":"SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution","Severity":"critical","Description":"A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20038.yaml"} {"ID":"CVE-2021-20090","Info":{"Name":"Buffalo WSR-2533DHPL2 - Path Traversal","Severity":"critical","Description":"Buffalo WSR-2533DHPL2 firmware version \u003c= 1.02 and WSR-2533DHP3 firmware version \u003c= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20090.yaml"} {"ID":"CVE-2021-20091","Info":{"Name":"Buffalo WSR-2533DHPL2 - Configuration File Injection","Severity":"high","Description":"The web interfaces of Buffalo WSR-2533DHPL2 firmware version \u003c= 1.02 and WSR-2533DHP3 firmware version \u003c= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-20091.yaml"} {"ID":"CVE-2021-20092","Info":{"Name":"Buffalo WSR-2533DHPL2 - Improper Access Control","Severity":"high","Description":"The web interfaces of Buffalo WSR-2533DHPL2 firmware version \u003c= 1.02 and WSR-2533DHP3 firmware version \u003c= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-20092.yaml"} {"ID":"CVE-2021-20114","Info":{"Name":"TCExam \u003c= 14.8.1 - Sensitive Information Exposure","Severity":"high","Description":"When installed following the default/recommended settings, TCExam \u003c= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-20114.yaml"} {"ID":"CVE-2021-20123","Info":{"Name":"Draytek VigorConnect 1.6.0-B - Local File Inclusion","Severity":"high","Description":"Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-20123.yaml"} {"ID":"CVE-2021-20124","Info":{"Name":"Draytek VigorConnect 6.0-B3 - Local File Inclusion","Severity":"high","Description":"Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-20124.yaml"} {"ID":"CVE-2021-20137","Info":{"Name":"Gryphon Tower - Cross-Site Scripting","Severity":"medium","Description":"Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20137.yaml"} {"ID":"CVE-2021-20150","Info":{"Name":"Trendnet AC2600 TEW-827DRU - Credentials Disclosure","Severity":"medium","Description":"Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-20150.yaml"} {"ID":"CVE-2021-20158","Info":{"Name":"Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change","Severity":"critical","Description":"Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20158.yaml"} {"ID":"CVE-2021-20167","Info":{"Name":"Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun","Severity":"high","Description":"Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167.","Classification":{"CVSSScore":"8"}},"file_path":"http/cves/2021/CVE-2021-20167.yaml"} {"ID":"CVE-2021-20323","Info":{"Name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20323.yaml"} {"ID":"CVE-2021-20792","Info":{"Name":"WordPress Quiz and Survey Master \u003c7.1.14 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20792.yaml"} {"ID":"CVE-2021-20837","Info":{"Name":"MovableType - Remote Command Injection","Severity":"critical","Description":"MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20837.yaml"} {"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"} {"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21234.yaml"} {"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21287.yaml"} {"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21307.yaml"} {"ID":"CVE-2021-21311","Info":{"Name":"Adminer \u003c4.7.9 - Server-Side Request Forgery","Severity":"high","Description":"Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-21311.yaml"} {"ID":"CVE-2021-21315","Info":{"Name":"Node.JS System Information Library \u003c5.3.1 - Remote Command Injection","Severity":"high","Description":"Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2021/CVE-2021-21315.yaml"} {"ID":"CVE-2021-21345","Info":{"Name":"XStream \u003c1.4.16 - Remote Code Execution","Severity":"critical","Description":"XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2021/CVE-2021-21345.yaml"} {"ID":"CVE-2021-21351","Info":{"Name":"XStream \u003c1.4.16 - Remote Code Execution","Severity":"critical","Description":"XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-21351.yaml"} {"ID":"CVE-2021-21389","Info":{"Name":"BuddyPress REST API \u003c7.2.1 - Privilege Escalation/Remote Code Execution","Severity":"high","Description":"WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-21389.yaml"} {"ID":"CVE-2021-21402","Info":{"Name":"Jellyfin \u003c10.7.0 - Local File Inclusion","Severity":"medium","Description":"Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-21402.yaml"} {"ID":"CVE-2021-21479","Info":{"Name":"SCIMono \u003c0.0.19 - Remote Code Execution","Severity":"critical","Description":"SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and\nexecute java expressions and compromise the availability and integrity of the system.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-21479.yaml"} {"ID":"CVE-2021-21745","Info":{"Name":"ZTE MF971R - Referer authentication bypass","Severity":"medium","Description":"ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould\nuse this vulnerability to perform illegal authorization operations by sending a request to the user to click.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-21745.yaml"} {"ID":"CVE-2021-21799","Info":{"Name":"Advantech R-SeeNet 2.4.12 - Cross-Site Scripting","Severity":"medium","Description":"Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-21799.yaml"} {"ID":"CVE-2021-21800","Info":{"Name":"Advantech R-SeeNet 2.4.12 - Cross-Site Scripting","Severity":"medium","Description":"Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-21800.yaml"} {"ID":"CVE-2021-21801","Info":{"Name":"Advantech R-SeeNet - Cross-Site Scripting","Severity":"medium","Description":"Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-21801.yaml"} {"ID":"CVE-2021-21802","Info":{"Name":"Advantech R-SeeNet - Cross-Site Scripting","Severity":"medium","Description":"Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-21802.yaml"} {"ID":"CVE-2021-21803","Info":{"Name":"Advantech R-SeeNet - Cross-Site Scripting","Severity":"medium","Description":"Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-21803.yaml"} {"ID":"CVE-2021-21805","Info":{"Name":"Advantech R-SeeNet 2.4.12 - OS Command Injection","Severity":"critical","Description":"Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21805.yaml"} {"ID":"CVE-2021-21816","Info":{"Name":"D-Link DIR-3040 1.13B03 - Information Disclosure","Severity":"medium","Description":"D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-21816.yaml"} {"ID":"CVE-2021-21881","Info":{"Name":"Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection","Severity":"critical","Description":"Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability.","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2021/CVE-2021-21881.yaml"} {"ID":"CVE-2021-21972","Info":{"Name":"VMware vSphere Client (HTML5) - Remote Code Execution","Severity":"critical","Description":"VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21972.yaml"} {"ID":"CVE-2021-21973","Info":{"Name":"VMware vSphere - Server-Side Request Forgery","Severity":"medium","Description":"VMware vSphere (HTML5) is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l, and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-21973.yaml"} {"ID":"CVE-2021-21975","Info":{"Name":"vRealize Operations Manager API - Server-Side Request Forgery","Severity":"high","Description":"vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-21975.yaml"} {"ID":"CVE-2021-21978","Info":{"Name":"VMware View Planner \u003c4.6 SP1- Remote Code Execution","Severity":"critical","Description":"VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.\nAn unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted\nfile leading to remote code execution within the logupload container.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21978.yaml"} {"ID":"CVE-2021-21985","Info":{"Name":"VMware vSphere Client (HTML5) - Remote Code Execution","Severity":"critical","Description":"The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21985.yaml"} {"ID":"CVE-2021-22005","Info":{"Name":"VMware vCenter Server - Arbitrary File Upload","Severity":"critical","Description":"VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22005.yaml"} {"ID":"CVE-2021-22053","Info":{"Name":"Spring Cloud Netflix Hystrix Dashboard \u003c2.2.10 - Remote Code Execution","Severity":"high","Description":"Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-22053.yaml"} {"ID":"CVE-2021-22054","Info":{"Name":"VMWare Workspace ONE UEM - Server-Side Request Forgery","Severity":"high","Description":"VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-22054.yaml"} {"ID":"CVE-2021-22122","Info":{"Name":"FortiWeb - Cross Site Scripting","Severity":"medium","Description":"FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22122.yaml"} {"ID":"CVE-2021-22145","Info":{"Name":"Elasticsearch 7.10.0-7.13.3 - Information Disclosure","Severity":"medium","Description":"ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-22145.yaml"} {"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"} {"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"} {"ID":"CVE-2021-22502","Info":{"Name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","Severity":"critical","Description":"Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22502.yaml"} {"ID":"CVE-2021-22707","Info":{"Name":"EVlink City \u003c R8 V3.4.0.1 - Authentication Bypass","Severity":"critical","Description":"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22707.yaml"} {"ID":"CVE-2021-22873","Info":{"Name":"Revive Adserver \u003c5.1.0 - Open Redirect","Severity":"medium","Description":"Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22873.yaml"} {"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22911.yaml"} {"ID":"CVE-2021-22986","Info":{"Name":"F5 iControl REST - Remote Command Execution","Severity":"critical","Description":"F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22986.yaml"} {"ID":"CVE-2021-23241","Info":{"Name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","Severity":"medium","Description":"MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-23241.yaml"} {"ID":"CVE-2021-24145","Info":{"Name":"WordPress Modern Events Calendar Lite \u003c5.16.5 - Authenticated Arbitrary File Upload","Severity":"high","Description":"WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-type in the request. This can possibly lead to remote code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24145.yaml"} {"ID":"CVE-2021-24146","Info":{"Name":"WordPress Modern Events Calendar Lite \u003c5.16.5 - Sensitive Information Disclosure","Severity":"high","Description":"WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24146.yaml"} {"ID":"CVE-2021-24150","Info":{"Name":"WordPress Like Button Rating \u003c2.6.32 - Server-Side Request Forgery","Severity":"high","Description":"WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24150.yaml"} {"ID":"CVE-2021-24155","Info":{"Name":"WordPress BackupGuard \u003c1.6.0 - Authenticated Arbitrary File Upload","Severity":"high","Description":"WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24155.yaml"} {"ID":"CVE-2021-24165","Info":{"Name":"WordPress Ninja Forms \u003c3.4.34 - Open Redirect","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24165.yaml"} {"ID":"CVE-2021-24169","Info":{"Name":"WordPress Advanced Order Export For WooCommerce \u003c3.1.8 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24169.yaml"} {"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-24176.yaml"} {"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24210.yaml"} {"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24214.yaml"} {"ID":"CVE-2021-24215","Info":{"Name":"Controlled Admin Access WordPress Plugin \u003c= 1.4.0 - Improper Access Control \u0026 Privilege Escalation","Severity":"critical","Description":"An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24215.yaml"} {"ID":"CVE-2021-24226","Info":{"Name":"AccessAlly \u003c3.5.7 - Sensitive Information Leakage","Severity":"high","Description":"WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \\\"resource/frontend/product/product-shortcode.php\\\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24226.yaml"} {"ID":"CVE-2021-24227","Info":{"Name":"Patreon WordPress \u003c1.7.0 - Unauthenticated Local File Inclusion","Severity":"high","Description":"Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24227.yaml"} {"ID":"CVE-2021-24235","Info":{"Name":"WordPress Goto Tour \u0026 Travel Theme \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Goto Tour \u0026 Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24235.yaml"} {"ID":"CVE-2021-24236","Info":{"Name":"WordPress Imagements \u003c=1.2.5 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by using a valid image Content-Type along with a PHP filename and code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24236.yaml"} {"ID":"CVE-2021-24237","Info":{"Name":"WordPress Realteo \u003c=1.2.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24237.yaml"} {"ID":"CVE-2021-24239","Info":{"Name":"WordPress Pie Register \u003c3.7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pie Register plugin before 3.7.0.1 is susceptible to cross-site scripting. The plugin does not sanitize the invitaion_code GET parameter when outputting it in the Activation Code page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24239.yaml"} {"ID":"CVE-2021-24245","Info":{"Name":"WordPress Stop Spammers \u003c2021.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24245.yaml"} {"ID":"CVE-2021-24274","Info":{"Name":"WordPress Supsystic Ultimate Maps \u003c1.2.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24274.yaml"} {"ID":"CVE-2021-24275","Info":{"Name":"Popup by Supsystic \u003c1.10.5 - Cross-Site scripting","Severity":"medium","Description":"WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24275.yaml"} {"ID":"CVE-2021-24276","Info":{"Name":"WordPress Supsystic Contact Form \u003c1.7.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24276.yaml"} {"ID":"CVE-2021-24278","Info":{"Name":"WordPress Contact Form 7 \u003c2.3.4 - Arbitrary Nonce Generation","Severity":"high","Description":"WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24278.yaml"} {"ID":"CVE-2021-24284","Info":{"Name":"WordPress Kaswara Modern VC Addons \u003c=3.0.1 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24284.yaml"} {"ID":"CVE-2021-24285","Info":{"Name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","Severity":"critical","Description":"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24285.yaml"} {"ID":"CVE-2021-24286","Info":{"Name":"WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting","Severity":"medium","Description":"The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24286.yaml"} {"ID":"CVE-2021-24287","Info":{"Name":"WordPress Select All Categories and Taxonomies \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24287.yaml"} {"ID":"CVE-2021-24288","Info":{"Name":"WordPress AcyMailing \u003c7.5.0 - Open Redirect","Severity":"medium","Description":"WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24288.yaml"} {"ID":"CVE-2021-24291","Info":{"Name":"WordPress Photo Gallery by 10Web \u003c1.5.69 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24291.yaml"} {"ID":"CVE-2021-24298","Info":{"Name":"WordPress Simple Giveaways \u003c2.36.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24298.yaml"} {"ID":"CVE-2021-24300","Info":{"Name":"WordPress WooCommerce \u003c1.13.22 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24300.yaml"} {"ID":"CVE-2021-24316","Info":{"Name":"WordPress Mediumish Theme \u003c=1.0.47 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24316.yaml"} {"ID":"CVE-2021-24320","Info":{"Name":"WordPress Bello Directory \u0026 Listing Theme \u003c1.6.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Bello Directory \u0026 Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24320.yaml"} {"ID":"CVE-2021-24335","Info":{"Name":"WordPress Car Repair Services \u0026 Auto Mechanic Theme \u003c4.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Car Repair Services \u0026 Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24335.yaml"} {"ID":"CVE-2021-24340","Info":{"Name":"WordPress Statistics \u003c13.0.8 - Blind SQL Injection","Severity":"high","Description":"WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24340.yaml"} {"ID":"CVE-2021-24342","Info":{"Name":"WordPress JNews Theme \u003c8.0.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24342.yaml"} {"ID":"CVE-2021-24347","Info":{"Name":"WordPress SP Project \u0026 Document Manager \u003c4.22 - Authenticated Shell Upload","Severity":"high","Description":"WordPress SP Project \u0026 Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-24347.yaml"} {"ID":"CVE-2021-24351","Info":{"Name":"WordPress The Plus Addons for Elementor \u003c4.1.12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplus_more_post AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24351.yaml"} {"ID":"CVE-2021-24358","Info":{"Name":"Plus Addons for Elementor Page Builder \u003c 4.1.10 - Open Redirect","Severity":"medium","Description":"WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24358.yaml"} {"ID":"CVE-2021-24364","Info":{"Name":"WordPress Jannah Theme \u003c5.4.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24364.yaml"} {"ID":"CVE-2021-24370","Info":{"Name":"WordPress Fancy Product Designer \u003c4.6.9 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24370.yaml"} {"ID":"CVE-2021-24387","Info":{"Name":"WordPress Pro Real Estate 7 Theme \u003c3.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24387.yaml"} {"ID":"CVE-2021-24389","Info":{"Name":"WordPress FoodBakery \u003c2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24389.yaml"} {"ID":"CVE-2021-24406","Info":{"Name":"WordPress wpForo Forum \u003c 1.9.7 - Open Redirect","Severity":"medium","Description":"WordPress wpForo Forum \u003c 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24406.yaml"} {"ID":"CVE-2021-24407","Info":{"Name":"WordPress Jannah Theme \u003c5.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24407.yaml"} {"ID":"CVE-2021-24409","Info":{"Name":"Prismatic \u003c 2.8 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24409.yaml"} {"ID":"CVE-2021-24435","Info":{"Name":"WordPress Titan Framework plugin \u003c= 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24435.yaml"} {"ID":"CVE-2021-24436","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24436.yaml"} {"ID":"CVE-2021-24442","Info":{"Name":"Wordpress Polls Widget \u003c 1.5.3 - SQL Injection","Severity":"critical","Description":"The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24442.yaml"} {"ID":"CVE-2021-24452","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24452.yaml"} {"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"} {"ID":"CVE-2021-24488","Info":{"Name":"WordPress Post Grid \u003c2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24488.yaml"} {"ID":"CVE-2021-24495","Info":{"Name":"Wordpress Marmoset Viewer \u003c1.9.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24495.yaml"} {"ID":"CVE-2021-24498","Info":{"Name":"WordPress Calendar Event Multi View \u003c1.4.01 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24498.yaml"} {"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24499.yaml"} {"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24510.yaml"} {"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24554.yaml"} {"ID":"CVE-2021-24627","Info":{"Name":"G Auto-Hyperlink \u003c= 1.0.1 - SQL Injection","Severity":"high","Description":"The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24627.yaml"} {"ID":"CVE-2021-24647","Info":{"Name":"Pie Register \u003c 3.7.1.6 - Unauthenticated Arbitrary Login","Severity":"high","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-24647.yaml"} {"ID":"CVE-2021-24666","Info":{"Name":"WordPress Podlove Podcast Publisher \u003c3.5.6 - SQL Injection","Severity":"critical","Description":"WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social \u0026 Donations module, not activated by default, adds the REST route /services/contributor/(?P\u003cid\u003e[\\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24666.yaml"} {"ID":"CVE-2021-24731","Info":{"Name":"Pie Register \u003c 3.7.1.6 - SQL Injection","Severity":"critical","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24731.yaml"} {"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24746.yaml"} {"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-24750.yaml"} {"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey \u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24762.yaml"} {"ID":"CVE-2021-24791","Info":{"Name":"Header Footer Code Manager \u003c 1.1.14 - Admin+ SQL Injection","Severity":"high","Description":"The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the \"orderby\" and \"order\" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24791.yaml"} {"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24827.yaml"} {"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24838.yaml"} {"ID":"CVE-2021-24849","Info":{"Name":"WCFM WooCommerce Multivendor Marketplace \u003c 3.4.12 - SQL Injection","Severity":"critical","Description":"The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24849.yaml"} {"ID":"CVE-2021-24862","Info":{"Name":"WordPress RegistrationMagic \u003c5.0.1.6 - Authenticated SQL Injection","Severity":"high","Description":"WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This is a potential issue in both WordPress and WordPress Administrator.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24862.yaml"} {"ID":"CVE-2021-24875","Info":{"Name":"WordPress eCommerce Product Catalog \u003c3.0.39 - Cross-Site Scripting","Severity":"medium","Description":"WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24875.yaml"} {"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24891.yaml"} {"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24910.yaml"} {"ID":"CVE-2021-24915","Info":{"Name":"Contest Gallery \u003c 13.1.0.6 - SQL injection","Severity":"critical","Description":"The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24915.yaml"} {"ID":"CVE-2021-24917","Info":{"Name":"WordPress WPS Hide Login \u003c1.9.1 - Information Disclosure","Severity":"high","Description":"WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24917.yaml"} {"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24926.yaml"} {"ID":"CVE-2021-24931","Info":{"Name":"WordPress Secure Copy Content Protection and Content Locking \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24931.yaml"} {"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24940.yaml"} {"ID":"CVE-2021-24943","Info":{"Name":"Registrations for the Events Calendar \u003c 2.7.6 - SQL Injection","Severity":"critical","Description":"The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24943.yaml"} {"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24946.yaml"} {"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24947.yaml"} {"ID":"CVE-2021-24956","Info":{"Name":"Blog2Social \u003c 6.8.7 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social: Social Media Auto Post \u0026 Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24956.yaml"} {"ID":"CVE-2021-24970","Info":{"Name":"WordPress All-In-One Video Gallery \u003c2.5.0 - Local File Inclusion","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24970.yaml"} {"ID":"CVE-2021-24979","Info":{"Name":"Paid Memberships Pro \u003c 2.6.6 - Cross-Site Scripting","Severity":"medium","Description":"The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24979.yaml"} {"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24987.yaml"} {"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-24991.yaml"} {"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24997.yaml"} {"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25003.yaml"} {"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25008.yaml"} {"ID":"CVE-2021-25016","Info":{"Name":"Chaty \u003c 2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25016.yaml"} {"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25028.yaml"} {"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25033.yaml"} {"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"} {"ID":"CVE-2021-25055","Info":{"Name":"WordPress FeedWordPress \u003c 2022.0123 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"The plugin is affected by a cross-site scripting vulnerability within the \"visibility\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25055.yaml"} {"ID":"CVE-2021-25063","Info":{"Name":"WordPress Contact Form 7 Skins \u003c=2.5.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25063.yaml"} {"ID":"CVE-2021-25065","Info":{"Name":"Smash Balloon Social Post Feed \u003c 4.1.1 - Authenticated Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25065.yaml"} {"ID":"CVE-2021-25067","Info":{"Name":"Landing Page Builder \u003c 1.4.9.6 - Cross-Site Scripting","Severity":"medium","Description":"The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25067.yaml"} {"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25074.yaml"} {"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2021/CVE-2021-25075.yaml"} {"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"} {"ID":"CVE-2021-25079","Info":{"Name":"Contact Form Entries \u003c 1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25079.yaml"} {"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"} {"ID":"CVE-2021-25094","Info":{"Name":"Wordpress Tatsubuilder \u003c= 3.3.11 - Remote Code Execution","Severity":"high","Description":"An unrestricted file upload in WordPress Tatsubuilder plugin version \u003c= 3.3.11 enables an unauthenticated attacker to perform a remote code execution (RCE) on the server host due to multiple weaknesses in the font import feature and put 100,000 websites at risk.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-25094.yaml"} {"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"} {"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"} {"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25111.yaml"} {"ID":"CVE-2021-25112","Info":{"Name":"WordPress WHMCS Bridge \u003c6.4b - Cross-Site Scripting","Severity":"medium","Description":"WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25112.yaml"} {"ID":"CVE-2021-25114","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.6.7 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25114.yaml"} {"ID":"CVE-2021-25118","Info":{"Name":"Yoast SEO 16.7-17.2 - Information Disclosure","Severity":"medium","Description":"Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-25118.yaml"} {"ID":"CVE-2021-25120","Info":{"Name":"Easy Social Feed \u003c 6.2.7 - Cross-Site Scripting","Severity":"medium","Description":"Easy Social Feed \u003c 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25120.yaml"} {"ID":"CVE-2021-25281","Info":{"Name":"SaltStack Salt \u003c3002.5 - Auth Bypass","Severity":"critical","Description":"SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25281.yaml"} {"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25296.yaml"} {"ID":"CVE-2021-25297","Info":{"Name":"Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25297.yaml"} {"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25298.yaml"} {"ID":"CVE-2021-25299","Info":{"Name":"Nagios XI 5.7.5 - Cross-Site Scripting","Severity":"medium","Description":"Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with the previous bugs to get one-click remote command execution on the Nagios XI server.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25299.yaml"} {"ID":"CVE-2021-25646","Info":{"Name":"Apache Druid - Remote Code Execution","Severity":"high","Description":"Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25646.yaml"} {"ID":"CVE-2021-25864","Info":{"Name":"Hue Magic 3.0.0 - Local File Inclusion","Severity":"high","Description":"Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-25864.yaml"} {"ID":"CVE-2021-25899","Info":{"Name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","Severity":"high","Description":"Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-25899.yaml"} {"ID":"CVE-2021-26084","Info":{"Name":"Confluence Server - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG \u003e User Management \u003e User Signup Options.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-26084.yaml"} {"ID":"CVE-2021-26085","Info":{"Name":"Atlassian Confluence Server - Local File Inclusion","Severity":"medium","Description":"Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26085.yaml"} {"ID":"CVE-2021-26086","Info":{"Name":"Atlassian Jira Limited - Local File Inclusion","Severity":"medium","Description":"Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26086.yaml"} {"ID":"CVE-2021-26247","Info":{"Name":"Cacti - Cross-Site Scripting","Severity":"medium","Description":"Cacti contains a cross-site scripting vulnerability via \"http://\u003cCACTI_SERVER\u003e/auth_changepassword.php?ref=\u003cscript\u003ealert(1)\u003c/script\u003e\" which can successfully execute the JavaScript payload present in the \"ref\" URL parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26247.yaml"} {"ID":"CVE-2021-26292","Info":{"Name":"AfterLogic Aurora and WebMail Pro \u003c 7.7.9 - Full Path Disclosure","Severity":"low","Description":"AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-26292.yaml"} {"ID":"CVE-2021-26294","Info":{"Name":"AfterLogic Aurora and WebMail Pro \u003c 7.7.9 - Information Disclosure","Severity":"high","Description":"AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-26294.yaml"} {"ID":"CVE-2021-26295","Info":{"Name":"Apache OFBiz \u003c17.12.06 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-26295.yaml"} {"ID":"CVE-2021-26475","Info":{"Name":"EPrints 3.4.2 - Cross-Site Scripting","Severity":"medium","Description":"EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26475.yaml"} {"ID":"CVE-2021-26598","Info":{"Name":"ImpressCMS \u003c1.4.3 - Incorrect Authorization","Severity":"medium","Description":"ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-26598.yaml"} {"ID":"CVE-2021-26702","Info":{"Name":"EPrints 3.4.2 - Cross-Site Scripting","Severity":"medium","Description":"EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26702.yaml"} {"ID":"CVE-2021-26710","Info":{"Name":"Redwood Report2Web 4.3.4.5 \u0026 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26710.yaml"} {"ID":"CVE-2021-26723","Info":{"Name":"Jenzabar 9.2x-9.2.2 - Cross-Site Scripting","Severity":"medium","Description":"Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search\u0026query.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26723.yaml"} {"ID":"CVE-2021-26812","Info":{"Name":"Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting","Severity":"medium","Description":"Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the \"sessionpriv.php\" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26812.yaml"} {"ID":"CVE-2021-26855","Info":{"Name":"Microsoft Exchange Server SSRF Vulnerability","Severity":"critical","Description":"This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-26855.yaml"} {"ID":"CVE-2021-27124","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"medium","Description":"SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-27124.yaml"} {"ID":"CVE-2021-27132","Info":{"Name":"Sercomm VD625 Smart Modems - CRLF Injection","Severity":"critical","Description":"Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27132.yaml"} {"ID":"CVE-2021-27309","Info":{"Name":"Clansphere CMS 2011.4 - Cross-Site Scripting","Severity":"medium","Description":"Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the \"module\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27309.yaml"} {"ID":"CVE-2021-27310","Info":{"Name":"Clansphere CMS 2011.4 - Cross-Site Scripting","Severity":"medium","Description":"Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the \"language\" parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27310.yaml"} {"ID":"CVE-2021-27314","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"critical","Description":"SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27314.yaml"} {"ID":"CVE-2021-27315","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27315.yaml"} {"ID":"CVE-2021-27316","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27316.yaml"} {"ID":"CVE-2021-27319","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27319.yaml"} {"ID":"CVE-2021-27320","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27320.yaml"} {"ID":"CVE-2021-27330","Info":{"Name":"Triconsole Datepicker Calendar \u003c3.77 - Cross-Site Scripting","Severity":"medium","Description":"Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27330.yaml"} {"ID":"CVE-2021-27358","Info":{"Name":"Grafana Unauthenticated Snapshot Creation","Severity":"high","Description":"Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27358.yaml"} {"ID":"CVE-2021-27519","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27519.yaml"} {"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27520.yaml"} {"ID":"CVE-2021-27561","Info":{"Name":"YeaLink DM 3.6.0.20 - Remote Command Injection","Severity":"critical","Description":"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27561.yaml"} {"ID":"CVE-2021-27651","Info":{"Name":"Pega Infinity - Authentication Bypass","Severity":"critical","Description":"Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27651.yaml"} {"ID":"CVE-2021-27670","Info":{"Name":"Appspace 6.2.4 - Server-Side Request Forgery","Severity":"critical","Description":"Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27670.yaml"} {"ID":"CVE-2021-27748","Info":{"Name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","Severity":"high","Description":"IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-27748.yaml"} {"ID":"CVE-2021-27850","Info":{"Name":"Apache Tapestry - Remote Code Execution","Severity":"critical","Description":"Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27850.yaml"} {"ID":"CVE-2021-27905","Info":{"Name":"Apache Solr \u003c=8.8.1 - Server-Side Request Forgery","Severity":"critical","Description":"Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at \"/replication\" under a Solr core) in Apache Solr has a \"masterUrl\" (also \"leaderUrl\" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the \"shards\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27905.yaml"} {"ID":"CVE-2021-27909","Info":{"Name":"Mautic \u003c3.3.4 - Cross-Site Scripting","Severity":"medium","Description":"Mautic before 3.3.4 contains a cross-site scripting vulnerability on the password reset page in the bundle parameter of the URL. An attacker can inject arbitrary script, steal cookie-based authentication credentials, and/or launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27909.yaml"} {"ID":"CVE-2021-27931","Info":{"Name":"LumisXP \u003c10.0.0 - Blind XML External Entity Attack","Severity":"critical","Description":"LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-27931.yaml"} {"ID":"CVE-2021-28073","Info":{"Name":"Ntopng Authentication Bypass","Severity":"critical","Description":"Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng \u003c= 4.2","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-28073.yaml"} {"ID":"CVE-2021-28149","Info":{"Name":"Hongdian H8922 3.0.5 Devices - Local File Inclusion","Severity":"medium","Description":"Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-28149.yaml"} {"ID":"CVE-2021-28150","Info":{"Name":"Hongdian H8922 3.0.5 - Information Disclosure","Severity":"medium","Description":"Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.5"}},"file_path":"http/cves/2021/CVE-2021-28150.yaml"} {"ID":"CVE-2021-28151","Info":{"Name":"Hongdian H8922 3.0.5 - Remote Command Injection","Severity":"high","Description":"Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-28151.yaml"} {"ID":"CVE-2021-28164","Info":{"Name":"Eclipse Jetty - Information Disclosure","Severity":"medium","Description":"Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding the implementation of a web application.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-28164.yaml"} {"ID":"CVE-2021-28169","Info":{"Name":"Eclipse Jetty ConcatServlet - Information Disclosure","Severity":"medium","Description":"Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-28169.yaml"} {"ID":"CVE-2021-28377","Info":{"Name":"Joomla! ChronoForums 2.0.11 - Local File Inclusion","Severity":"medium","Description":"Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-28377.yaml"} {"ID":"CVE-2021-28854","Info":{"Name":"VICIdial Sensitive Information Disclosure","Severity":"high","Description":"VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-28854.yaml"} {"ID":"CVE-2021-28918","Info":{"Name":"Netmask NPM Package - Server-Side Request Forgery","Severity":"critical","Description":"Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-28918.yaml"} {"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-28937.yaml"} {"ID":"CVE-2021-29006","Info":{"Name":"rConfig 3.9.6 - Local File Inclusion","Severity":"medium","Description":"rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-29006.yaml"} {"ID":"CVE-2021-29156","Info":{"Name":"LDAP Injection In OpenAM","Severity":"high","Description":"OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29156.yaml"} {"ID":"CVE-2021-29200","Info":{"Name":"Apache OFBiz \u003c 17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29200.yaml"} {"ID":"CVE-2021-29203","Info":{"Name":"HPE Edgeline Infrastructure Manager \u003c1.22 - Authentication Bypass","Severity":"critical","Description":"HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29203.yaml"} {"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29441.yaml"} {"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29442.yaml"} {"ID":"CVE-2021-29484","Info":{"Name":"Ghost CMS \u003c=4.32 - Cross-Site Scripting","Severity":"medium","Description":"Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2021/CVE-2021-29484.yaml"} {"ID":"CVE-2021-29490","Info":{"Name":"Jellyfin 10.7.2 - Server Side Request Forgery","Severity":"medium","Description":"Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2021/CVE-2021-29490.yaml"} {"ID":"CVE-2021-29505","Info":{"Name":"XStream \u003c1.4.17 - Remote Code Execution","Severity":"high","Description":"XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-29505.yaml"} {"ID":"CVE-2021-29622","Info":{"Name":"Prometheus - Open Redirect","Severity":"medium","Description":"Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-29622.yaml"} {"ID":"CVE-2021-29625","Info":{"Name":"Adminer \u003c=4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-29625.yaml"} {"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-3002.yaml"} {"ID":"CVE-2021-30049","Info":{"Name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-30049.yaml"} {"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-30128.yaml"} {"ID":"CVE-2021-30134","Info":{"Name":"Php-mod/curl Library \u003c2.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-30134.yaml"} {"ID":"CVE-2021-30151","Info":{"Name":"Sidekiq \u003c=6.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-30151.yaml"} {"ID":"CVE-2021-3017","Info":{"Name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","Severity":"high","Description":"Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-3017.yaml"} {"ID":"CVE-2021-30175","Info":{"Name":"ZEROF Web Server 1.0 - SQL Injection","Severity":"critical","Description":"ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-30175.yaml"} {"ID":"CVE-2021-3019","Info":{"Name":"ffay lanproxy Directory Traversal","Severity":"high","Description":"ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-3019.yaml"} {"ID":"CVE-2021-30213","Info":{"Name":"Knowage Suite 7.3 - Cross-Site Scripting","Severity":"medium","Description":"Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-30213.yaml"} {"ID":"CVE-2021-30461","Info":{"Name":"VoipMonitor \u003c24.61 - Remote Code Execution","Severity":"critical","Description":"VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-30461.yaml"} {"ID":"CVE-2021-30497","Info":{"Name":"Ivanti Avalanche 6.3.2 - Local File Inclusion","Severity":"high","Description":"Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-30497.yaml"} {"ID":"CVE-2021-3110","Info":{"Name":"PrestaShop 1.7.7.0 - SQL Injection","Severity":"critical","Description":"PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3110.yaml"} {"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31195.yaml"} {"ID":"CVE-2021-31249","Info":{"Name":"CHIYU TCP/IP Converter - Carriage Return Line Feed Injection","Severity":"medium","Description":"CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31249.yaml"} {"ID":"CVE-2021-31250","Info":{"Name":"CHIYU TCP/IP Converter - Cross-Site Scripting","Severity":"medium","Description":"CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-31250.yaml"} {"ID":"CVE-2021-3129","Info":{"Name":"Laravel with Ignition \u003c= v8.4.2 Debug Mode - Remote Code Execution","Severity":"critical","Description":"Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3129.yaml"} {"ID":"CVE-2021-31537","Info":{"Name":"SIS Informatik REWE GO SP17 \u003c7.7 - Cross-Site Scripting","Severity":"medium","Description":"SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-31537.yaml"} {"ID":"CVE-2021-31581","Info":{"Name":"Akkadian Provisioning Manager - Information Disclosure","Severity":"medium","Description":"Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped.","Classification":{"CVSSScore":"4.4"}},"file_path":"http/cves/2021/CVE-2021-31581.yaml"} {"ID":"CVE-2021-31589","Info":{"Name":"BeyondTrust Secure Remote Access Base \u003c=6.0.1 - Cross-Site Scripting","Severity":"medium","Description":"BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-31589.yaml"} {"ID":"CVE-2021-31602","Info":{"Name":"Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass","Severity":"high","Description":"Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-31602.yaml"} {"ID":"CVE-2021-31682","Info":{"Name":"WebCTRL OEM \u003c= 6.5 - Cross-Site Scripting","Severity":"medium","Description":"WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-31682.yaml"} {"ID":"CVE-2021-31755","Info":{"Name":"Tenda Router AC11 - Remote Command Injection","Severity":"critical","Description":"Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-31755.yaml"} {"ID":"CVE-2021-31805","Info":{"Name":"Apache Struts2 S2-062 - Remote Code Execution","Severity":"critical","Description":"Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 (S2-061) was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-31805.yaml"} {"ID":"CVE-2021-31856","Info":{"Name":"Layer5 Meshery 0.5.2 - SQL Injection","Severity":"critical","Description":"Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-31856.yaml"} {"ID":"CVE-2021-31862","Info":{"Name":"SysAid 20.4.74 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-31862.yaml"} {"ID":"CVE-2021-32030","Info":{"Name":"ASUS GT-AC2900 - Authentication Bypass","Severity":"critical","Description":"ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\u0000' matches the device's default value of '\u0000' in some situations.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-32030.yaml"} {"ID":"CVE-2021-32172","Info":{"Name":"Maian Cart \u003c=3.8 - Remote Code Execution","Severity":"critical","Description":"Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-32172.yaml"} {"ID":"CVE-2021-3223","Info":{"Name":"Node RED Dashboard \u003c2.26.2 - Local File Inclusion","Severity":"high","Description":"NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-3223.yaml"} {"ID":"CVE-2021-32305","Info":{"Name":"Websvn \u003c2.6.1 - Remote Code Execution","Severity":"critical","Description":"WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-32305.yaml"} {"ID":"CVE-2021-32618","Info":{"Name":"Python Flask-Security - Open Redirect","Severity":"medium","Description":"Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-32618.yaml"} {"ID":"CVE-2021-32682","Info":{"Name":"elFinder 2.1.58 - Remote Code Execution","Severity":"critical","Description":"elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-32682.yaml"} {"ID":"CVE-2021-32789","Info":{"Name":"WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection","Severity":"high","Description":"woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-32789.yaml"} {"ID":"CVE-2021-32819","Info":{"Name":"Nodejs Squirrelly - Remote Code Execution","Severity":"high","Description":"Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-32819.yaml"} {"ID":"CVE-2021-32820","Info":{"Name":"Express-handlebars - Local File Inclusion","Severity":"high","Description":"Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-32820.yaml"} {"ID":"CVE-2021-32853","Info":{"Name":"Erxes \u003c0.23.0 - Cross-Site Scripting","Severity":"critical","Description":"Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2021/CVE-2021-32853.yaml"} {"ID":"CVE-2021-3293","Info":{"Name":"emlog 5.3.1 Path Disclosure","Severity":"medium","Description":"emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-3293.yaml"} {"ID":"CVE-2021-3297","Info":{"Name":"Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass","Severity":"high","Description":"Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2021/CVE-2021-3297.yaml"} {"ID":"CVE-2021-33044","Info":{"Name":"Dahua IPC/VTH/VTO - Authentication Bypass","Severity":"critical","Description":"Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33044.yaml"} {"ID":"CVE-2021-33221","Info":{"Name":"CommScope Ruckus IoT Controller - Information Disclosure","Severity":"critical","Description":"CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33221.yaml"} {"ID":"CVE-2021-33357","Info":{"Name":"RaspAP \u003c=2.6.5 - Remote Command Injection","Severity":"critical","Description":"RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the \"iface\" GET parameter in /ajax/networking/get_netcfg.php, when the \"iface\" parameter value contains special characters such as \";\".\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33357.yaml"} {"ID":"CVE-2021-33544","Info":{"Name":"Geutebruck - Remote Command Injection","Severity":"high","Description":"Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-33544.yaml"} {"ID":"CVE-2021-33564","Info":{"Name":"Ruby Dragonfly \u003c1.4.0 - Remote Code Execution","Severity":"critical","Description":"Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-33564.yaml"} {"ID":"CVE-2021-33690","Info":{"Name":"SAP NetWeaver Development Infrastructure - Server Side Request Forgery","Severity":"critical","Description":"Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2021/CVE-2021-33690.yaml"} {"ID":"CVE-2021-3374","Info":{"Name":"Rstudio Shiny Server \u003c1.5.16 - Local File Inclusion","Severity":"medium","Description":"Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-3374.yaml"} {"ID":"CVE-2021-3377","Info":{"Name":"npm ansi_up v4 - Cross-Site Scripting","Severity":"medium","Description":"npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-3377.yaml"} {"ID":"CVE-2021-3378","Info":{"Name":"FortiLogger 4.4.2.2 - Arbitrary File Upload","Severity":"critical","Description":"FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a \"Content-Type: image/png\" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3378.yaml"} {"ID":"CVE-2021-33807","Info":{"Name":"Cartadis Gespage 8.2.1 - Directory Traversal","Severity":"high","Description":"Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-33807.yaml"} {"ID":"CVE-2021-33851","Info":{"Name":"WordPress Customize Login Image \u003c3.5.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-33851.yaml"} {"ID":"CVE-2021-33904","Info":{"Name":"Accela Civic Platform \u003c=21.1 - Cross-Site Scripting","Severity":"medium","Description":"Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-33904.yaml"} {"ID":"CVE-2021-34370","Info":{"Name":"Accela Civic Platform \u003c=21.1 - Cross-Site Scripting","Severity":"medium","Description":"Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-34370.yaml"} {"ID":"CVE-2021-34429","Info":{"Name":"Eclipse Jetty - Information Disclosure","Severity":"medium","Description":"Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-34429.yaml"} {"ID":"CVE-2021-34473","Info":{"Name":"Exchange Server - Remote Code Execution","Severity":"critical","Description":"Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-34473.yaml"} {"ID":"CVE-2021-34621","Info":{"Name":"WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness","Severity":"critical","Description":"ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-34621.yaml"} {"ID":"CVE-2021-34640","Info":{"Name":"WordPress Securimage-WP-Fixed \u003c=3.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-34640.yaml"} {"ID":"CVE-2021-34643","Info":{"Name":"WordPress Skaut Bazar \u003c1.3.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-34643.yaml"} {"ID":"CVE-2021-34805","Info":{"Name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","Severity":"high","Description":"FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-34805.yaml"} {"ID":"CVE-2021-35250","Info":{"Name":"SolarWinds Serv-U 15.3 - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35250.yaml"} {"ID":"CVE-2021-35265","Info":{"Name":"MaxSite CMS \u003e V106 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35265.yaml"} {"ID":"CVE-2021-35323","Info":{"Name":"Bludit 3.13.1 - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35323.yaml"} {"ID":"CVE-2021-35336","Info":{"Name":"Tieline IP Audio Gateway \u003c=2.6.4.8 - Unauthorized Remote Admin Panel Access","Severity":"critical","Description":"Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35336.yaml"} {"ID":"CVE-2021-35380","Info":{"Name":"TermTalk Server 3.24.0.2 - Local File Inclusion","Severity":"high","Description":"TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35380.yaml"} {"ID":"CVE-2021-35395","Info":{"Name":"RealTek Jungle SDK - Arbitrary Command Injection","Severity":"critical","Description":"There is a command injection vulnerability on the \"formWsc\" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35395.yaml"} {"ID":"CVE-2021-35464","Info":{"Name":"ForgeRock OpenAM \u003c7.0 - Remote Code Execution","Severity":"critical","Description":"ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.\nThe exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted\n/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)\nfound in versions of Java 8 or earlier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35464.yaml"} {"ID":"CVE-2021-35488","Info":{"Name":"Thruk 2.40-2 - Cross-Site Scripting","Severity":"medium","Description":"Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined\u0026title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35488.yaml"} {"ID":"CVE-2021-35587","Info":{"Name":"Oracle Access Manager - Remote Code Execution","Severity":"critical","Description":"The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35587.yaml"} {"ID":"CVE-2021-3577","Info":{"Name":"Motorola Baby Monitors - Remote Command Execution","Severity":"high","Description":"Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-3577.yaml"} {"ID":"CVE-2021-36260","Info":{"Name":"Hikvision IP camera/NVR - Remote Command Execution","Severity":"critical","Description":"Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-36260.yaml"} {"ID":"CVE-2021-36356","Info":{"Name":"Kramer VIAware - Remote Code Execution","Severity":"critical","Description":"KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-36356.yaml"} {"ID":"CVE-2021-36380","Info":{"Name":"Sunhillo SureLine \u003c8.7.0.1.1 - Unauthenticated OS Command Injection","Severity":"critical","Description":"Sunhillo SureLine \u003c8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-36380.yaml"} {"ID":"CVE-2021-36450","Info":{"Name":"Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting","Severity":"medium","Description":"Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-36450.yaml"} {"ID":"CVE-2021-3654","Info":{"Name":"Nova noVNC - Open Redirect","Severity":"medium","Description":"Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-3654.yaml"} {"ID":"CVE-2021-36580","Info":{"Name":"IceWarp Mail Server - Open Redirect","Severity":"medium","Description":"IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-36580.yaml"} {"ID":"CVE-2021-36748","Info":{"Name":"PrestaHome Blog for PrestaShop \u003c1.7.8 - SQL Injection","Severity":"high","Description":"PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-36748.yaml"} {"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-36749.yaml"} {"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-36873.yaml"} {"ID":"CVE-2021-37216","Info":{"Name":"QSAN Storage Manager \u003c3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37216.yaml"} {"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"} {"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"} {"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"} {"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6 - SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"} {"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"} {"ID":"CVE-2021-37580","Info":{"Name":"Apache ShenYu Admin JWT - Authentication Bypass","Severity":"critical","Description":"Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37580.yaml"} {"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"} {"ID":"CVE-2021-37704","Info":{"Name":"phpfastcache - phpinfo Resource Exposure","Severity":"medium","Description":"phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-37704.yaml"} {"ID":"CVE-2021-37833","Info":{"Name":"Hotel Druid 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37833.yaml"} {"ID":"CVE-2021-38146","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download","Severity":"high","Description":"The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38146.yaml"} {"ID":"CVE-2021-38147","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Information Disclosure","Severity":"high","Description":"Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38147.yaml"} {"ID":"CVE-2021-38314","Info":{"Name":"WordPress Redux Framework \u003c=4.2.11 - Information Disclosure","Severity":"medium","Description":"WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-38314.yaml"} {"ID":"CVE-2021-38540","Info":{"Name":"Apache Airflow - Unauthenticated Variable Import","Severity":"critical","Description":"Apache Airflow Airflow \u003e=2.0.0 and \u003c2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38540.yaml"} {"ID":"CVE-2021-38647","Info":{"Name":"Microsoft Open Management Infrastructure - Remote Code Execution","Severity":"critical","Description":"Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38647.yaml"} {"ID":"CVE-2021-38702","Info":{"Name":"Cyberoam NetGenie Cross-Site Scripting","Severity":"medium","Description":"Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-38702.yaml"} {"ID":"CVE-2021-38704","Info":{"Name":"ClinicCases 7.3.3 Cross-Site Scripting","Severity":"medium","Description":"ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-38704.yaml"} {"ID":"CVE-2021-38751","Info":{"Name":"ExponentCMS \u003c= 2.6 - Host Header Injection","Severity":"medium","Description":"An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-38751.yaml"} {"ID":"CVE-2021-39141","Info":{"Name":"XStream 1.4.18 - Remote Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39141.yaml"} {"ID":"CVE-2021-39144","Info":{"Name":"XStream 1.4.18 - Remote Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39144.yaml"} {"ID":"CVE-2021-39146","Info":{"Name":"XStream 1.4.18 - Arbitrary Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39146.yaml"} {"ID":"CVE-2021-39152","Info":{"Name":"XStream \u003c1.4.18 - Server-Side Request Forgery","Severity":"high","Description":"XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39152.yaml"} {"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"medium","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"} {"ID":"CVE-2021-39211","Info":{"Name":"GLPI 9.2/\u003c9.5.6 - Information Disclosure","Severity":"medium","Description":"GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-39211.yaml"} {"ID":"CVE-2021-39226","Info":{"Name":"Grafana Snapshot - Authentication Bypass","Severity":"high","Description":"Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2021/CVE-2021-39226.yaml"} {"ID":"CVE-2021-39312","Info":{"Name":"WordPress True Ranker \u003c2.2.4 - Local File Inclusion","Severity":"high","Description":"WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39312.yaml"} {"ID":"CVE-2021-39316","Info":{"Name":"WordPress DZS Zoomsounds \u003c=6.50 - Local File Inclusion","Severity":"high","Description":"WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39316.yaml"} {"ID":"CVE-2021-39320","Info":{"Name":"WordPress Under Construction \u003c1.19 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file on certain configurations, including Apache+modPHP.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-39320.yaml"} {"ID":"CVE-2021-39322","Info":{"Name":"WordPress Easy Social Icons Plugin \u003c 3.0.9 - Cross-Site Scripting","Severity":"medium","Description":"The Easy Social Icons plugin \u003c= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-39322.yaml"} {"ID":"CVE-2021-39327","Info":{"Name":"WordPress BulletProof Security 5.1 Information Disclosure","Severity":"medium","Description":"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-39327.yaml"} {"ID":"CVE-2021-39350","Info":{"Name":"FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting","Severity":"medium","Description":"The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-39350.yaml"} {"ID":"CVE-2021-39433","Info":{"Name":"BIQS IT Biqs-drive v1.83 Local File Inclusion","Severity":"high","Description":"A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39433.yaml"} {"ID":"CVE-2021-39501","Info":{"Name":"EyouCMS 1.5.4 Open Redirect","Severity":"medium","Description":"EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-39501.yaml"} {"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"} {"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"} {"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"} {"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"} {"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"} {"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"} {"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"} {"ID":"CVE-2021-40661","Info":{"Name":"IND780 - Local File Inclusion","Severity":"high","Description":"IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40661.yaml"} {"ID":"CVE-2021-40822","Info":{"Name":"Geoserver - Server-Side Request Forgery","Severity":"high","Description":"GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40822.yaml"} {"ID":"CVE-2021-40856","Info":{"Name":"Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass","Severity":"high","Description":"Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix \"/about/../\" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40856.yaml"} {"ID":"CVE-2021-40859","Info":{"Name":"Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor","Severity":"critical","Description":"Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint (\"https://192.168.1[.]2/about_state\"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40859.yaml"} {"ID":"CVE-2021-40868","Info":{"Name":"Cloudron 6.2 Cross-Site Scripting","Severity":"medium","Description":"In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40868.yaml"} {"ID":"CVE-2021-40870","Info":{"Name":"Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution","Severity":"critical","Description":"Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40870.yaml"} {"ID":"CVE-2021-40875","Info":{"Name":"Gurock TestRail Application files.md5 Exposure","Severity":"high","Description":"Improper access control in Gurock TestRail versions \u003c 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40875.yaml"} {"ID":"CVE-2021-40960","Info":{"Name":"Galera WebTemplate 1.0 Directory Traversal","Severity":"critical","Description":"Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40960.yaml"} {"ID":"CVE-2021-40968","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40968.yaml"} {"ID":"CVE-2021-40969","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40969.yaml"} {"ID":"CVE-2021-40970","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40970.yaml"} {"ID":"CVE-2021-40971","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40971.yaml"} {"ID":"CVE-2021-40972","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40972.yaml"} {"ID":"CVE-2021-40973","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40973.yaml"} {"ID":"CVE-2021-40978","Info":{"Name":"MKdocs 1.2.2 - Directory Traversal","Severity":"high","Description":"The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40978.yaml"} {"ID":"CVE-2021-41174","Info":{"Name":"Grafana 8.0.0 \u003c= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","Severity":"medium","Description":"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41174.yaml"} {"ID":"CVE-2021-41192","Info":{"Name":"Redash Setup Configuration - Default Secrets Disclosure","Severity":"medium","Description":"Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions \u003c=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41192.yaml"} {"ID":"CVE-2021-41266","Info":{"Name":"MinIO Operator Console Authentication Bypass","Severity":"critical","Description":"MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41266.yaml"} {"ID":"CVE-2021-41277","Info":{"Name":"Metabase - Local File Inclusion","Severity":"high","Description":"Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41277.yaml"} {"ID":"CVE-2021-41282","Info":{"Name":"pfSense - Arbitrary File Write","Severity":"high","Description":"diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-41282.yaml"} {"ID":"CVE-2021-41291","Info":{"Name":"ECOA Building Automation System - Directory Traversal Content Disclosure","Severity":"high","Description":"The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41291.yaml"} {"ID":"CVE-2021-41293","Info":{"Name":"ECOA Building Automation System - Arbitrary File Retrieval","Severity":"high","Description":"The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41293.yaml"} {"ID":"CVE-2021-41349","Info":{"Name":"Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41349.yaml"} {"ID":"CVE-2021-41381","Info":{"Name":"Payara Micro Community 5.2021.6 Directory Traversal","Severity":"high","Description":"Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41381.yaml"} {"ID":"CVE-2021-41432","Info":{"Name":"FlatPress 1.2.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-41432.yaml"} {"ID":"CVE-2021-41460","Info":{"Name":"ECShop 4.1.0 - SQL Injection","Severity":"high","Description":"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41460.yaml"} {"ID":"CVE-2021-41467","Info":{"Name":"JustWriting - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41467.yaml"} {"ID":"CVE-2021-41569","Info":{"Name":"SAS/Internet 9.4 1520 - Local File Inclusion","Severity":"high","Description":"SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41569.yaml"} {"ID":"CVE-2021-41648","Info":{"Name":"PuneethReddyHC action.php SQL Injection","Severity":"high","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41648.yaml"} {"ID":"CVE-2021-41649","Info":{"Name":"PuneethReddyHC Online Shopping System homeaction.php SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41649.yaml"} {"ID":"CVE-2021-41653","Info":{"Name":"TP-Link - OS Command Injection","Severity":"critical","Description":"The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41653.yaml"} {"ID":"CVE-2021-41691","Info":{"Name":"openSIS Student Information System 8.0 SQL Injection","Severity":"high","Description":"openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-41691.yaml"} {"ID":"CVE-2021-41749","Info":{"Name":"CraftCMS SEOmatic - Server-Side Template Injection","Severity":"critical","Description":"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41749.yaml"} {"ID":"CVE-2021-41773","Info":{"Name":"Apache 2.4.49 - Path Traversal and Remote Code Execution","Severity":"high","Description":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41773.yaml"} {"ID":"CVE-2021-41826","Info":{"Name":"PlaceOS 1.2109.1 - Open Redirection","Severity":"medium","Description":"PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41826.yaml"} {"ID":"CVE-2021-41878","Info":{"Name":"i-Panel Administration System 2.0 - Cross-Site Scripting","Severity":"medium","Description":"i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41878.yaml"} {"ID":"CVE-2021-4191","Info":{"Name":"GitLab GraphQL API User Enumeration","Severity":"medium","Description":"An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-4191.yaml"} {"ID":"CVE-2021-41951","Info":{"Name":"Resourcespace - Cross-Site Scripting","Severity":"medium","Description":"ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41951.yaml"} {"ID":"CVE-2021-42013","Info":{"Name":"Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution","Severity":"critical","Description":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42013.yaml"} {"ID":"CVE-2021-42063","Info":{"Name":"SAP Knowledge Warehouse \u003c=7.5.0 - Cross-Site Scripting","Severity":"medium","Description":"SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-42063.yaml"} {"ID":"CVE-2021-42071","Info":{"Name":"Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection","Severity":"critical","Description":"Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42071.yaml"} {"ID":"CVE-2021-42192","Info":{"Name":"KONGA 0.14.9 - Privilege Escalation","Severity":"high","Description":"KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-42192.yaml"} {"ID":"CVE-2021-42237","Info":{"Name":"Sitecore Experience Platform Pre-Auth RCE","Severity":"critical","Description":"Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42237.yaml"} {"ID":"CVE-2021-42258","Info":{"Name":"BillQuick Web Suite SQL Injection","Severity":"critical","Description":"BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42258.yaml"} {"ID":"CVE-2021-42551","Info":{"Name":"NetBiblio WebOPAC - Cross-Site Scripting","Severity":"medium","Description":"NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-42551.yaml"} {"ID":"CVE-2021-42565","Info":{"Name":"myfactory FMS - Cross-Site Scripting","Severity":"medium","Description":"myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-42565.yaml"} {"ID":"CVE-2021-42566","Info":{"Name":"myfactory FMS - Cross-Site Scripting","Severity":"medium","Description":"myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-42566.yaml"} {"ID":"CVE-2021-42567","Info":{"Name":"Apereo CAS Cross-Site Scripting","Severity":"medium","Description":"Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-42567.yaml"} {"ID":"CVE-2021-42627","Info":{"Name":"D-Link DIR-615 - Unauthorized Access","Severity":"critical","Description":"D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42627.yaml"} {"ID":"CVE-2021-42663","Info":{"Name":"Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting","Severity":"medium","Description":"Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link, the content of the HTML code of the attacker's choice displays.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-42663.yaml"} {"ID":"CVE-2021-42667","Info":{"Name":"Online Event Booking and Reservation System 2.3.0 - SQL Injection","Severity":"critical","Description":"Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42667.yaml"} {"ID":"CVE-2021-42887","Info":{"Name":"TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass","Severity":"critical","Description":"TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-42887.yaml"} {"ID":"CVE-2021-43062","Info":{"Name":"Fortinet FortiMail 7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43062.yaml"} {"ID":"CVE-2021-43287","Info":{"Name":"Pre-Auth Takeover of Build Pipelines in GoCD","Severity":"high","Description":"GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43287.yaml"} {"ID":"CVE-2021-43421","Info":{"Name":"Studio-42 elFinder \u003c2.1.60 - Arbitrary File Upload","Severity":"critical","Description":"Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-43421.yaml"} {"ID":"CVE-2021-43495","Info":{"Name":"AlquistManager Local File Inclusion","Severity":"high","Description":"AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43495.yaml"} {"ID":"CVE-2021-43496","Info":{"Name":"Clustering Local File Inclusion","Severity":"high","Description":"Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43496.yaml"} {"ID":"CVE-2021-43510","Info":{"Name":"Sourcecodester Simple Client Management System 1.0 - SQL Injection","Severity":"critical","Description":"Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-43510.yaml"} {"ID":"CVE-2021-43574","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43574.yaml"} {"ID":"CVE-2021-43725","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43725.yaml"} {"ID":"CVE-2021-43734","Info":{"Name":"kkFileview v4.0.0 - Local File Inclusion","Severity":"high","Description":"kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43734.yaml"} {"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43778.yaml"} {"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x - Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43798.yaml"} {"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"} {"ID":"CVE-2021-43831","Info":{"Name":"Gradio \u003c 2.5.0 - Arbitrary File Read","Severity":"high","Description":"Files on the host computer can be accessed from the Gradio interface\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-43831.yaml"} {"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"} {"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"} {"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"} {"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44152.yaml"} {"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-44228.yaml"} {"ID":"CVE-2021-4436","Info":{"Name":"3DPrint Lite \u003c 1.9.1.5 - Arbitrary File Upload","Severity":"critical","Description":"The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-4436.yaml"} {"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44427.yaml"} {"ID":"CVE-2021-44451","Info":{"Name":"Apache Superset \u003c=1.3.2 - Default Login","Severity":"medium","Description":"Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-44451.yaml"} {"ID":"CVE-2021-44515","Info":{"Name":"Zoho ManageEngine Desktop Central - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44515.yaml"} {"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"} {"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"} {"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"} {"ID":"CVE-2021-44910","Info":{"Name":"SpringBlade - Information Leakage","Severity":"high","Description":"SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-44910.yaml"} {"ID":"CVE-2021-45043","Info":{"Name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","Severity":"high","Description":"Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45043.yaml"} {"ID":"CVE-2021-45046","Info":{"Name":"Apache Log4j2 - Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-45046.yaml"} {"ID":"CVE-2021-45092","Info":{"Name":"Thinfinity Iframe Injection","Severity":"critical","Description":"A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the \"vpath\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45092.yaml"} {"ID":"CVE-2021-45232","Info":{"Name":"Apache APISIX Dashboard \u003c2.10.1 - API Unauthorized Access","Severity":"critical","Description":"In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45232.yaml"} {"ID":"CVE-2021-45380","Info":{"Name":"AppCMS - Cross-Site Scripting","Severity":"medium","Description":"AppCMS 2.0.101 has a cross-site scripting vulnerability in \\templates\\m\\inc_head.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45380.yaml"} {"ID":"CVE-2021-45382","Info":{"Name":"D-Link - Remote Command Execution","Severity":"critical","Description":"A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45382.yaml"} {"ID":"CVE-2021-45422","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process \"count\" parameter via GET.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45422.yaml"} {"ID":"CVE-2021-45428","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45428.yaml"} {"ID":"CVE-2021-45967","Info":{"Name":"Pascom CPS Server-Side Request Forgery","Severity":"critical","Description":"Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45967.yaml"} {"ID":"CVE-2021-45968","Info":{"Name":"Pascom CPS - Local File Inclusion","Severity":"high","Description":"Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45968.yaml"} {"ID":"CVE-2021-46005","Info":{"Name":"Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting","Severity":"medium","Description":"Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-46005.yaml"} {"ID":"CVE-2021-46068","Info":{"Name":"Vehicle Service Management System - Stored Cross-Site Scripting","Severity":"medium","Description":"A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46068.yaml"} {"ID":"CVE-2021-46069","Info":{"Name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46069.yaml"} {"ID":"CVE-2021-46071","Info":{"Name":"ehicle Service Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46071.yaml"} {"ID":"CVE-2021-46072","Info":{"Name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46072.yaml"} {"ID":"CVE-2021-46073","Info":{"Name":"Vehicle Service Management System 1.0 - Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46073.yaml"} {"ID":"CVE-2021-46107","Info":{"Name":"Ligeo Archives Ligeo Basics - Server Side Request Forgery","Severity":"high","Description":"Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46107.yaml"} {"ID":"CVE-2021-46379","Info":{"Name":"D-Link DIR850 ET850-1.08TRb03 - Open Redirect","Severity":"medium","Description":"DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46379.yaml"} {"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"} {"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"} {"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"} {"ID":"CVE-2021-46418","Info":{"Name":"Telesquare TLR-2855KS6 - Arbitrary File Creation","Severity":"high","Description":"An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46418.yaml"} {"ID":"CVE-2021-46419","Info":{"Name":"Telesquare TLR-2855KS6 - Arbitrary File Deletion","Severity":"critical","Description":"An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46419.yaml"} {"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"} {"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"} {"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"} {"ID":"CVE-2022-0087","Info":{"Name":"Keystone 6 Login Page - Open Redirect and Cross-Site Scripting","Severity":"medium","Description":"On the login page, there is a \"from=\" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0087.yaml"} {"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Information Disclosure","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"} {"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"} {"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"} {"ID":"CVE-2022-0149","Info":{"Name":"WooCommerce Stored Exporter WordPress Plugin \u003c 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0149.yaml"} {"ID":"CVE-2022-0150","Info":{"Name":"WordPress Accessibility Helper \u003c0.6.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0150.yaml"} {"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"medium","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0165.yaml"} {"ID":"CVE-2022-0169","Info":{"Name":"Photo Gallery by 10Web \u003c 1.6.0 - SQL Injection","Severity":"critical","Description":"The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0169.yaml"} {"ID":"CVE-2022-0189","Info":{"Name":"WordPress RSS Aggregator \u003c 4.20 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress RSS Aggregator \u003c 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0189.yaml"} {"ID":"CVE-2022-0201","Info":{"Name":"WordPress Permalink Manager \u003c2.2.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0201.yaml"} {"ID":"CVE-2022-0206","Info":{"Name":"WordPress NewStatPress \u003c1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0206.yaml"} {"ID":"CVE-2022-0208","Info":{"Name":"WordPress Plugin MapPress \u003c2.73.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the \"Bad mapid\" error message, leading to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0208.yaml"} {"ID":"CVE-2022-0212","Info":{"Name":"WordPress Spider Calendar \u003c=1.5.65 - Cross-Site Scripting","Severity":"medium","Description":"WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0212.yaml"} {"ID":"CVE-2022-0218","Info":{"Name":"HTML Email Template Designer \u003c 3.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0218.yaml"} {"ID":"CVE-2022-0220","Info":{"Name":"WordPress GDPR \u0026 CCPA \u003c1.9.27 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GDPR \u0026 CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type, and JavaScript code may be executed on a victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0220.yaml"} {"ID":"CVE-2022-0228","Info":{"Name":"Popup Builder \u003c 4.0.7 - SQL Injection","Severity":"high","Description":"The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-0228.yaml"} {"ID":"CVE-2022-0234","Info":{"Name":"WordPress WOOCS \u003c 1.3.7.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0234.yaml"} {"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0271.yaml"} {"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0281.yaml"} {"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0288.yaml"} {"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"} {"ID":"CVE-2022-0346","Info":{"Name":"WordPress XML Sitemap Generator for Google \u003c2.0.4 - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0346.yaml"} {"ID":"CVE-2022-0349","Info":{"Name":"WordPress NotificationX \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0349.yaml"} {"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0378.yaml"} {"ID":"CVE-2022-0381","Info":{"Name":"WordPress Embed Swagger \u003c=1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0381.yaml"} {"ID":"CVE-2022-0412","Info":{"Name":"WordPress TI WooCommerce Wishlist \u003c1.40.1 - SQL Injection","Severity":"critical","Description":"WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0412.yaml"} {"ID":"CVE-2022-0415","Info":{"Name":"Gogs \u003c0.12.6 - Remote Command Execution","Severity":"high","Description":"Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-0415.yaml"} {"ID":"CVE-2022-0422","Info":{"Name":"WordPress White Label CMS \u003c2.2.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0422.yaml"} {"ID":"CVE-2022-0424","Info":{"Name":"Popup by Supsystic \u003c 1.10.9 - Subscriber Email Addresses Disclosure","Severity":"medium","Description":"The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0424.yaml"} {"ID":"CVE-2022-0432","Info":{"Name":"Mastodon Prototype Pollution Vulnerability","Severity":"medium","Description":"The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0432.yaml"} {"ID":"CVE-2022-0434","Info":{"Name":"WordPress Page Views Count \u003c2.4.15 - SQL Injection","Severity":"critical","Description":"WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0434.yaml"} {"ID":"CVE-2022-0437","Info":{"Name":"karma-runner DOM-based Cross-Site Scripting","Severity":"medium","Description":"NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0437.yaml"} {"ID":"CVE-2022-0441","Info":{"Name":"MasterStudy LMS \u003c2.7.6 - Improper Access Control","Severity":"critical","Description":"WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0441.yaml"} {"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"} {"ID":"CVE-2022-0533","Info":{"Name":"Ditty (formerly Ditty News Ticker) \u003c 3.0.15 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0533.yaml"} {"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"} {"ID":"CVE-2022-0540","Info":{"Name":"Atlassian Jira Seraph - Authentication Bypass","Severity":"critical","Description":"Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0540.yaml"} {"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"} {"ID":"CVE-2022-0594","Info":{"Name":"WordPress Shareaholic \u003c9.7.6 - Information Disclosure","Severity":"medium","Description":"WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0594.yaml"} {"ID":"CVE-2022-0595","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.6.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0595.yaml"} {"ID":"CVE-2022-0597","Info":{"Name":"Microweber \u003c 1.2.11 - Open Redirection","Severity":"medium","Description":"Open Redirect in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0597.yaml"} {"ID":"CVE-2022-0599","Info":{"Name":"WordPress Mapping Multiple URLs Redirect Same Page \u003c=5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0599.yaml"} {"ID":"CVE-2022-0651","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0651.yaml"} {"ID":"CVE-2022-0653","Info":{"Name":"Wordpress Profile Builder Plugin Cross-Site Scripting","Severity":"medium","Description":"The Profile Builder User Profile \u0026 User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0653.yaml"} {"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"} {"ID":"CVE-2022-0658","Info":{"Name":"CommonsBooking \u003c 2.6.8 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0658.yaml"} {"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"} {"ID":"CVE-2022-0666","Info":{"Name":"Microweber \u003c 1.2.11 - CRLF Injection","Severity":"high","Description":"CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0666.yaml"} {"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"} {"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"} {"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0692.yaml"} {"ID":"CVE-2022-0693","Info":{"Name":"WordPress Master Elements \u003c=8.0 - SQL Injection","Severity":"critical","Description":"WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0693.yaml"} {"ID":"CVE-2022-0735","Info":{"Name":"GitLab CE/EE - Information Disclosure","Severity":"critical","Description":"GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0735.yaml"} {"ID":"CVE-2022-0747","Info":{"Name":"Infographic Maker iList \u003c 4.3.8 - SQL Injection","Severity":"critical","Description":"The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0747.yaml"} {"ID":"CVE-2022-0760","Info":{"Name":"WordPress Simple Link Directory \u003c7.7.2 - SQL injection","Severity":"critical","Description":"WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0760.yaml"} {"ID":"CVE-2022-0769","Info":{"Name":"Users Ultra \u003c= 3.1.0 - SQL Injection","Severity":"critical","Description":"The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0769.yaml"} {"ID":"CVE-2022-0773","Info":{"Name":"Documentor \u003c= 1.5.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0773.yaml"} {"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"} {"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0781.yaml"} {"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0784.yaml"} {"ID":"CVE-2022-0785","Info":{"Name":"WordPress Daily Prayer Time \u003c2022.03.01 - SQL Injection","Severity":"critical","Description":"WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0785.yaml"} {"ID":"CVE-2022-0786","Info":{"Name":"WordPress KiviCare \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0786.yaml"} {"ID":"CVE-2022-0787","Info":{"Name":"Limit Login Attempts (Spam Protection) \u003c 5.1 - SQL Injection","Severity":"critical","Description":"The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0787.yaml"} {"ID":"CVE-2022-0788","Info":{"Name":"WordPress WP Fundraising Donation and Crowdfunding Platform \u003c1.5.0 - SQL Injection","Severity":"critical","Description":"WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0788.yaml"} {"ID":"CVE-2022-0814","Info":{"Name":"Ubigeo de Peru \u003c 3.6.4 - SQL Injection","Severity":"critical","Description":"The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0814.yaml"} {"ID":"CVE-2022-0817","Info":{"Name":"WordPress BadgeOS \u003c=3.7.0 - SQL Injection","Severity":"critical","Description":"WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0817.yaml"} {"ID":"CVE-2022-0824","Info":{"Name":"Webmin \u003c1.990 - Improper Access Control","Severity":"high","Description":"Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-0824.yaml"} {"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0826.yaml"} {"ID":"CVE-2022-0827","Info":{"Name":"WordPress Best Books \u003c=2.6.3 - SQL Injection","Severity":"critical","Description":"WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0827.yaml"} {"ID":"CVE-2022-0846","Info":{"Name":"SpeakOut Email Petitions \u003c 2.14.15.1 - SQL Injection","Severity":"critical","Description":"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0846.yaml"} {"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"} {"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0867.yaml"} {"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"} {"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"} {"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0885.yaml"} {"ID":"CVE-2022-0899","Info":{"Name":"Header Footer Code Manager \u003c 1.1.24 - Cross-Site Scripting","Severity":"medium","Description":"The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0899.yaml"} {"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0928.yaml"} {"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0948.yaml"} {"ID":"CVE-2022-0949","Info":{"Name":"WordPress Stop Bad Bots \u003c6.930 - SQL Injection","Severity":"critical","Description":"WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0949.yaml"} {"ID":"CVE-2022-0952","Info":{"Name":"WordPress Sitemap by click5 \u003c1.0.36 - Missing Authorization","Severity":"high","Description":"WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-0952.yaml"} {"ID":"CVE-2022-0954","Info":{"Name":"Microweber \u003c1.2.11 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0954.yaml"} {"ID":"CVE-2022-0963","Info":{"Name":"Microweber \u003c1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0963.yaml"} {"ID":"CVE-2022-0968","Info":{"Name":"Microweber \u003c1.2.12 - Integer Overflow","Severity":"medium","Description":"Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first \u0026 last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.\n","Classification":{"CVSSScore":"5.5"}},"file_path":"http/cves/2022/CVE-2022-0968.yaml"} {"ID":"CVE-2022-1007","Info":{"Name":"WordPress Advanced Booking Calendar \u003c1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1007.yaml"} {"ID":"CVE-2022-1013","Info":{"Name":"WordPress Personal Dictionary \u003c1.3.4 - Blind SQL Injection","Severity":"critical","Description":"WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1013.yaml"} {"ID":"CVE-2022-1020","Info":{"Name":"WordPress WooCommerce \u003c3.1.2 - Arbitrary Function Call","Severity":"critical","Description":"WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1020.yaml"} {"ID":"CVE-2022-1040","Info":{"Name":"Sophos Firewall \u003c=18.5 MR3 - Remote Code Execution","Severity":"critical","Description":"Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1040.yaml"} {"ID":"CVE-2022-1054","Info":{"Name":"WordPress RSVP and Event Management \u003c2.7.8 - Missing Authorization","Severity":"medium","Description":"WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events,","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1054.yaml"} {"ID":"CVE-2022-1057","Info":{"Name":"WordPress Pricing Deals for WooCommerce \u003c=2.0.2.02 - SQL Injection","Severity":"critical","Description":"WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1057.yaml"} {"ID":"CVE-2022-1058","Info":{"Name":"Gitea \u003c1.16.5 - Open Redirect","Severity":"medium","Description":"Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1058.yaml"} {"ID":"CVE-2022-1119","Info":{"Name":"WordPress Simple File List \u003c3.2.8 - Local File Inclusion","Severity":"high","Description":"WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1119.yaml"} {"ID":"CVE-2022-1162","Info":{"Name":"GitLab CE/EE - Hard-Coded Credentials","Severity":"critical","Description":"GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1162.yaml"} {"ID":"CVE-2022-1168","Info":{"Name":"WordPress WP JobSearch \u003c1.5.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1168.yaml"} {"ID":"CVE-2022-1170","Info":{"Name":"JobMonster \u003c 4.5.2.9 - Cross-Site Scripting","Severity":"medium","Description":"In the theme JobMonster \u003c 4.5.2.9 there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1170.yaml"} {"ID":"CVE-2022-1221","Info":{"Name":"WordPress Gwyn's Imagemap Selector \u003c=0.3.3 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1221.yaml"} {"ID":"CVE-2022-1329","Info":{"Name":"Elementor Website Builder - Remote Code Execution","Severity":"high","Description":"The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1329.yaml"} {"ID":"CVE-2022-1386","Info":{"Name":"WordPress Fusion Builder \u003c3.6.2 - Server-Side Request Forgery","Severity":"critical","Description":"WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1386.yaml"} {"ID":"CVE-2022-1388","Info":{"Name":"F5 BIG-IP iControl - REST Auth Bypass RCE","Severity":"critical","Description":"F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1388.yaml"} {"ID":"CVE-2022-1390","Info":{"Name":"WordPress Admin Word Count Column 2.2 - Local File Inclusion","Severity":"critical","Description":"The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1390.yaml"} {"ID":"CVE-2022-1391","Info":{"Name":"WordPress Cab fare calculator \u003c 1.0.4 - Local File Inclusion","Severity":"critical","Description":"The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1391.yaml"} {"ID":"CVE-2022-1392","Info":{"Name":"WordPress Videos sync PDF \u003c=1.7.4 - Local File Inclusion","Severity":"high","Description":"WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1392.yaml"} {"ID":"CVE-2022-1398","Info":{"Name":"External Media without Import \u003c=1.1.2 - Authenticated Blind Server-Side Request Forgery","Severity":"medium","Description":"WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-1398.yaml"} {"ID":"CVE-2022-1439","Info":{"Name":"Microweber \u003c1.2.15 - Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1439.yaml"} {"ID":"CVE-2022-1442","Info":{"Name":"WordPress Metform \u003c=2.1.3 - Information Disclosure","Severity":"high","Description":"WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1442.yaml"} {"ID":"CVE-2022-1574","Info":{"Name":"WordPress HTML2WP \u003c=1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1574.yaml"} {"ID":"CVE-2022-1580","Info":{"Name":"Site Offline WP Plugin \u003c 1.5.3 - Authorization Bypass","Severity":"medium","Description":"The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2022/CVE-2022-1580.yaml"} {"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1595.yaml"} {"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1597.yaml"} {"ID":"CVE-2022-1598","Info":{"Name":"WordPress WPQA \u003c5.5 - Improper Access Control","Severity":"medium","Description":"WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1598.yaml"} {"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"} {"ID":"CVE-2022-1713","Info":{"Name":"Drawio \u003c18.0.4 - Server-Side Request Forgery","Severity":"high","Description":"Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1713.yaml"} {"ID":"CVE-2022-1724","Info":{"Name":"WordPress Simple Membership \u003c4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1724.yaml"} {"ID":"CVE-2022-1756","Info":{"Name":"Newsletter \u003c 7.4.5 - Cross-Site Scripting","Severity":"medium","Description":"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1756.yaml"} {"ID":"CVE-2022-1768","Info":{"Name":"WordPress RSVPMaker \u003c=9.3.2 - SQL Injection","Severity":"high","Description":"WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1768.yaml"} {"ID":"CVE-2022-1815","Info":{"Name":"Drawio \u003c18.1.2 - Server-Side Request Forgery","Severity":"high","Description":"Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1815.yaml"} {"ID":"CVE-2022-1883","Info":{"Name":"Terraboard \u003c2.2.0 - SQL Injection","Severity":"high","Description":"Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1883.yaml"} {"ID":"CVE-2022-1903","Info":{"Name":"ARMember \u003c 3.4.8 - Unauthenticated Admin Account Takeover","Severity":"high","Description":"The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2022/CVE-2022-1903.yaml"} {"ID":"CVE-2022-1904","Info":{"Name":"WordPress Easy Pricing Tables \u003c3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1904.yaml"} {"ID":"CVE-2022-1906","Info":{"Name":"WordPress Copyright Proof \u003c=4.16 - Cross-Site-Scripting","Severity":"medium","Description":"WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1906.yaml"} {"ID":"CVE-2022-1910","Info":{"Name":"WordPress Shortcodes and Extra Features for Phlox \u003c2.9.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1910.yaml"} {"ID":"CVE-2022-1916","Info":{"Name":"WordPress Active Products Tables for WooCommerce \u003c1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Active Products Tables for WooCommerce plugin prior to 1.0.5 contains a cross-site scripting vulnerability.. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1916.yaml"} {"ID":"CVE-2022-1933","Info":{"Name":"WordPress CDI \u003c5.1.9 - Cross Site Scripting","Severity":"medium","Description":"WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1933.yaml"} {"ID":"CVE-2022-1937","Info":{"Name":"WordPress Awin Data Feed \u003c=1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1937.yaml"} {"ID":"CVE-2022-1946","Info":{"Name":"WordPress Gallery \u003c2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1946.yaml"} {"ID":"CVE-2022-1952","Info":{"Name":"WordPress eaSYNC Booking \u003c1.1.16 - Arbitrary File Upload","Severity":"critical","Description":"WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1952.yaml"} {"ID":"CVE-2022-2034","Info":{"Name":"WordPress Sensei LMS \u003c4.5.0 - Information Disclosure","Severity":"medium","Description":"WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2034.yaml"} {"ID":"CVE-2022-21371","Info":{"Name":"Oracle WebLogic Server Local File Inclusion","Severity":"high","Description":"An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-21371.yaml"} {"ID":"CVE-2022-21500","Info":{"Name":"Oracle E-Business Suite \u003c=12.2 - Authentication Bypass","Severity":"high","Description":"Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-21500.yaml"} {"ID":"CVE-2022-21587","Info":{"Name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","Severity":"critical","Description":"Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-21587.yaml"} {"ID":"CVE-2022-21661","Info":{"Name":"WordPress \u003c5.8.3 - SQL Injection","Severity":"high","Description":"WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-21661.yaml"} {"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-21705.yaml"} {"ID":"CVE-2022-2174","Info":{"Name":"microweber 1.2.18 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2174.yaml"} {"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"high","Description":"GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-2185.yaml"} {"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2187.yaml"} {"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"high","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"} {"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"} {"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"} {"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"} {"ID":"CVE-2022-22897","Info":{"Name":"PrestaShop AP Pagebuilder \u003c= 2.4.4 - SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22897.yaml"} {"ID":"CVE-2022-2290","Info":{"Name":"Trilium \u003c0.52.4 - Cross-Site Scripting","Severity":"medium","Description":"Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2290.yaml"} {"ID":"CVE-2022-22947","Info":{"Name":"Spring Cloud Gateway Code Injection","Severity":"critical","Description":"Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22947.yaml"} {"ID":"CVE-2022-22954","Info":{"Name":"VMware Workspace ONE Access - Server-Side Template Injection","Severity":"critical","Description":"VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22954.yaml"} {"ID":"CVE-2022-22963","Info":{"Name":"Spring Cloud - Remote Code Execution","Severity":"critical","Description":"Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22963.yaml"} {"ID":"CVE-2022-22965","Info":{"Name":"Spring - Remote Code Execution","Severity":"critical","Description":"Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22965.yaml"} {"ID":"CVE-2022-22972","Info":{"Name":"VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22972.yaml"} {"ID":"CVE-2022-23102","Info":{"Name":"SINEMA Remote Connect Server \u003c V2.0 - Open Redirect","Severity":"medium","Description":"A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23102.yaml"} {"ID":"CVE-2022-23131","Info":{"Name":"Zabbix - SAML SSO Authentication Bypass","Severity":"critical","Description":"When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23131.yaml"} {"ID":"CVE-2022-23134","Info":{"Name":"Zabbix Setup Configuration Authentication Bypass","Severity":"medium","Description":"After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23134.yaml"} {"ID":"CVE-2022-2314","Info":{"Name":"WordPress VR Calendar \u003c=2.3.2 - Remote Code Execution","Severity":"critical","Description":"WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2314.yaml"} {"ID":"CVE-2022-23178","Info":{"Name":"Crestron Device - Credentials Disclosure","Severity":"critical","Description":"An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23178.yaml"} {"ID":"CVE-2022-23347","Info":{"Name":"BigAnt Server v5.6.06 - Local File Inclusion","Severity":"high","Description":"BigAnt Server v5.6.06 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-23347.yaml"} {"ID":"CVE-2022-23348","Info":{"Name":"BigAnt Server 5.6.06 - Improper Access Control","Severity":"medium","Description":"BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23348.yaml"} {"ID":"CVE-2022-23544","Info":{"Name":"MeterSphere \u003c 2.5.0 SSRF","Severity":"medium","Description":"MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23544.yaml"} {"ID":"CVE-2022-2373","Info":{"Name":"WordPress Simply Schedule Appointments \u003c1.5.7.7 - Information Disclosure","Severity":"medium","Description":"WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2373.yaml"} {"ID":"CVE-2022-2376","Info":{"Name":"WordPress Directorist \u003c7.3.1 - Information Disclosure","Severity":"medium","Description":"WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2376.yaml"} {"ID":"CVE-2022-23779","Info":{"Name":"Zoho ManageEngine - Internal Hostname Disclosure","Severity":"medium","Description":"Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23779.yaml"} {"ID":"CVE-2022-2379","Info":{"Name":"WordPress Easy Student Results \u003c=2.2.8 - Improper Authorization","Severity":"high","Description":"WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as email address, physical address, and phone number.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2379.yaml"} {"ID":"CVE-2022-23808","Info":{"Name":"phpMyAdmin \u003c 5.1.2 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23808.yaml"} {"ID":"CVE-2022-2383","Info":{"Name":"WordPress Feed Them Social \u003c3.0.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2383.yaml"} {"ID":"CVE-2022-23854","Info":{"Name":"AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion","Severity":"high","Description":"AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-23854.yaml"} {"ID":"CVE-2022-23881","Info":{"Name":"ZZZCMS zzzphp 2.1.0 - Remote Code Execution","Severity":"critical","Description":"ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zzz_template.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23881.yaml"} {"ID":"CVE-2022-23898","Info":{"Name":"MCMS 5.2.5 - SQL Injection","Severity":"critical","Description":"MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23898.yaml"} {"ID":"CVE-2022-23944","Info":{"Name":"Apache ShenYu Admin Unauth Access","Severity":"critical","Description":"Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-23944.yaml"} {"ID":"CVE-2022-24112","Info":{"Name":"Apache APISIX - Remote Code Execution","Severity":"critical","Description":"A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24112.yaml"} {"ID":"CVE-2022-24124","Info":{"Name":"Casdoor 1.13.0 - Unauthenticated SQL Injection","Severity":"high","Description":"Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24124.yaml"} {"ID":"CVE-2022-24129","Info":{"Name":"Shibboleth OIDC OP \u003c3.0.4 - Server-Side Request Forgery","Severity":"high","Description":"The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-24129.yaml"} {"ID":"CVE-2022-2414","Info":{"Name":"FreeIPA - XML Entity Injection","Severity":"high","Description":"Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2414.yaml"} {"ID":"CVE-2022-24181","Info":{"Name":"PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting","Severity":"medium","Description":"PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24181.yaml"} {"ID":"CVE-2022-24223","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24223.yaml"} {"ID":"CVE-2022-24260","Info":{"Name":"VoipMonitor - Pre-Auth SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24260.yaml"} {"ID":"CVE-2022-24264","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24264.yaml"} {"ID":"CVE-2022-24265","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/\u0026menu_filter=3 parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24265.yaml"} {"ID":"CVE-2022-24266","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24266.yaml"} {"ID":"CVE-2022-24288","Info":{"Name":"Apache Airflow OS Command Injection","Severity":"high","Description":"Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-24288.yaml"} {"ID":"CVE-2022-24384","Info":{"Name":"SmarterTools SmarterTrack - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24384.yaml"} {"ID":"CVE-2022-2462","Info":{"Name":"WordPress Transposh \u003c=1.0.8.1 - Information Disclosure","Severity":"medium","Description":"WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2462.yaml"} {"ID":"CVE-2022-24627","Info":{"Name":"AudioCodes Device Manager Express - SQL Injection","Severity":"critical","Description":"An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24627.yaml"} {"ID":"CVE-2022-24637","Info":{"Name":"Open Web Analytics 1.7.3 - Remote Code Execution","Severity":"critical","Description":"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '\u003c?php (instead of the intended \"\u003c?php sequence) aren't handled by the PHP interpreter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24637.yaml"} {"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2467.yaml"} {"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24681.yaml"} {"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"} {"ID":"CVE-2022-24816","Info":{"Name":"GeoServer \u003c1.2.2 - Remote Code Execution","Severity":"critical","Description":"Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24816.yaml"} {"ID":"CVE-2022-24856","Info":{"Name":"Flyte Console \u003c0.52.0 - Server-Side Request Forgery","Severity":"high","Description":"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24856.yaml"} {"ID":"CVE-2022-2486","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2486.yaml"} {"ID":"CVE-2022-2487","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2487.yaml"} {"ID":"CVE-2022-2488","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2488.yaml"} {"ID":"CVE-2022-24899","Info":{"Name":"Contao \u003c4.13.3 - Cross-Site Scripting","Severity":"medium","Description":"Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24899.yaml"} {"ID":"CVE-2022-24900","Info":{"Name":"Piano LED Visualizer 1.3 - Local File Inclusion","Severity":"high","Description":"Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-24900.yaml"} {"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"high","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24990.yaml"} {"ID":"CVE-2022-25082","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25082.yaml"} {"ID":"CVE-2022-25125","Info":{"Name":"MCMS 5.2.4 - SQL Injection","Severity":"critical","Description":"MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25125.yaml"} {"ID":"CVE-2022-25148","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"critical","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25148.yaml"} {"ID":"CVE-2022-25149","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25149.yaml"} {"ID":"CVE-2022-25216","Info":{"Name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","Severity":"high","Description":"DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25216.yaml"} {"ID":"CVE-2022-25323","Info":{"Name":"ZEROF Web Server 2.0 - Cross-Site Scripting","Severity":"medium","Description":"ZEROF Web Server 2.0 allows /admin.back cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-25323.yaml"} {"ID":"CVE-2022-2535","Info":{"Name":"SearchWP Live Ajax Search \u003c 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure","Severity":"medium","Description":"The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2535.yaml"} {"ID":"CVE-2022-25356","Info":{"Name":"Alt-n/MDaemon Security Gateway \u003c=8.5.0 - XML Injection","Severity":"medium","Description":"Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25356.yaml"} {"ID":"CVE-2022-25369","Info":{"Name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","Severity":"critical","Description":"Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25369.yaml"} {"ID":"CVE-2022-2544","Info":{"Name":"WordPress Ninja Job Board \u003c 1.3.3 - Direct Request","Severity":"high","Description":"WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2544.yaml"} {"ID":"CVE-2022-2546","Info":{"Name":"WordPress All-in-One WP Migration \u003c=7.62 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2022/CVE-2022-2546.yaml"} {"ID":"CVE-2022-25481","Info":{"Name":"ThinkPHP 5.0.24 - Information Disclosure","Severity":"high","Description":"ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25481.yaml"} {"ID":"CVE-2022-25485","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"high","Description":"CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.\n","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2022/CVE-2022-25485.yaml"} {"ID":"CVE-2022-25486","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"high","Description":"CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.\n","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2022/CVE-2022-25486.yaml"} {"ID":"CVE-2022-25487","Info":{"Name":"Atom CMS v2.0 - Remote Code Execution","Severity":"critical","Description":"Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25487.yaml"} {"ID":"CVE-2022-25488","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25488.yaml"} {"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"} {"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"} {"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"} {"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"} {"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"} {"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"} {"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"} {"ID":"CVE-2022-26148","Info":{"Name":"Grafana \u0026 Zabbix Integration - Credentials Disclosure","Severity":"critical","Description":"Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26148.yaml"} {"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-26159.yaml"} {"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-26233.yaml"} {"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"} {"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"} {"ID":"CVE-2022-2633","Info":{"Name":"All-In-One Video Gallery \u003c=2.6.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-2633.yaml"} {"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26352.yaml"} {"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26564.yaml"} {"ID":"CVE-2022-26833","Info":{"Name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","Severity":"critical","Description":"An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.\n","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2022/CVE-2022-26833.yaml"} {"ID":"CVE-2022-26960","Info":{"Name":"elFinder \u003c=2.1.60 - Local File Inclusion","Severity":"critical","Description":"elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-26960.yaml"} {"ID":"CVE-2022-27043","Info":{"Name":"Yearning - Directory Traversal","Severity":"high","Description":"Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-27043.yaml"} {"ID":"CVE-2022-2733","Info":{"Name":"Openemr \u003c 7.0.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2733.yaml"} {"ID":"CVE-2022-2756","Info":{"Name":"Kavita \u003c0.5.4.1 - Server-Side Request Forgery","Severity":"medium","Description":"Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-2756.yaml"} {"ID":"CVE-2022-27593","Info":{"Name":"QNAP QTS Photo Station External Reference - Local File Inclusion","Severity":"critical","Description":"QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-27593.yaml"} {"ID":"CVE-2022-27849","Info":{"Name":"WordPress Simple Ajax Chat \u003c20220116 - Sensitive Information Disclosure vulnerability","Severity":"high","Description":"WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-27849.yaml"} {"ID":"CVE-2022-27926","Info":{"Name":"Zimbra Collaboration (ZCS) - Cross Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-27926.yaml"} {"ID":"CVE-2022-27927","Info":{"Name":"Microfinance Management System 1.0 - SQL Injection","Severity":"critical","Description":"Microfinance Management System 1.0 is susceptible to SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27927.yaml"} {"ID":"CVE-2022-27984","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"critical","Description":"CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27984.yaml"} {"ID":"CVE-2022-27985","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"critical","Description":"CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27985.yaml"} {"ID":"CVE-2022-28032","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-28032.yaml"} {"ID":"CVE-2022-28079","Info":{"Name":"College Management System 1.0 - SQL Injection","Severity":"high","Description":"College Management System 1.0 contains a SQL injection vulnerability via the course code parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-28079.yaml"} {"ID":"CVE-2022-28080","Info":{"Name":"Royal Event - SQL Injection","Severity":"high","Description":"Royal Event is vulnerable to a SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-28080.yaml"} {"ID":"CVE-2022-28117","Info":{"Name":"Navigate CMS 2.9.4 - Server-Side Request Forgery","Severity":"medium","Description":"Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data modification, and/or unauthorized operation execution.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2022/CVE-2022-28117.yaml"} {"ID":"CVE-2022-28219","Info":{"Name":"Zoho ManageEngine ADAudit Plus \u003c7600 - XML Entity Injection/Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an\nunauthenticated XML entity injection attack that can lead to remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-28219.yaml"} {"ID":"CVE-2022-28290","Info":{"Name":"WordPress Country Selector \u003c1.6.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-28290.yaml"} {"ID":"CVE-2022-28363","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-28363.yaml"} {"ID":"CVE-2022-28365","Info":{"Name":"Reprise License Manager 14.2 - Information Disclosure","Severity":"medium","Description":"Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-28365.yaml"} {"ID":"CVE-2022-2863","Info":{"Name":"WordPress WPvivid Backup \u003c0.9.76 - Local File Inclusion","Severity":"medium","Description":"WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2022/CVE-2022-2863.yaml"} {"ID":"CVE-2022-28923","Info":{"Name":"Caddy 2.4.6 - Open Redirect","Severity":"medium","Description":"Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-28923.yaml"} {"ID":"CVE-2022-28955","Info":{"Name":"D-Link DIR-816L - Improper Access Control","Severity":"high","Description":"D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-28955.yaml"} {"ID":"CVE-2022-29004","Info":{"Name":"Diary Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29004.yaml"} {"ID":"CVE-2022-29005","Info":{"Name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","Severity":"medium","Description":"Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29005.yaml"} {"ID":"CVE-2022-29006","Info":{"Name":"Directory Management System 1.0 - SQL Injection","Severity":"critical","Description":"Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29006.yaml"} {"ID":"CVE-2022-29007","Info":{"Name":"Dairy Farm Shop Management System 1.0 - SQL Injection","Severity":"critical","Description":"Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29007.yaml"} {"ID":"CVE-2022-29009","Info":{"Name":"Cyber Cafe Management System 1.0 - SQL Injection","Severity":"critical","Description":"Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29009.yaml"} {"ID":"CVE-2022-29013","Info":{"Name":"Razer Sila Gaming Router - Remote Code Execution","Severity":"critical","Description":"A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29013.yaml"} {"ID":"CVE-2022-29014","Info":{"Name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","Severity":"high","Description":"Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29014.yaml"} {"ID":"CVE-2022-29078","Info":{"Name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","Severity":"critical","Description":"Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29078.yaml"} {"ID":"CVE-2022-29153","Info":{"Name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","Severity":"high","Description":"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29153.yaml"} {"ID":"CVE-2022-29272","Info":{"Name":"Nagios XI \u003c5.8.5 - Open Redirect","Severity":"medium","Description":"Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29272.yaml"} {"ID":"CVE-2022-29298","Info":{"Name":"SolarView Compact 6.00 - Local File Inclusion","Severity":"high","Description":"SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29298.yaml"} {"ID":"CVE-2022-29299","Info":{"Name":"SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-29299.yaml"} {"ID":"CVE-2022-29301","Info":{"Name":"SolarView Compact 6.00 - 'pow' Cross-Site Scripting","Severity":"high","Description":"SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-29301.yaml"} {"ID":"CVE-2022-29303","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability via conf_mail.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29303.yaml"} {"ID":"CVE-2022-29349","Info":{"Name":"kkFileView 4.0.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29349.yaml"} {"ID":"CVE-2022-29383","Info":{"Name":"NETGEAR ProSafe SSL VPN firmware - SQL Injection","Severity":"critical","Description":"NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29383.yaml"} {"ID":"CVE-2022-29455","Info":{"Name":"WordPress Elementor Website Builder \u003c= 3.5.5 - DOM Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29455.yaml"} {"ID":"CVE-2022-29464","Info":{"Name":"WSO2 Management - Arbitrary File Upload \u0026 Remote Code Execution","Severity":"critical","Description":"Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29464.yaml"} {"ID":"CVE-2022-29548","Info":{"Name":"WSO2 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29548.yaml"} {"ID":"CVE-2022-29775","Info":{"Name":"iSpy 7.2.2.0 - Authentication Bypass","Severity":"critical","Description":"iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29775.yaml"} {"ID":"CVE-2022-30073","Info":{"Name":"WBCE CMS 1.5.2 - Cross-Site Scripting","Severity":"medium","Description":"WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \\admin\\user\\save.php Display Name parameters.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-30073.yaml"} {"ID":"CVE-2022-30489","Info":{"Name":"Wavlink WN-535G3 - Cross-Site Scripting","Severity":"medium","Description":"Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30489.yaml"} {"ID":"CVE-2022-30512","Info":{"Name":"School Dormitory Management System 1.0 - SQL Injection","Severity":"critical","Description":"School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/payment_history.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-30512.yaml"} {"ID":"CVE-2022-30513","Info":{"Name":"School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30513.yaml"} {"ID":"CVE-2022-30514","Info":{"Name":"School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30514.yaml"} {"ID":"CVE-2022-30525","Info":{"Name":"Zyxel Firewall - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, are susceptible to a command injection vulnerability which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-30525.yaml"} {"ID":"CVE-2022-3062","Info":{"Name":"Simple File List \u003c 4.4.12 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3062.yaml"} {"ID":"CVE-2022-30776","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30776.yaml"} {"ID":"CVE-2022-30777","Info":{"Name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30777.yaml"} {"ID":"CVE-2022-31126","Info":{"Name":"Roxy-WI \u003c6.1.1.0 - Remote Code Execution","Severity":"critical","Description":"Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31126.yaml"} {"ID":"CVE-2022-31268","Info":{"Name":"Gitblit 1.9.3 - Local File Inclusion","Severity":"high","Description":"Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31268.yaml"} {"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"} {"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"} {"ID":"CVE-2022-31373","Info":{"Name":"SolarView Compact 6.00 - Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31373.yaml"} {"ID":"CVE-2022-3142","Info":{"Name":"NEX-Forms Plugin \u003c 7.9.7 - SQL Injection","Severity":"high","Description":"The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3142.yaml"} {"ID":"CVE-2022-31474","Info":{"Name":"BackupBuddy - Local File Inclusion","Severity":"high","Description":"BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31474.yaml"} {"ID":"CVE-2022-31499","Info":{"Name":"Nortek Linear eMerge E3-Series \u003c0.32-08f - Remote Command Injection","Severity":"critical","Description":"Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31499.yaml"} {"ID":"CVE-2022-31656","Info":{"Name":"VMware - Local File Inclusion","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31656.yaml"} {"ID":"CVE-2022-31798","Info":{"Name":"Nortek Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31798.yaml"} {"ID":"CVE-2022-31814","Info":{"Name":"pfSense pfBlockerNG \u003c=2.1..4_26 - OS Command Injection","Severity":"critical","Description":"pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31814.yaml"} {"ID":"CVE-2022-31845","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31845.yaml"} {"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31846.yaml"} {"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31847.yaml"} {"ID":"CVE-2022-31854","Info":{"Name":"Codoforum 5.1 - Arbitrary File Upload","Severity":"high","Description":"Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31854.yaml"} {"ID":"CVE-2022-31974","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports\u0026date=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31974.yaml"} {"ID":"CVE-2022-31975","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31975.yaml"} {"ID":"CVE-2022-31976","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31976.yaml"} {"ID":"CVE-2022-31977","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31977.yaml"} {"ID":"CVE-2022-31978","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31978.yaml"} {"ID":"CVE-2022-31984","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31984.yaml"} {"ID":"CVE-2022-32007","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit\u0026id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32007.yaml"} {"ID":"CVE-2022-32015","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32015.yaml"} {"ID":"CVE-2022-32018","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32018.yaml"} {"ID":"CVE-2022-32022","Info":{"Name":"Car Rental Management System 1.0 - SQL Injection","Severity":"high","Description":"Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32022.yaml"} {"ID":"CVE-2022-32024","Info":{"Name":"Car Rental Management System 1.0 - SQL Injection","Severity":"high","Description":"Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32024.yaml"} {"ID":"CVE-2022-32025","Info":{"Name":"Car Rental Management System 1.0 - SQL Injection","Severity":"high","Description":"Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32025.yaml"} {"ID":"CVE-2022-32026","Info":{"Name":"Car Rental Management System 1.0 - SQL Injection","Severity":"high","Description":"Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32026.yaml"} {"ID":"CVE-2022-32028","Info":{"Name":"Car Rental Management System 1.0 - SQL Injection","Severity":"high","Description":"Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32028.yaml"} {"ID":"CVE-2022-32094","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32094.yaml"} {"ID":"CVE-2022-32195","Info":{"Name":"Open edX \u003c2022-06-06 - Cross-Site Scripting","Severity":"medium","Description":"Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32195.yaml"} {"ID":"CVE-2022-32409","Info":{"Name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","Severity":"critical","Description":"Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32409.yaml"} {"ID":"CVE-2022-3242","Info":{"Name":"Microweber \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3242.yaml"} {"ID":"CVE-2022-32429","Info":{"Name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","Severity":"critical","Description":"MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32429.yaml"} {"ID":"CVE-2022-32430","Info":{"Name":"Lin CMS Spring Boot - Default JWT Token","Severity":"high","Description":"An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-32430.yaml"} {"ID":"CVE-2022-32444","Info":{"Name":"u5cms v8.3.5 - Open Redirect","Severity":"medium","Description":"u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32444.yaml"} {"ID":"CVE-2022-32770","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32770.yaml"} {"ID":"CVE-2022-32771","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32771.yaml"} {"ID":"CVE-2022-32772","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32772.yaml"} {"ID":"CVE-2022-33119","Info":{"Name":"NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting","Severity":"medium","Description":"NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-33119.yaml"} {"ID":"CVE-2022-33174","Info":{"Name":"Powertek Firmware \u003c3.30.30 - Authorization Bypass","Severity":"high","Description":"Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-33174.yaml"} {"ID":"CVE-2022-33891","Info":{"Name":"Apache Spark UI - Remote Command Injection","Severity":"high","Description":"Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-33891.yaml"} {"ID":"CVE-2022-33901","Info":{"Name":"WordPress MultiSafepay for WooCommerce \u003c=4.13.1 - Arbitrary File Read","Severity":"high","Description":"WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-33901.yaml"} {"ID":"CVE-2022-33965","Info":{"Name":"WordPress Visitor Statistics \u003c=5.7 - SQL Injection","Severity":"critical","Description":"WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-33965.yaml"} {"ID":"CVE-2022-34045","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"critical","Description":"WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-34045.yaml"} {"ID":"CVE-2022-34046","Info":{"Name":"WAVLINK WN533A8 - Improper Access Control","Severity":"high","Description":"WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34046.yaml"} {"ID":"CVE-2022-34047","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"high","Description":"WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34047.yaml"} {"ID":"CVE-2022-34048","Info":{"Name":"Wavlink WN-533A8 - Cross-Site Scripting","Severity":"medium","Description":"Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34048.yaml"} {"ID":"CVE-2022-34049","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"medium","Description":"Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-34049.yaml"} {"ID":"CVE-2022-34093","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34093.yaml"} {"ID":"CVE-2022-34094","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34094.yaml"} {"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34121.yaml"} {"ID":"CVE-2022-34267","Info":{"Name":"RWS WorldServer - Authentication Bypass","Severity":"critical","Description":"An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-34267.yaml"} {"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34328.yaml"} {"ID":"CVE-2022-34534","Info":{"Name":"Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure","Severity":"high","Description":"Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34534.yaml"} {"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Improper Access Control","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34576.yaml"} {"ID":"CVE-2022-34590","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-34590.yaml"} {"ID":"CVE-2022-34753","Info":{"Name":"SpaceLogic C-Bus Home Controller \u003c=1.31.460 - Remote Command Execution","Severity":"high","Description":"SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-34753.yaml"} {"ID":"CVE-2022-3484","Info":{"Name":"WordPress WPB Show Core - Cross-Site Scripting","Severity":"medium","Description":"WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3484.yaml"} {"ID":"CVE-2022-3506","Info":{"Name":"WordPress Related Posts \u003c2.1.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3506.yaml"} {"ID":"CVE-2022-35151","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35151.yaml"} {"ID":"CVE-2022-35405","Info":{"Name":"Zoho ManageEngine - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35405.yaml"} {"ID":"CVE-2022-35413","Info":{"Name":"WAPPLES Web Application Firewall \u003c=6.0 - Hardcoded Credentials","Severity":"critical","Description":"WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35413.yaml"} {"ID":"CVE-2022-35416","Info":{"Name":"H3C SSL VPN \u003c=2022-07-10 - Cross-Site Scripting","Severity":"medium","Description":"H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35416.yaml"} {"ID":"CVE-2022-35493","Info":{"Name":"eShop 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35493.yaml"} {"ID":"CVE-2022-35653","Info":{"Name":"Moodle LTI module Reflected - Cross-Site Scripting","Severity":"medium","Description":"A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-35653.yaml"} {"ID":"CVE-2022-3578","Info":{"Name":"WordPress ProfileGrid \u003c5.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3578.yaml"} {"ID":"CVE-2022-35914","Info":{"Name":"GLPI \u003c=10.0.2 - Remote Command Execution","Severity":"critical","Description":"GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35914.yaml"} {"ID":"CVE-2022-36446","Info":{"Name":"Webmin \u003c1.997 - Authenticated Remote Code Execution","Severity":"critical","Description":"Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36446.yaml"} {"ID":"CVE-2022-36537","Info":{"Name":"ZK Framework - Information Disclosure","Severity":"high","Description":"ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36537.yaml"} {"ID":"CVE-2022-36553","Info":{"Name":"Hytec Inter HWL-2511-SS - Remote Command Execution","Severity":"critical","Description":"Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36553.yaml"} {"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","Severity":"critical","Description":"Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36642.yaml"} {"ID":"CVE-2022-36804","Info":{"Name":"Atlassian Bitbucket - Remote Command Injection","Severity":"high","Description":"Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-36804.yaml"} {"ID":"CVE-2022-36883","Info":{"Name":"Jenkins Git \u003c=4.11.3 - Missing Authorization","Severity":"high","Description":"Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36883.yaml"} {"ID":"CVE-2022-37042","Info":{"Name":"Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution","Severity":"critical","Description":"Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-37042.yaml"} {"ID":"CVE-2022-37153","Info":{"Name":"Artica Proxy 4.30.000000 - Cross-Site Scripting","Severity":"medium","Description":"Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-37153.yaml"} {"ID":"CVE-2022-37190","Info":{"Name":"Cuppa CMS v1.0 - Remote Code Execution","Severity":"high","Description":"CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from \"/api/index.php.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-37190.yaml"} {"ID":"CVE-2022-37191","Info":{"Name":"Cuppa CMS v1.0 - Authenticated Local File Inclusion","Severity":"medium","Description":"The component \"cuppa/api/index.php\" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-37191.yaml"} {"ID":"CVE-2022-37299","Info":{"Name":"Shirne CMS 1.2.0 - Local File Inclusion","Severity":"medium","Description":"Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-37299.yaml"} {"ID":"CVE-2022-3768","Info":{"Name":"WordPress WPSmartContracts \u003c1.3.12 - SQL Injection","Severity":"high","Description":"WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3768.yaml"} {"ID":"CVE-2022-3800","Info":{"Name":"IBAX - SQL Injection","Severity":"high","Description":"IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3800.yaml"} {"ID":"CVE-2022-38131","Info":{"Name":"RStudio Connect - Open Redirect","Severity":"medium","Description":"RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38131.yaml"} {"ID":"CVE-2022-38295","Info":{"Name":"Cuppa CMS v1.0 - Cross Site Scripting","Severity":"medium","Description":"Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38295.yaml"} {"ID":"CVE-2022-38296","Info":{"Name":"Cuppa CMS v1.0 - Arbitrary File Upload","Severity":"critical","Description":"Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38296.yaml"} {"ID":"CVE-2022-38322","Info":{"Name":"Temenos Transact - Cross-Site Scripting","Severity":"high","Description":"Multiple vulnerabilities in Temenos Transact (formerly T24) that allows multiple reflected cross-site scripting (XSS) attacks.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-38322.yaml"} {"ID":"CVE-2022-38463","Info":{"Name":"ServiceNow - Cross-Site Scripting","Severity":"medium","Description":"ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38463.yaml"} {"ID":"CVE-2022-38467","Info":{"Name":"CRM Perks Forms \u003c 1.1.1 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38467.yaml"} {"ID":"CVE-2022-38553","Info":{"Name":"Academy Learning Management System \u003c5.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38553.yaml"} {"ID":"CVE-2022-38637","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38637.yaml"} {"ID":"CVE-2022-3869","Info":{"Name":"Froxlor \u003c 0.10.38.2. - HTML Injection","Severity":"medium","Description":"HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3869.yaml"} {"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38794.yaml"} {"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38817.yaml"} {"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38870.yaml"} {"ID":"CVE-2022-39048","Info":{"Name":"ServiceNow - Cross-site Scripting","Severity":"medium","Description":"A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39048.yaml"} {"ID":"CVE-2022-3908","Info":{"Name":"WordPress Helloprint \u003c1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3908.yaml"} {"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39195.yaml"} {"ID":"CVE-2022-3933","Info":{"Name":"WordPress Essential Real Estate \u003c3.9.6 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3933.yaml"} {"ID":"CVE-2022-3934","Info":{"Name":"WordPress FlatPM \u003c3.0.13 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3934.yaml"} {"ID":"CVE-2022-3980","Info":{"Name":"Sophos Mobile managed on-premises - XML External Entity Injection","Severity":"critical","Description":"An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3980.yaml"} {"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"} {"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"} {"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"} {"ID":"CVE-2022-39986","Info":{"Name":"RaspAP 2.8.7 - Unauthenticated Command Injection","Severity":"critical","Description":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39986.yaml"} {"ID":"CVE-2022-40022","Info":{"Name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","Severity":"critical","Description":"Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40022.yaml"} {"ID":"CVE-2022-40032","Info":{"Name":"Simple Task Managing System v1.0 - SQL Injection","Severity":"critical","Description":"SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40032.yaml"} {"ID":"CVE-2022-40047","Info":{"Name":"Flatpress \u003c v1.2.1 - Cross Site Scripting","Severity":"medium","Description":"Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-40047.yaml"} {"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"} {"ID":"CVE-2022-40127","Info":{"Name":"AirFlow \u003c 2.4.0 - Remote Code Execution","Severity":"high","Description":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-40127.yaml"} {"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"} {"ID":"CVE-2022-4049","Info":{"Name":"WP User \u003c= 7.0 - Unauthenticated SQLi","Severity":"critical","Description":"The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4049.yaml"} {"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"} {"ID":"CVE-2022-4057","Info":{"Name":"Autoptimize \u003c 3.1.0 - Information Disclosure","Severity":"medium","Description":"The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-4057.yaml"} {"ID":"CVE-2022-4059","Info":{"Name":"Cryptocurrency Widgets Pack \u003c 2.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4059.yaml"} {"ID":"CVE-2022-4060","Info":{"Name":"WordPress User Post Gallery \u003c=2.19 - Remote Code Execution","Severity":"critical","Description":"WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4060.yaml"} {"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4063.yaml"} {"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40684.yaml"} {"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-40734.yaml"} {"ID":"CVE-2022-40843","Info":{"Name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","Severity":"medium","Description":"The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2022/CVE-2022-40843.yaml"} {"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40879.yaml"} {"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"} {"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"} {"ID":"CVE-2022-4140","Info":{"Name":"WordPress Welcart e-Commerce \u003c2.8.5 - Arbitrary File Access","Severity":"high","Description":"WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-4140.yaml"} {"ID":"CVE-2022-41412","Info":{"Name":"perfSONAR 4.x \u003c= 4.4.4 - Server-Side Request Forgery","Severity":"high","Description":"An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-41412.yaml"} {"ID":"CVE-2022-41441","Info":{"Name":"ReQlogic v11.3 - Cross Site Scripting","Severity":"medium","Description":"ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41441.yaml"} {"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"} {"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"} {"ID":"CVE-2022-42094","Info":{"Name":"Backdrop CMS version 1.23.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42094.yaml"} {"ID":"CVE-2022-42095","Info":{"Name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42095.yaml"} {"ID":"CVE-2022-42096","Info":{"Name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42096.yaml"} {"ID":"CVE-2022-42233","Info":{"Name":"Tenda 11N - Authentication Bypass","Severity":"critical","Description":"Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-42233.yaml"} {"ID":"CVE-2022-4260","Info":{"Name":"WordPress WP-Ban \u003c1.69.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-4260.yaml"} {"ID":"CVE-2022-42746","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42746.yaml"} {"ID":"CVE-2022-42747","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42747.yaml"} {"ID":"CVE-2022-42748","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42748.yaml"} {"ID":"CVE-2022-42749","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42749.yaml"} {"ID":"CVE-2022-4295","Info":{"Name":"Show all comments \u003c 7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4295.yaml"} {"ID":"CVE-2022-4301","Info":{"Name":"WordPress Sunshine Photo Cart \u003c2.9.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4301.yaml"} {"ID":"CVE-2022-43014","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43014.yaml"} {"ID":"CVE-2022-43015","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43015.yaml"} {"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43016.yaml"} {"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43017.yaml"} {"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43018.yaml"} {"ID":"CVE-2022-4305","Info":{"Name":"Login as User or Customer \u003c 3.3 - Privilege Escalation","Severity":"critical","Description":"The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4305.yaml"} {"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-4306.yaml"} {"ID":"CVE-2022-43140","Info":{"Name":"kkFileView 4.1.0 - Server-Side Request Forgery","Severity":"high","Description":"kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-43140.yaml"} {"ID":"CVE-2022-43164","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43164.yaml"} {"ID":"CVE-2022-43165","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking \"Create\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43165.yaml"} {"ID":"CVE-2022-43166","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add New Entity\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43166.yaml"} {"ID":"CVE-2022-43167","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43167.yaml"} {"ID":"CVE-2022-43169","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add New Group\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43169.yaml"} {"ID":"CVE-2022-43170","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking \"Add info block\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43170.yaml"} {"ID":"CVE-2022-43185","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43185.yaml"} {"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar \u003c1.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4320.yaml"} {"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"} {"ID":"CVE-2022-4325","Info":{"Name":"WordPress Post Status Notifier Lite \u003c1.10.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4325.yaml"} {"ID":"CVE-2022-4328","Info":{"Name":"WooCommerce Checkout Field Manager \u003c 18.0 - Arbitrary File Upload","Severity":"critical","Description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4328.yaml"} {"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"} {"ID":"CVE-2022-44290","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44290.yaml"} {"ID":"CVE-2022-44291","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44291.yaml"} {"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4447.yaml"} {"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44877.yaml"} {"ID":"CVE-2022-44944","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44944.yaml"} {"ID":"CVE-2022-44946","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44946.yaml"} {"ID":"CVE-2022-44947","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44947.yaml"} {"ID":"CVE-2022-44948","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44948.yaml"} {"ID":"CVE-2022-44949","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44949.yaml"} {"ID":"CVE-2022-44950","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44950.yaml"} {"ID":"CVE-2022-44951","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44951.yaml"} {"ID":"CVE-2022-44952","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44952.yaml"} {"ID":"CVE-2022-44957","Info":{"Name":"WebTareas 2.4p5 - Cross-Site Scripting","Severity":"medium","Description":"webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44957.yaml"} {"ID":"CVE-2022-45037","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45037.yaml"} {"ID":"CVE-2022-45038","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45038.yaml"} {"ID":"CVE-2022-45269","Info":{"Name":"Linx Sphere - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-45269.yaml"} {"ID":"CVE-2022-45354","Info":{"Name":"Download Monitor \u003c= 4.7.60 - Sensitive Information Exposure","Severity":"high","Description":"The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-45354.yaml"} {"ID":"CVE-2022-45362","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.0 - Server-Side Request Forgery","Severity":"medium","Description":"WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-45362.yaml"} {"ID":"CVE-2022-45365","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site-Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_symbol_search_test function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45365.yaml"} {"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45805.yaml"} {"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"high","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"} {"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45917.yaml"} {"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45933.yaml"} {"ID":"CVE-2022-46020","Info":{"Name":"WBCE CMS v1.5.4 - Remote Code Execution","Severity":"critical","Description":"WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46020.yaml"} {"ID":"CVE-2022-46071","Info":{"Name":"Helmet Store Showroom v1.0 - SQL Injection","Severity":"critical","Description":"There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46071.yaml"} {"ID":"CVE-2022-46073","Info":{"Name":"Helmet Store Showroom - Cross Site Scripting","Severity":"medium","Description":"Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46073.yaml"} {"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c=1.2.22 - Remote Command Injection","Severity":"critical","Description":"Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46169.yaml"} {"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46381.yaml"} {"ID":"CVE-2022-46443","Info":{"Name":"Bangresto - SQL Injection","Severity":"high","Description":"Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-46443.yaml"} {"ID":"CVE-2022-46463","Info":{"Name":"Harbor \u003c=2.5.3 - Unauthorized Access","Severity":"high","Description":"An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-46463.yaml"} {"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP \u003c1.7.33 - Cross-Site Scripting","Severity":"medium","Description":"NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46888.yaml"} {"ID":"CVE-2022-46934","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46934.yaml"} {"ID":"CVE-2022-47002","Info":{"Name":"Masa CMS - Authentication Bypass","Severity":"critical","Description":"Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47002.yaml"} {"ID":"CVE-2022-47003","Info":{"Name":"Mura CMS \u003c10.0.580 - Authentication Bypass","Severity":"critical","Description":"Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47003.yaml"} {"ID":"CVE-2022-47075","Info":{"Name":"Smart Office Web 20.28 - Information Disclosure","Severity":"high","Description":"An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-47075.yaml"} {"ID":"CVE-2022-47501","Info":{"Name":"Apache OFBiz \u003c 18.12.07 - Local File Inclusion","Severity":"high","Description":"Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-47501.yaml"} {"ID":"CVE-2022-47615","Info":{"Name":"LearnPress Plugin \u003c 4.2.0 - Local File Inclusion","Severity":"critical","Description":"Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin \u003c= 4.1.7.3.2 versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47615.yaml"} {"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47945.yaml"} {"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47966.yaml"} {"ID":"CVE-2022-47986","Info":{"Name":"IBM Aspera Faspex \u003c=4.4.2 PL1 - Remote Code Execution","Severity":"critical","Description":"IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47986.yaml"} {"ID":"CVE-2022-48012","Info":{"Name":"OpenCATS 0.9.7 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings\u0026a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48012.yaml"} {"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"} {"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"} {"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"} {"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"} {"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"} {"ID":"CVE-2023-0159","Info":{"Name":"Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE","Severity":"high","Description":"The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0159.yaml"} {"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"} {"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"} {"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"} {"ID":"CVE-2023-0334","Info":{"Name":"ShortPixel Adaptive Images \u003c 3.6.3 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0334.yaml"} {"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"} {"ID":"CVE-2023-0514","Info":{"Name":"Membership Database \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0514.yaml"} {"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"} {"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"} {"ID":"CVE-2023-0562","Info":{"Name":"Bank Locker Management System v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0562.yaml"} {"ID":"CVE-2023-0563","Info":{"Name":"Bank Locker Management System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-0563.yaml"} {"ID":"CVE-2023-0600","Info":{"Name":"WP Visitor Statistics (Real Time Traffic) \u003c 6.9 - SQL Injection","Severity":"critical","Description":"The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0600.yaml"} {"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"} {"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"} {"ID":"CVE-2023-0678","Info":{"Name":"PHPIPAM \u003cv1.5.1 - Missing Authorization","Severity":"medium","Description":"In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via find_full_subnets.php endpoint. The bug lies in the fact that find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-0678.yaml"} {"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"} {"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"} {"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"} {"ID":"CVE-2023-0947","Info":{"Name":"Flatpress \u003c 1.3 - Path Traversal","Severity":"critical","Description":"Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0947.yaml"} {"ID":"CVE-2023-0948","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0948.yaml"} {"ID":"CVE-2023-0968","Info":{"Name":"WordPress Watu Quiz \u003c3.3.9.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0968.yaml"} {"ID":"CVE-2023-1020","Info":{"Name":"Steveas WP Live Chat Shoutbox \u003c= 1.4.2 - SQL Injection","Severity":"critical","Description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1020.yaml"} {"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"} {"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"} {"ID":"CVE-2023-1263","Info":{"Name":"Coming Soon \u0026 Maintenance \u003c 4.1.7 - Unauthenticated Post/Page Access","Severity":"medium","Description":"The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-1263.yaml"} {"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"} {"ID":"CVE-2023-1408","Info":{"Name":"Video List Manager \u003c= 1.7 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-1408.yaml"} {"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"} {"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"} {"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"} {"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"} {"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"} {"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"critical","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"} {"ID":"CVE-2023-1719","Info":{"Name":"Bitrix Component - Cross-Site Scripting","Severity":"critical","Description":"Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1719.yaml"} {"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"} {"ID":"CVE-2023-1780","Info":{"Name":"Companion Sitemap Generator \u003c 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1780.yaml"} {"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"} {"ID":"CVE-2023-1880","Info":{"Name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","Severity":"medium","Description":"Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1880.yaml"} {"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"} {"ID":"CVE-2023-1892","Info":{"Name":"Sidekiq \u003c 7.0.8 - Cross-Site Scripting","Severity":"critical","Description":"An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-1892.yaml"} {"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"} {"ID":"CVE-2023-2009","Info":{"Name":"Pretty Url \u003c= 1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2009.yaml"} {"ID":"CVE-2023-20198","Info":{"Name":"Cisco IOS XE - Authentication Bypass","Severity":"critical","Description":"Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\nFor steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory.\nCisco will provide updates on the status of this investigation and when a software patch is available.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-20198.yaml"} {"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"} {"ID":"CVE-2023-2059","Info":{"Name":"DedeCMS 5.7.87 - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2059.yaml"} {"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"} {"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"} {"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"} {"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"} {"ID":"CVE-2023-22232","Info":{"Name":"Adobe Connect \u003c 12.1.5 - Local File Disclosure","Severity":"medium","Description":"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-22232.yaml"} {"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"} {"ID":"CVE-2023-2227","Info":{"Name":"Modoboa \u003c 2.1.0 - Improper Authorization","Severity":"critical","Description":"Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-2227.yaml"} {"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"} {"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"} {"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"} {"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"} {"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"} {"ID":"CVE-2023-22518","Info":{"Name":"Atlassian Confluence Server - Improper Authorization","Severity":"critical","Description":"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22518.yaml"} {"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"low","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"2.7"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"} {"ID":"CVE-2023-22527","Info":{"Name":"Atlassian Confluence - Remote Code Execution","Severity":"critical","Description":"A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22527.yaml"} {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} {"ID":"CVE-2023-22621","Info":{"Name":"Strapi Versions \u003c=4.5.5 - SSTI to Remote Code Execution","Severity":"high","Description":"Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-22621.yaml"} {"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"} {"ID":"CVE-2023-22893","Info":{"Name":"Strapi Versions \u003c=4.5.6 - Authentication Bypass","Severity":"high","Description":"Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22893.yaml"} {"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"} {"ID":"CVE-2023-2309","Info":{"Name":"wpForo Forum \u003c= 2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforo_debug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2309.yaml"} {"ID":"CVE-2023-23161","Info":{"Name":"Art Gallery Management System Project v1.0 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-23161.yaml"} {"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"} {"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"} {"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"} {"ID":"CVE-2023-23491","Info":{"Name":"Quick Event Manager \u003c 9.7.5 - Cross-Site Scripting","Severity":"medium","Description":"The Quick Event Manager WordPress Plugin, version \u003c 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-23491.yaml"} {"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"} {"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"} {"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"} {"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"} {"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"} {"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"} {"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"} {"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"} {"ID":"CVE-2023-24488","Info":{"Name":"Citrix Gateway and Citrix ADC - Cross-Site Scripting","Severity":"medium","Description":"Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24488.yaml"} {"ID":"CVE-2023-24489","Info":{"Name":"Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-24489.yaml"} {"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"} {"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"} {"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"} {"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"} {"ID":"CVE-2023-2479","Info":{"Name":"Appium Desktop Server - Remote Code Execution","Severity":"critical","Description":"OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2479.yaml"} {"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"} {"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"} {"ID":"CVE-2023-25194","Info":{"Name":"Apache Druid Kafka Connect - Remote Code Execution","Severity":"high","Description":"The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-25194.yaml"} {"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"} {"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"} {"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"} {"ID":"CVE-2023-26035","Info":{"Name":"ZoneMinder Snapshots - Command Injection","Severity":"critical","Description":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26035.yaml"} {"ID":"CVE-2023-26067","Info":{"Name":"Lexmark Printers - Command Injection","Severity":"high","Description":"Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-26067.yaml"} {"ID":"CVE-2023-2624","Info":{"Name":"KiviCare WordPress Plugin - Cross-Site Scripting","Severity":"medium","Description":"The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape the 'filterType' parameter, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2624.yaml"} {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"} {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"} {"ID":"CVE-2023-26347","Info":{"Name":"Adobe Coldfusion - Authentication Bypass","Severity":"high","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26347.yaml"} {"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"} {"ID":"CVE-2023-26469","Info":{"Name":"Jorani 1.0.0 - Remote Code Execution","Severity":"critical","Description":"Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26469.yaml"} {"ID":"CVE-2023-2648","Info":{"Name":"Weaver E-Office 9.5 - Remote Code Execution","Severity":"critical","Description":"A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2648.yaml"} {"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"} {"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"} {"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"} {"ID":"CVE-2023-27032","Info":{"Name":"PrestaShop AdvancedPopupCreator - SQL Injection","Severity":"critical","Description":"In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27032.yaml"} {"ID":"CVE-2023-27034","Info":{"Name":"Jms Blog - SQL Injection","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"} {"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"} {"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"} {"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"} {"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"} {"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"} {"ID":"CVE-2023-27372","Info":{"Name":"SPIP - Remote Command Execution","Severity":"critical","Description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27372.yaml"} {"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"} {"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"} {"ID":"CVE-2023-27584","Info":{"Name":"Dragonfly2 \u003c 2.1.0-beta.1 - Hardcoded JWT Secret","Severity":"critical","Description":"Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, \"Secret Key\", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27584.yaml"} {"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"} {"ID":"CVE-2023-27639","Info":{"Name":"PrestaShop TshirteCommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27639.yaml"} {"ID":"CVE-2023-27640","Info":{"Name":"PrestaShop tshirtecommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27640.yaml"} {"ID":"CVE-2023-2766","Info":{"Name":"Weaver OA 9.5 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2766.yaml"} {"ID":"CVE-2023-2779","Info":{"Name":"Super Socializer \u003c 7.13.52 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2779.yaml"} {"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"} {"ID":"CVE-2023-27847","Info":{"Name":"PrestaShop xipblog - SQL Injection","Severity":"critical","Description":"In the blog module (xipblog), an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27847.yaml"} {"ID":"CVE-2023-27922","Info":{"Name":"Newsletter \u003c 7.6.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27922.yaml"} {"ID":"CVE-2023-2796","Info":{"Name":"EventON \u003c= 2.1 - Missing Authorization","Severity":"medium","Description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2796.yaml"} {"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"} {"ID":"CVE-2023-2813","Info":{"Name":"Wordpress Multiple Themes - Reflected Cross-Site Scripting","Severity":"medium","Description":"All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2813.yaml"} {"ID":"CVE-2023-2822","Info":{"Name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2822.yaml"} {"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"} {"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"} {"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"} {"ID":"CVE-2023-28662","Info":{"Name":"Wordpress Gift Cards \u003c= 4.3.1 - SQL Injection","Severity":"critical","Description":"The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version \u003c= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28662.yaml"} {"ID":"CVE-2023-28665","Info":{"Name":"Woo Bulk Price Update \u003c2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The Woo Bulk Price Update WordPress plugin, in versions \u003c 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-28665.yaml"} {"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"} {"ID":"CVE-2023-29204","Info":{"Name":"XWiki - Open Redirect","Severity":"medium","Description":"XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29204.yaml"} {"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"} {"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"} {"ID":"CVE-2023-29357","Info":{"Name":"Microsoft SharePoint - Authentication Bypass","Severity":"critical","Description":"Microsoft SharePoint Server Elevation of Privilege Vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29357.yaml"} {"ID":"CVE-2023-29439","Info":{"Name":"FooGallery plugin \u003c= 2.2.35 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin \u003c= 2.2.35 versions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29439.yaml"} {"ID":"CVE-2023-2948","Info":{"Name":"OpenEMR \u003c 7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2948.yaml"} {"ID":"CVE-2023-29489","Info":{"Name":"cPanel \u003c 11.109.9999.116 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"} {"ID":"CVE-2023-2949","Info":{"Name":"OpenEMR \u003c 7.0.1 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2949.yaml"} {"ID":"CVE-2023-29506","Info":{"Name":"XWiki \u003e= 13.10.8 - Cross-Site Scripting","Severity":"medium","Description":"Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29506.yaml"} {"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"} {"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"} {"ID":"CVE-2023-29827","Info":{"Name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","Severity":"critical","Description":"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29827.yaml"} {"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"} {"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"} {"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"} {"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"} {"ID":"CVE-2023-30013","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"command\" parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30013.yaml"} {"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"} {"ID":"CVE-2023-30150","Info":{"Name":"PrestaShop leocustomajax 1.0 \u0026 1.0.0 - SQL Injection","Severity":"critical","Description":"PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30150.yaml"} {"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"} {"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"} {"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"} {"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"} {"ID":"CVE-2023-30534","Info":{"Name":"Cacti \u003c 1.2.25 Insecure Deserialization","Severity":"medium","Description":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2023/CVE-2023-30534.yaml"} {"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"} {"ID":"CVE-2023-3077","Info":{"Name":"MStore API \u003c 3.9.8 - SQL Injection","Severity":"critical","Description":"The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3077.yaml"} {"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"} {"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"} {"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"} {"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"} {"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"} {"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"} {"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"} {"ID":"CVE-2023-3188","Info":{"Name":"Owncast - Server Side Request Forgery","Severity":"medium","Description":"Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3188.yaml"} {"ID":"CVE-2023-32068","Info":{"Name":"XWiki - Open Redirect","Severity":"medium","Description":"XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-32068.yaml"} {"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"} {"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"} {"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"} {"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} {"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"} {"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} {"ID":"CVE-2023-32563","Info":{"Name":"Ivanti Avalanche - Remote Code Execution","Severity":"critical","Description":"An unauthenticated attacker could achieve the code execution through a RemoteControl server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32563.yaml"} {"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"} {"ID":"CVE-2023-33405","Info":{"Name":"BlogEngine CMS - Open Redirect","Severity":"medium","Description":"Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-33405.yaml"} {"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"} {"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"} {"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"} {"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"} {"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"} {"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"} {"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"} {"ID":"CVE-2023-3380","Info":{"Name":"WAVLINK WN579X3 - Remote Command Execution","Severity":"critical","Description":"Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3380.yaml"} {"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"} {"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"medium","Description":"A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"} {"ID":"CVE-2023-34105","Info":{"Name":"SRS - Command Injection","Severity":"high","Description":"SRS's v5.0.137~v5.0.156, v6.0.18~v6.0.47 api-server server is vulnerable to a drive-by command injection.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34105.yaml"} {"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"} {"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"} {"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"medium","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"} {"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"} {"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"} {"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"} {"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"} {"ID":"CVE-2023-3460","Info":{"Name":"Ultimate Member \u003c 2.6.7 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3460.yaml"} {"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"} {"ID":"CVE-2023-34751","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user\u0026page=groups\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34751.yaml"} {"ID":"CVE-2023-34752","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings\u0026page=lang\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34752.yaml"} {"ID":"CVE-2023-34753","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings\u0026page=tmpl\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34753.yaml"} {"ID":"CVE-2023-34754","Info":{"Name":"Bloofox v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings\u0026page=plugins\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34754.yaml"} {"ID":"CVE-2023-34755","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34755.yaml"} {"ID":"CVE-2023-34756","Info":{"Name":"Bloofox v0.5.2.1 - SQL Injection","Severity":"critical","Description":"Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings\u0026page=charset\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34756.yaml"} {"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.7 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"} {"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"} {"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"} {"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"} {"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"} {"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"} {"ID":"CVE-2023-35155","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35155.yaml"} {"ID":"CVE-2023-35156","Info":{"Name":"XWiki \u003e= 6.0-rc-1 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart\u0026vm=delete.vm\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35156.yaml"} {"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"} {"ID":"CVE-2023-35159","Info":{"Name":"XWiki \u003e= 3.4-milestone-1 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35159.yaml"} {"ID":"CVE-2023-35160","Info":{"Name":"XWiki \u003e= 2.5-milestone-2 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/view/XWiki/Main xpage=resubmit\u0026resubmit=javascript:alert(document.domain)\u0026xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35160.yaml"} {"ID":"CVE-2023-35161","Info":{"Name":"XWiki \u003e= 6.2-milestone-1 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu\u0026resolve=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35161.yaml"} {"ID":"CVE-2023-35162","Info":{"Name":"XWiki \u003c 14.10.5 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35162.yaml"} {"ID":"CVE-2023-3521","Info":{"Name":"FOSSBilling \u003c 0.5.3 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3521.yaml"} {"ID":"CVE-2023-3578","Info":{"Name":"DedeCMS 5.7.109 - Server-Side Request Forgery","Severity":"critical","Description":"Manipulation of the rssurl parameter in co_do.php leads to server-side request forgery in DedeCMS version 5.7.109.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3578.yaml"} {"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"} {"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"} {"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"} {"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"} {"ID":"CVE-2023-36144","Info":{"Name":"Intelbras Switch - Information Disclosure","Severity":"high","Description":"An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36144.yaml"} {"ID":"CVE-2023-36284","Info":{"Name":"QloApps 1.6.0 - SQL Injection","Severity":"high","Description":"An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters date_from, date_to, and id_product allows a remote attacker to retrieve the contents of an entire database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36284.yaml"} {"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"} {"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"} {"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"} {"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"} {"ID":"CVE-2023-36347","Info":{"Name":"POS Codekop v2.0 - Broken Authentication","Severity":"high","Description":"A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36347.yaml"} {"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"} {"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"} {"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"} {"ID":"CVE-2023-3710","Info":{"Name":"Honeywell PM43 Printers - Command Injection","Severity":"critical","Description":"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3710.yaml"} {"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"} {"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"} {"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"} {"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"} {"ID":"CVE-2023-37474","Info":{"Name":"Copyparty \u003c= 1.8.2 - Directory Traversal","Severity":"high","Description":"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-37474.yaml"} {"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"} {"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"} {"ID":"CVE-2023-37645","Info":{"Name":"EyouCms v1.6.3 - Information Disclosure","Severity":"medium","Description":"EyouCms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-37645.yaml"} {"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"} {"ID":"CVE-2023-37679","Info":{"Name":"NextGen Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37679.yaml"} {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} {"ID":"CVE-2023-38192","Info":{"Name":"SuperWebMailer 9.00.0.01710 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38192.yaml"} {"ID":"CVE-2023-38194","Info":{"Name":"SuperWebMailer - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38194.yaml"} {"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"} {"ID":"CVE-2023-38433","Info":{"Name":"Fujitsu IP Series - Hardcoded Credentials","Severity":"high","Description":"Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38433.yaml"} {"ID":"CVE-2023-3844","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3844.yaml"} {"ID":"CVE-2023-3845","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3845.yaml"} {"ID":"CVE-2023-3846","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3846.yaml"} {"ID":"CVE-2023-3847","Info":{"Name":"MooDating 1.2 - Cross-Site scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3847.yaml"} {"ID":"CVE-2023-3848","Info":{"Name":"MooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3848.yaml"} {"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"} {"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"} {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"} {"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"} {"ID":"CVE-2023-38992","Info":{"Name":"Jeecg-Boot v3.5.1 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38992.yaml"} {"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"} {"ID":"CVE-2023-39024","Info":{"Name":"Harman Media Suite \u003c= 4.2.0 - Local File Disclosure","Severity":"high","Description":"Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39024.yaml"} {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"} {"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"} {"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"} {"ID":"CVE-2023-39110","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39110.yaml"} {"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"} {"ID":"CVE-2023-39141","Info":{"Name":"Aria2 WebUI - Path traversal","Severity":"high","Description":"webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39141.yaml"} {"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"} {"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"} {"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"} {"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"} {"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"} {"ID":"CVE-2023-39650","Info":{"Name":"PrestaShop Theme Volty CMS Blog - SQL Injection","Severity":"critical","Description":"In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39650.yaml"} {"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"} {"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"high","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"} {"ID":"CVE-2023-39700","Info":{"Name":"IceWarp Mail Server v10.4.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39700.yaml"} {"ID":"CVE-2023-39796","Info":{"Name":"WBCE 1.6.0 - SQL Injection","Severity":"critical","Description":"There is an sql injection vulnerability in \"miniform module\" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file \"/modules/miniform/ajax_delete_message.php\" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39796.yaml"} {"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"} {"ID":"CVE-2023-40355","Info":{"Name":"Axigen WebMail - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-40355.yaml"} {"ID":"CVE-2023-40504","Info":{"Name":"LG Simple Editor \u003c= v3.21.0 - Command Injection","Severity":"critical","Description":"LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-40504.yaml"} {"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"} {"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"} {"ID":"CVE-2023-41109","Info":{"Name":"SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway - Command Injection","Severity":"critical","Description":"The SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway is vulnerable to command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41109.yaml"} {"ID":"CVE-2023-4111","Info":{"Name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4111.yaml"} {"ID":"CVE-2023-4112","Info":{"Name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4112.yaml"} {"ID":"CVE-2023-4113","Info":{"Name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4113.yaml"} {"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"} {"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"} {"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"} {"ID":"CVE-2023-41265","Info":{"Name":"Qlik Sense Enterprise - HTTP Request Smuggling","Severity":"critical","Description":"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-41265.yaml"} {"ID":"CVE-2023-41266","Info":{"Name":"Qlik Sense Enterprise - Path Traversal","Severity":"medium","Description":"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-41266.yaml"} {"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"} {"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"} {"ID":"CVE-2023-41597","Info":{"Name":"EyouCms v1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41597.yaml"} {"ID":"CVE-2023-41599","Info":{"Name":"JFinalCMS v5.0.0 - Directory Traversal","Severity":"medium","Description":"An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-41599.yaml"} {"ID":"CVE-2023-41621","Info":{"Name":"Emlog Pro v2.1.14 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in Emlog Pro v2.1.14 via /admin/store.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41621.yaml"} {"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"} {"ID":"CVE-2023-4168","Info":{"Name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","Severity":"high","Description":"Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4168.yaml"} {"ID":"CVE-2023-4169","Info":{"Name":"Ruijie RG-EW1200G Router - Password Reset","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4169.yaml"} {"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"} {"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"} {"ID":"CVE-2023-41763","Info":{"Name":"Skype for Business 2019 (SfB) - Blind Server-side Request Forgery","Severity":"medium","Description":"Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-41763.yaml"} {"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"} {"ID":"CVE-2023-4220","Info":{"Name":"Chamilo LMS \u003c= 1.11.24 - Remote Code Execution","Severity":"medium","Description":"Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS \u003c= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4220.yaml"} {"ID":"CVE-2023-42343","Info":{"Name":"OpenCMS - Cross-Site Scripting","Severity":"medium","Description":"OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42343.yaml"} {"ID":"CVE-2023-42344","Info":{"Name":"OpenCMS - XML external entity (XXE)","Severity":"high","Description":"users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42344.yaml"} {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"} {"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"} {"ID":"CVE-2023-43208","Info":{"Name":"NextGen Healthcare Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect before version 4.4.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43208.yaml"} {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} {"ID":"CVE-2023-43323","Info":{"Name":"mooSocial 3.1.8 - External Service Interaction","Severity":"medium","Description":"mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-43323.yaml"} {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"} {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"} {"ID":"CVE-2023-43374","Info":{"Name":"Hoteldruid v3.0.5 - SQL Injection","Severity":"critical","Description":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43374.yaml"} {"ID":"CVE-2023-43472","Info":{"Name":"MLFlow \u003c 2.8.1 - Sensitive Information Disclosure","Severity":"high","Description":"An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43472.yaml"} {"ID":"CVE-2023-43654","Info":{"Name":"PyTorch TorchServe SSRF","Severity":"critical","Description":"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43654.yaml"} {"ID":"CVE-2023-43662","Info":{"Name":"ShokoServer System - Local File Inclusion (LFI)","Severity":"high","Description":"ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-43662.yaml"} {"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"} {"ID":"CVE-2023-44012","Info":{"Name":"mojoPortal v.2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44012.yaml"} {"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"} {"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"} {"ID":"CVE-2023-44353","Info":{"Name":"Adobe ColdFusion WDDX Deserialization Gadgets","Severity":"critical","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-44353.yaml"} {"ID":"CVE-2023-44393","Info":{"Name":"Piwigo - Cross-Site Scripting","Severity":"medium","Description":"Piwigo is vulnerable to a reflected XSS in the admin panel where the `plugin_id` parameter is not properly sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44393.yaml"} {"ID":"CVE-2023-4450","Info":{"Name":"JeecgBoot JimuReport - Template injection","Severity":"critical","Description":"A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4450.yaml"} {"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"} {"ID":"CVE-2023-44812","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the admin_redirect_url parameter of the user login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44812.yaml"} {"ID":"CVE-2023-44813","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44813.yaml"} {"ID":"CVE-2023-45136","Info":{"Name":"XWiki \u003c 14.10.14 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45136.yaml"} {"ID":"CVE-2023-4521","Info":{"Name":"Import XML and RSS Feeds \u003c 2.1.5 - Unauthenticated RCE","Severity":"critical","Description":"The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4521.yaml"} {"ID":"CVE-2023-45375","Info":{"Name":"PrestaShop PireosPay - SQL Injection","Severity":"high","Description":"In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-45375.yaml"} {"ID":"CVE-2023-4542","Info":{"Name":"D-Link DAR-8000-10 - Command Injection","Severity":"critical","Description":"D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4542.yaml"} {"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"} {"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"} {"ID":"CVE-2023-45671","Info":{"Name":"Frigate \u003c 0.13.0 Beta 3 - Cross-Site Scripting","Severity":"medium","Description":"Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-45671.yaml"} {"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"} {"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"} {"ID":"CVE-2023-45855","Info":{"Name":"qdPM 9.2 - Directory Traversal","Severity":"high","Description":"qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-45855.yaml"} {"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"} {"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"} {"ID":"CVE-2023-46347","Info":{"Name":"PrestaShop Step by Step products Pack - SQL Injection","Severity":"critical","Description":"In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46347.yaml"} {"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"} {"ID":"CVE-2023-46574","Info":{"Name":"TOTOLINK A3700R - Command Injection","Severity":"critical","Description":"An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46574.yaml"} {"ID":"CVE-2023-46732","Info":{"Name":"XWiki \u003c 14.10.14 - Cross-Site Scripting","Severity":"medium","Description":"XWiki is vulnerable to reflected cross-site scripting (RXSS) via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-46732.yaml"} {"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"} {"ID":"CVE-2023-46805","Info":{"Name":"Ivanti ICS - Authentication Bypass","Severity":"high","Description":"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2023/CVE-2023-46805.yaml"} {"ID":"CVE-2023-46818","Info":{"Name":"ISPConfig - PHP Code Injection","Severity":"high","Description":"An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-46818.yaml"} {"ID":"CVE-2023-47115","Info":{"Name":"Label Studio - Cross-Site Scripting","Severity":"high","Description":"Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2023/CVE-2023-47115.yaml"} {"ID":"CVE-2023-47117","Info":{"Name":"Label Studio - Sensitive Information Exposure","Severity":"high","Description":"An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-47117.yaml"} {"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"} {"ID":"CVE-2023-47211","Info":{"Name":"ManageEngine OpManager - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-47211.yaml"} {"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"medium","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"} {"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"} {"ID":"CVE-2023-47253","Info":{"Name":"Qualitor \u003c= 8.20 - Remote Code Execution","Severity":"critical","Description":"Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47253.yaml"} {"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"} {"ID":"CVE-2023-47684","Info":{"Name":"Essential Grid \u003c= 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin \u003c= 3.1.0 versions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-47684.yaml"} {"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"critical","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"} {"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"} {"ID":"CVE-2023-48241","Info":{"Name":"XWiki \u003c 4.10.15 - Information Disclosure","Severity":"high","Description":"The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This can be reproduced by opening \u003cxwiki-server\u003e/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain\u0026media=json\u0026nb=1000\u0026query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__\u0026input=+ where \u003cxwiki-server\u003e is the URL of the XWiki installation. If this displays any results, the wiki is vulnerable.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-48241.yaml"} {"ID":"CVE-2023-48728","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-48728.yaml"} {"ID":"CVE-2023-48777","Info":{"Name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","Severity":"critical","Description":"The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-48777.yaml"} {"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"} {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"} {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} {"ID":"CVE-2023-4973","Info":{"Name":"Academy LMS 6.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4973.yaml"} {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"} {"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"} {"ID":"CVE-2023-5003","Info":{"Name":"Active Directory Integration WP Plugin \u003c 4.1.10 - Log Disclosure","Severity":"high","Description":"The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-5003.yaml"} {"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"} {"ID":"CVE-2023-50719","Info":{"Name":"XWiki \u003c 4.10.15 - Sensitive Information Disclosure","Severity":"high","Description":"XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50719.yaml"} {"ID":"CVE-2023-50720","Info":{"Name":"XWiki \u003c 4.10.15 - Email Disclosure","Severity":"medium","Description":"The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-50720.yaml"} {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} {"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"} {"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"} {"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"} {"ID":"CVE-2023-51449","Info":{"Name":"Gradio Hugging Face - Local File Inclusion","Severity":"high","Description":"Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio \u003c 3.33\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-51449.yaml"} {"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"} {"ID":"CVE-2023-52085","Info":{"Name":"Winter CMS Local File Inclusion - (LFI)","Severity":"medium","Description":"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-52085.yaml"} {"ID":"CVE-2023-5222","Info":{"Name":"Viessmann Vitogate 300 - Hardcoded Password","Severity":"critical","Description":"A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5222.yaml"} {"ID":"CVE-2023-52251","Info":{"Name":"Kafka UI 0.7.1 Command Injection","Severity":"high","Description":"An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-52251.yaml"} {"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"} {"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"} {"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"} {"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"} {"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"} {"ID":"CVE-2023-5863","Info":{"Name":"phpMyFAQ \u003c 3.2.0 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5863.yaml"} {"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"} {"ID":"CVE-2023-5991","Info":{"Name":"Hotel Booking Lite \u003c 4.8.5 - Arbitrary File Download \u0026 Deletion","Severity":"critical","Description":"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5991.yaml"} {"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"} {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"} {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"} {"ID":"CVE-2023-6023","Info":{"Name":"VertaAI ModelDB - Path Traversal","Severity":"high","Description":"The endpoint \"/api/v1/artifact/getArtifact?artifact_path=\" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6023.yaml"} {"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"} {"ID":"CVE-2023-6063","Info":{"Name":"WP Fastest Cache 1.2.2 - SQL Injection","Severity":"high","Description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6063.yaml"} {"ID":"CVE-2023-6065","Info":{"Name":"Quttera Web Malware Scanner \u003c= 3.4.1.48 - Sensitive Data Exposure","Severity":"medium","Description":"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-6065.yaml"} {"ID":"CVE-2023-6114","Info":{"Name":"Duplicator \u003c 1.5.7.1; Duplicator Pro \u003c 4.5.14.2 - Unauthenticated Sensitive Data Exposure","Severity":"high","Description":"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6114.yaml"} {"ID":"CVE-2023-6275","Info":{"Name":"TOTVS Fluig Platform - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6275.yaml"} {"ID":"CVE-2023-6329","Info":{"Name":"Control iD iDSecure - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \"passwordCustom\" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6329.yaml"} {"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"} {"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"} {"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"} {"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6389.yaml"} {"ID":"CVE-2023-6444","Info":{"Name":"Seriously Simple Podcasting \u003c 3.0.0 - Information Disclosure","Severity":"medium","Description":"The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-6444.yaml"} {"ID":"CVE-2023-6505","Info":{"Name":"Prime Mover \u003c 1.9.3 - Sensitive Data Exposure","Severity":"high","Description":"Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6505.yaml"} {"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"} {"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"} {"ID":"CVE-2023-6568","Info":{"Name":"Mlflow - Cross-Site Scripting","Severity":"medium","Description":"The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request,\nwhich is then reflected back to the user without proper sanitization or escaping.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6568.yaml"} {"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"} {"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"} {"ID":"CVE-2023-6786","Info":{"Name":"Payment Gateway for Telcell \u003c 2.0.4 - Open Redirect","Severity":"medium","Description":"The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-6786.yaml"} {"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"} {"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"} {"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"} {"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"} {"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"} {"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"} {"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"} {"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"} {"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"} {"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"} {"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"} {"ID":"CVE-2024-0250","Info":{"Name":"Analytics Insights for Google Analytics 4 \u003c 6.3 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0250.yaml"} {"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"} {"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"} {"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"} {"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"} {"ID":"CVE-2024-0881","Info":{"Name":"Combo Blocks \u003c 2.2.76 - Improper Access Control","Severity":"medium","Description":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0881.yaml"} {"ID":"CVE-2024-0939","Info":{"Name":"Smart S210 Management Platform - Arbitary File Upload","Severity":"critical","Description":"A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0939.yaml"} {"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"critical","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"} {"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"critical","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"} {"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"} {"ID":"CVE-2024-1183","Info":{"Name":"Gradio - Server Side Request Forgery","Severity":"medium","Description":"An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-1183.yaml"} {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"} {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"} {"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"} {"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"} {"ID":"CVE-2024-1380","Info":{"Name":"Relevanssi (A Better Search) \u003c= 4.22.0 - Query Log Export","Severity":"medium","Description":"The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1380.yaml"} {"ID":"CVE-2024-1512","Info":{"Name":"MasterStudy LMS WordPress Plugin \u003c= 3.2.5 - SQL Injection","Severity":"critical","Description":"The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1512.yaml"} {"ID":"CVE-2024-1561","Info":{"Name":"Gradio 4.3-4.12 - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"} {"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"} {"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"} {"ID":"CVE-2024-1728","Info":{"Name":"Gradio \u003e 4.19.1 UploadButton - Path Traversal","Severity":"high","Description":"gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1728.yaml"} {"ID":"CVE-2024-20419","Info":{"Name":"Cisco SSM On-Prem \u003c= 8-202206 - Password Reset Account Takeover","Severity":"critical","Description":"A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-20419.yaml"} {"ID":"CVE-2024-20439","Info":{"Name":"Hardcoded Admin Credentials For Cisco Smart Licensing Utility API","Severity":"critical","Description":"A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-20439.yaml"} {"ID":"CVE-2024-20440","Info":{"Name":"Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials","Severity":"high","Description":"A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-20440.yaml"} {"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"} {"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"} {"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"} {"ID":"CVE-2024-21650","Info":{"Name":"XWiki \u003c 4.10.20 - Remote code execution","Severity":"critical","Description":"XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the \"first name\" or \"last name\" fields during user registration. This impacts all installations that have user registration enabled for guests.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-21650.yaml"} {"ID":"CVE-2024-21683","Info":{"Name":"Atlassian Confluence Data Center and Server - Remote Code Execution","Severity":"high","Description":"Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X (affected versions). This issue allows authenticated attackers to execute arbitrary code.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-21683.yaml"} {"ID":"CVE-2024-21887","Info":{"Name":"Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection","Severity":"critical","Description":"A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-21887.yaml"} {"ID":"CVE-2024-21893","Info":{"Name":"Ivanti SAML - Server Side Request Forgery (SSRF)","Severity":"high","Description":"A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-21893.yaml"} {"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"} {"ID":"CVE-2024-22207","Info":{"Name":"Fastify Swagger-UI - Information Disclosure","Severity":"medium","Description":"fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-22207.yaml"} {"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"} {"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"} {"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"} {"ID":"CVE-2024-23163","Info":{"Name":"GestSup - Account Takeover","Severity":"critical","Description":"","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23163.yaml"} {"ID":"CVE-2024-23167","Info":{"Name":"GestSup - Cross-Site Scripting","Severity":"high","Description":"GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-23167.yaml"} {"ID":"CVE-2024-2330","Info":{"Name":"NS-ASG Application Security Gateway 6.3 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2330.yaml"} {"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"} {"ID":"CVE-2024-2340","Info":{"Name":"Avada \u003c 7.11.7 - Information Disclosure","Severity":"medium","Description":"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-2340.yaml"} {"ID":"CVE-2024-23692","Info":{"Name":"Rejetto HTTP File Server - Template injection","Severity":"critical","Description":"This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23692.yaml"} {"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"} {"ID":"CVE-2024-23917","Info":{"Name":"JetBrains TeamCity \u003e 2023.11.3 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23917.yaml"} {"ID":"CVE-2024-24112","Info":{"Name":"Exrick XMall - SQL Injection","Severity":"critical","Description":"XMall v1.1 was discovered to contain a SQL injection vulnerability via the 'orderDir' parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-24112.yaml"} {"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"} {"ID":"CVE-2024-24565","Info":{"Name":"CrateDB Database - Arbitrary File Read","Severity":"medium","Description":"CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-24565.yaml"} {"ID":"CVE-2024-24763","Info":{"Name":"JumpServer \u003c 3.10.0 - Open Redirect","Severity":"medium","Description":"JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-24763.yaml"} {"ID":"CVE-2024-24809","Info":{"Name":"Traccar - Unrestricted File Upload","Severity":"high","Description":"Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2024/CVE-2024-24809.yaml"} {"ID":"CVE-2024-24919","Info":{"Name":"Check Point Quantum Gateway - Information Disclosure","Severity":"high","Description":"Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-24919.yaml"} {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"} {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in 2017\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"} {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"} {"ID":"CVE-2024-25852","Info":{"Name":"Linksys RE7000 - Command Injection","Severity":"high","Description":"Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the \"AccessControlList\" parameter of the access control function point\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25852.yaml"} {"ID":"CVE-2024-2621","Info":{"Name":"Fujian Kelixin Communication - Command Injection","Severity":"medium","Description":"A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2621.yaml"} {"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"} {"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"} {"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"} {"ID":"CVE-2024-27292","Info":{"Name":"Docassemble - Local File Inclusion","Severity":"high","Description":"Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-27292.yaml"} {"ID":"CVE-2024-27348","Info":{"Name":"Apache HugeGraph-Server - Remote Command Execution","Severity":"high","Description":"Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27348.yaml"} {"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"} {"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"} {"ID":"CVE-2024-27718","Info":{"Name":"Smart s200 Management Platform v.S200 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27718.yaml"} {"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"} {"ID":"CVE-2024-27956","Info":{"Name":"WordPress Automatic Plugin \u003c= 3.92.0 - SQL Injection","Severity":"critical","Description":"The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-27956.yaml"} {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"} {"ID":"CVE-2024-28397","Info":{"Name":"pyload-ng js2py - Remote Code Execution","Severity":"medium","Description":"An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-28397.yaml"} {"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"} {"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"} {"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"} {"ID":"CVE-2024-28987","Info":{"Name":"SolarWinds Web Help Desk - Hardcoded Credential","Severity":"critical","Description":"The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-28987.yaml"} {"ID":"CVE-2024-28995","Info":{"Name":"SolarWinds Serv-U - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-28995.yaml"} {"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"} {"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"} {"ID":"CVE-2024-29272","Info":{"Name":"VvvebJs \u003c 1.7.5 - Arbitrary File Upload","Severity":"medium","Description":"Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-29272.yaml"} {"ID":"CVE-2024-29824","Info":{"Name":"Ivanti EPM - Remote Code Execution","Severity":"critical","Description":"An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2024/CVE-2024-29824.yaml"} {"ID":"CVE-2024-29868","Info":{"Name":"Apache StreamPipes \u003c= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation","Severity":"critical","Description":"Apache StreamPipes from version 0.69.0 through 0.93.0 uses a cryptographically weak Pseudo-Random Number Generator (PRNG) in the recovery token generation mechanism. Given a valid token it's possible to predict all past and future generated tokens.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-29868.yaml"} {"ID":"CVE-2024-29889","Info":{"Name":"GLPI 10.0.10-10.0.14 - SQL Injection","Severity":"high","Description":"GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2024/CVE-2024-29889.yaml"} {"ID":"CVE-2024-29895","Info":{"Name":"Cacti cmd_realtime.php - Command Injection","Severity":"critical","Description":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-29895.yaml"} {"ID":"CVE-2024-29972","Info":{"Name":"Zyxel NAS326 Firmware \u003c V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account","Severity":"critical","Description":"The command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.\n","Classification":{"CVSSScore":"9.88"}},"file_path":"http/cves/2024/CVE-2024-29972.yaml"} {"ID":"CVE-2024-29973","Info":{"Name":"Zyxel NAS326 Firmware \u003c V5.21(AAZF.17)C0 - Command Injection","Severity":"critical","Description":"The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.\n","Classification":{"CVSSScore":"9.88"}},"file_path":"http/cves/2024/CVE-2024-29973.yaml"} {"ID":"CVE-2024-30188","Info":{"Name":"Apache DolphinScheduler \u003e= 3.1.0, \u003c 3.2.2 Resource File Read And Write","Severity":"high","Description":"File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler from 3.1.0 before 3.2.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-30188.yaml"} {"ID":"CVE-2024-30269","Info":{"Name":"DataEase \u003c= 2.4.1 - Sensitive Information Exposure","Severity":"medium","Description":"DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-30269.yaml"} {"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"} {"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"} {"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"} {"ID":"CVE-2024-31750","Info":{"Name":"F-logic DataCube3 - SQL Injection","Severity":"high","Description":"SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31750.yaml"} {"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"} {"ID":"CVE-2024-31849","Info":{"Name":"CData Connect \u003c 23.4.8846 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData Connect \u003c 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"} {"ID":"CVE-2024-31850","Info":{"Name":"CData Arc \u003c 23.4.8839 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Arc \u003c 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31850.yaml"} {"ID":"CVE-2024-31851","Info":{"Name":"CData Sync \u003c 23.4.8843 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Sync \u003c 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31851.yaml"} {"ID":"CVE-2024-31982","Info":{"Name":"XWiki \u003c 4.10.20 - Remote code execution","Severity":"critical","Description":"XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31982.yaml"} {"ID":"CVE-2024-32113","Info":{"Name":"Apache OFBiz Directory Traversal - Remote Code Execution","Severity":"high","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32113.yaml"} {"ID":"CVE-2024-32231","Info":{"Name":"Stash \u003c 0.26.0 - SQL Injection","Severity":"critical","Description":"Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32231.yaml"} {"ID":"CVE-2024-32238","Info":{"Name":"H3C ER8300G2-X - Password Disclosure","Severity":"critical","Description":"H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-32238.yaml"} {"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"} {"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"} {"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"} {"ID":"CVE-2024-32709","Info":{"Name":"WP-Recall \u003c= 16.26.5 - SQL Injection","Severity":"critical","Description":"The WP-Recall Registration, Profile, Commerce \u0026 More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-32709.yaml"} {"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"critical","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"} {"ID":"CVE-2024-3274","Info":{"Name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3274.yaml"} {"ID":"CVE-2024-33113","Info":{"Name":"D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure","Severity":"medium","Description":"D-LINK DIR-845L \u003c=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33113.yaml"} {"ID":"CVE-2024-33288","Info":{"Name":"Prison Management System - SQL Injection Authentication Bypass","Severity":"high","Description":"Sql injection vulnerability was found on the login page in Prison Management System\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33288.yaml"} {"ID":"CVE-2024-33575","Info":{"Name":"User Meta WP Plugin \u003c 3.1 - Sensitive Information Exposure","Severity":"medium","Description":"The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-33575.yaml"} {"ID":"CVE-2024-33605","Info":{"Name":"Sharp Multifunction Printers - Directory Listing","Severity":"high","Description":"It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-33605.yaml"} {"ID":"CVE-2024-33610","Info":{"Name":"Sharp Multifunction Printers - Cookie Exposure","Severity":"medium","Description":"It was observed that Sharp printers are vulnerable to a listing of session cookies without authentication. Any attacker can list valid cookies by visiting a backdoor webpage and use them to authenticate to the printers.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-33610.yaml"} {"ID":"CVE-2024-33724","Info":{"Name":"SOPlanning 1.52.00 Cross Site Scripting","Severity":"medium","Description":"SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33724.yaml"} {"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"} {"ID":"CVE-2024-34061","Info":{"Name":"Changedetection.io \u003c=v0.45.21 - Cross-Site Scripting","Severity":"medium","Description":"Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-34061.yaml"} {"ID":"CVE-2024-34102","Info":{"Name":"Adobe Commerce \u0026 Magento - CosmicSting","Severity":"critical","Description":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-34102.yaml"} {"ID":"CVE-2024-34257","Info":{"Name":"TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection","Severity":"high","Description":"TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-34257.yaml"} {"ID":"CVE-2024-34351","Info":{"Name":"Next.js - Server Side Request Forgery (SSRF)","Severity":"high","Description":"Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34351.yaml"} {"ID":"CVE-2024-34470","Info":{"Name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","Severity":"high","Description":"An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34470.yaml"} {"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"} {"ID":"CVE-2024-34982","Info":{"Name":"LyLme-Spage - Arbitary File Upload","Severity":"high","Description":"An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-34982.yaml"} {"ID":"CVE-2024-3552","Info":{"Name":"Web Directory Free \u003c 1.7.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3552.yaml"} {"ID":"CVE-2024-36104","Info":{"Name":"Apache OFBiz - Path Traversal","Severity":"critical","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-36104.yaml"} {"ID":"CVE-2024-36401","Info":{"Name":"GeoServer RCE in Evaluating Property Name Expressions","Severity":"critical","Description":"In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36401.yaml"} {"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"} {"ID":"CVE-2024-36527","Info":{"Name":"Puppeteer Renderer - Directory Traversal","Severity":"medium","Description":"puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36527.yaml"} {"ID":"CVE-2024-36683","Info":{"Name":"PrestaShop productsalert - SQL Injection","Severity":"critical","Description":"In the module 'Products Alert' (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36683.yaml"} {"ID":"CVE-2024-3673","Info":{"Name":"Web Directory Free \u003c 1.7.3 - Local File Inclusion","Severity":"critical","Description":"The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-3673.yaml"} {"ID":"CVE-2024-36837","Info":{"Name":"CRMEB v.5.2.2 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36837.yaml"} {"ID":"CVE-2024-36991","Info":{"Name":"Splunk Enterprise - Local File Inclusion","Severity":"high","Description":"In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36991.yaml"} {"ID":"CVE-2024-37032","Info":{"Name":"Ollama - Remote Code Execution","Severity":"critical","Description":"Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37032.yaml"} {"ID":"CVE-2024-37152","Info":{"Name":"Argo CD Unauthenticated Access to sensitive setting","Severity":"medium","Description":"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37152.yaml"} {"ID":"CVE-2024-37393","Info":{"Name":"SecurEnvoy Two Factor Authentication - LDAP Injection","Severity":"critical","Description":"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37393.yaml"} {"ID":"CVE-2024-3742","Info":{"Name":"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure","Severity":"high","Description":"Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-3742.yaml"} {"ID":"CVE-2024-37843","Info":{"Name":"Craft CMS \u003c=v3.7.31 - SQL Injection","Severity":"critical","Description":"Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-37843.yaml"} {"ID":"CVE-2024-37881","Info":{"Name":"SiteGuard WP Plugin \u003c= 1.7.6 - Login Page Disclosure","Severity":"medium","Description":"The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37881.yaml"} {"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"} {"ID":"CVE-2024-38288","Info":{"Name":"TurboMeeting - Post-Authentication Command Injection","Severity":"high","Description":"The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38288.yaml"} {"ID":"CVE-2024-38289","Info":{"Name":"TurboMeeting - Boolean-based SQL Injection","Severity":"critical","Description":"A Boolean-based SQL injection vulnerability in the \"RHUB TurboMeeting\" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38289.yaml"} {"ID":"CVE-2024-38472","Info":{"Name":"Apache HTTPd Windows UNC - Server-Side Request Forgery","Severity":"high","Description":"SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-38472.yaml"} {"ID":"CVE-2024-38473","Info":{"Name":"Apache HTTP Server - ACL Bypass","Severity":"high","Description":"Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-38473.yaml"} {"ID":"CVE-2024-3850","Info":{"Name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","Severity":"medium","Description":"Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the finding as well as the CVSS score.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-3850.yaml"} {"ID":"CVE-2024-38514","Info":{"Name":"NextChat - Server-Side Request Forgery","Severity":"high","Description":"NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.\n","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2024/CVE-2024-38514.yaml"} {"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"} {"ID":"CVE-2024-3922","Info":{"Name":"Dokan Pro \u003c= 3.10.3 - SQL Injection","Severity":"critical","Description":"The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3922.yaml"} {"ID":"CVE-2024-39250","Info":{"Name":"EfroTech Timetrax v8.3 - Sql Injection","Severity":"high","Description":"EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-39250.yaml"} {"ID":"CVE-2024-39903","Info":{"Name":"Solara \u003c1.35.1 - Local File Inclusion","Severity":"high","Description":"A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version \u003c1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39903.yaml"} {"ID":"CVE-2024-39907","Info":{"Name":"1Panel SQL Injection - Authenticated","Severity":"critical","Description":"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39907.yaml"} {"ID":"CVE-2024-39914","Info":{"Name":"FOG Project \u003c 1.5.10.34 - Remote Command Execution","Severity":"critical","Description":"FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39914.yaml"} {"ID":"CVE-2024-40348","Info":{"Name":"Bazarr \u003c 1.4.3 - Arbitrary File Read","Severity":"high","Description":"Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-40348.yaml"} {"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"} {"ID":"CVE-2024-40422","Info":{"Name":"Devika v1 - Path Traversal","Severity":"critical","Description":"The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-40422.yaml"} {"ID":"CVE-2024-41107","Info":{"Name":"Apache CloudStack - SAML Signature Exclusion","Severity":"critical","Description":"The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-41107.yaml"} {"ID":"CVE-2024-41628","Info":{"Name":"Cluster Control CMON API - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-41628.yaml"} {"ID":"CVE-2024-41667","Info":{"Name":"OpenAM\u003c=15.0.3 FreeMarker - Template Injection","Severity":"high","Description":"OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-41667.yaml"} {"ID":"CVE-2024-41810","Info":{"Name":"Twisted - Open Redirect \u0026 XSS","Severity":"medium","Description":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-41810.yaml"} {"ID":"CVE-2024-41955","Info":{"Name":"Open Redirect in Login Redirect - MobSF","Severity":"medium","Description":"Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.\n","Classification":{"CVSSScore":"5.2"}},"file_path":"http/cves/2024/CVE-2024-41955.yaml"} {"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"} {"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"} {"ID":"CVE-2024-43160","Info":{"Name":"BerqWP \u003c= 1.7.6 - Arbitrary File Uplaod","Severity":"critical","Description":"The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-43160.yaml"} {"ID":"CVE-2024-43425","Info":{"Name":"Moodle - Remote Code Execution","Severity":"critical","Description":"Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43425.yaml"} {"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"} {"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"} {"ID":"CVE-2024-44000","Info":{"Name":"LiteSpeed Cache \u003c= 6.4.1 - Sensitive Information Exposure","Severity":"high","Description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log file. The log file may contain user cookies making it possible for an attacker to log in with any session that is actively valid and exposed in the log file. Note: the debug feature must be enabled for this to be a concern and this feature is disabled by default.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-44000.yaml"} {"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"} {"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"} {"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"} {"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"} {"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"} {"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"} {"ID":"CVE-2024-45507","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45507.yaml"} {"ID":"CVE-2024-45622","Info":{"Name":"ASIS - SQL Injection Authentication Bypass","Severity":"critical","Description":"ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45622.yaml"} {"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"} {"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"} {"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"} {"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"} {"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"} {"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"} {"ID":"CVE-2024-4956","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","Severity":"high","Description":"Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-4956.yaml"} {"ID":"CVE-2024-5084","Info":{"Name":"Hash Form \u003c= 1.1.0 - Arbitrary File Upload","Severity":"critical","Description":"The Hash Form Drag \u0026 Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5084.yaml"} {"ID":"CVE-2024-5217","Info":{"Name":"ServiceNow - Incomplete Input Validation","Severity":"critical","Description":"ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5217.yaml"} {"ID":"CVE-2024-5230","Info":{"Name":"FleetCart 4.1.1 - Information Disclosure","Severity":"medium","Description":"Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the \"Razorpay\" \"razorpayKeyId\".\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5230.yaml"} {"ID":"CVE-2024-5276","Info":{"Name":"Fortra FileCatalyst Workflow \u003c= v5.1.6 - SQL Injection","Severity":"critical","Description":"A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.  Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5276.yaml"} {"ID":"CVE-2024-5315","Info":{"Name":"Dolibarr ERP CMS `list.php` - SQL Injection","Severity":"critical","Description":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5315.yaml"} {"ID":"CVE-2024-5420","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting","Severity":"high","Description":"A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-5420.yaml"} {"ID":"CVE-2024-5421","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure","Severity":"high","Description":"A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is required, the vulnerability poses a significant risk of data exposure. This vulnerability is publicly disclosed and identified as CVE-2024-5421.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-5421.yaml"} {"ID":"CVE-2024-5522","Info":{"Name":"WordPress HTML5 Video Player \u003c 2.5.27 - SQL Injection","Severity":"critical","Description":"The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5522.yaml"} {"ID":"CVE-2024-5765","Info":{"Name":"WpStickyBar \u003c= 2.1.0 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5765.yaml"} {"ID":"CVE-2024-5827","Info":{"Name":"Vanna - SQL injection","Severity":"critical","Description":"Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents `\u003c?php system($_GET[0]); ?\u003e`. This can lead to command execution or the creation of backdoors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5827.yaml"} {"ID":"CVE-2024-5932","Info":{"Name":"GiveWP - PHP Object Injection","Severity":"critical","Description":"The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5932.yaml"} {"ID":"CVE-2024-5936","Info":{"Name":"PrivateGPT \u003c 0.5.0 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-5936.yaml"} {"ID":"CVE-2024-5947","Info":{"Name":"Deep Sea Electronics DSE855 - Authentication Bypass","Severity":"medium","Description":"Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5947.yaml"} {"ID":"CVE-2024-5975","Info":{"Name":"CZ Loan Management \u003c= 1.1 - SQL Injection","Severity":"critical","Description":"The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5975.yaml"} {"ID":"CVE-2024-6028","Info":{"Name":"Quiz Maker \u003c= 6.5.8.3 - SQL Injection","Severity":"critical","Description":"The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6028.yaml"} {"ID":"CVE-2024-6095","Info":{"Name":"LocalAI - Partial Local File Read","Severity":"medium","Description":"A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s)-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2024/CVE-2024-6095.yaml"} {"ID":"CVE-2024-6159","Info":{"Name":"Push Notification for Post and BuddyPress \u003c= 1.93 - SQL Injection","Severity":"critical","Description":"Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-6159.yaml"} {"ID":"CVE-2024-6188","Info":{"Name":"TrakSYS 11.x.x - Sensitive Data Exposure","Severity":"medium","Description":"A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6188.yaml"} {"ID":"CVE-2024-6205","Info":{"Name":"PayPlus Payment Gateway \u003c 6.6.9 - SQL Injection","Severity":"critical","Description":"The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6205.yaml"} {"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"} {"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"} {"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"} {"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"} {"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"} {"ID":"CVE-2024-6646","Info":{"Name":"Netgear-WN604 downloadFile.php - Information Disclosure","Severity":"medium","Description":"There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6646.yaml"} {"ID":"CVE-2024-6670","Info":{"Name":"WhatsUp Gold HasErrors SQL Injection - Authentication Bypass","Severity":"critical","Description":"In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6670.yaml"} {"ID":"CVE-2024-6746","Info":{"Name":"EasySpider 0.6.2 - Arbitrary File Read","Severity":"medium","Description":"A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \\EasySpider\\resources\\app\\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-6746.yaml"} {"ID":"CVE-2024-6781","Info":{"Name":"Calibre \u003c= 7.14.0 Arbitrary File Read","Severity":"high","Description":"Arbitrary file read via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6781.yaml"} {"ID":"CVE-2024-6782","Info":{"Name":"Calibre \u003c= 7.14.0 Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6782.yaml"} {"ID":"CVE-2024-6842","Info":{"Name":"AnythingLLM - Information Disclosure","Severity":"high","Description":"AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6842.yaml"} {"ID":"CVE-2024-6845","Info":{"Name":"SmartSearchWP \u003c 2.4.6 - OpenAI Key Disclosure","Severity":"medium","Description":"The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6845.yaml"} {"ID":"CVE-2024-6846","Info":{"Name":"SmartSearchWP \u003c= 2.4.4 - Unauthenticated Log Purge","Severity":"medium","Description":"The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6846.yaml"} {"ID":"CVE-2024-6893","Info":{"Name":"Journyx - XML External Entities Injection (XXE)","Severity":"high","Description":"The \"soap_cgi.pyc\" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6893.yaml"} {"ID":"CVE-2024-6911","Info":{"Name":"PerkinElmer ProcessPlus \u003c= 1.11.6507.0 - Local File Inclusion","Severity":"high","Description":"Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-6911.yaml"} {"ID":"CVE-2024-6922","Info":{"Name":"Automation Anywhere Automation 360 - Server-Side Request Forgery","Severity":"high","Description":"Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6922.yaml"} {"ID":"CVE-2024-6924","Info":{"Name":"TrueBooker \u003c= 1.0.2 - SQL Injection","Severity":"high","Description":"The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6924.yaml"} {"ID":"CVE-2024-6926","Info":{"Name":"Viral Signup \u003c= 2.1 - SQL Injection","Severity":"critical","Description":"The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6926.yaml"} {"ID":"CVE-2024-6928","Info":{"Name":"Opti Marketing \u003c= 2.0.9 - SQL Injection","Severity":"high","Description":"The Opti Marketing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-6928.yaml"} {"ID":"CVE-2024-7008","Info":{"Name":"Calibre \u003c= 7.15.0 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-7008.yaml"} {"ID":"CVE-2024-7029","Info":{"Name":"AVTECH IP Camera - Command Injection","Severity":"high","Description":"The endpoint `/cgi-bin/supervisor/Factory.cgi` is vulnerable to command injection via the `action` parameter, allowing remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7029.yaml"} {"ID":"CVE-2024-7120","Info":{"Name":"Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection","Severity":"medium","Description":"A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-7120.yaml"} {"ID":"CVE-2024-7188","Info":{"Name":"Bylancer Quicklancer 2.4 G - SQL Injection","Severity":"high","Description":"A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-7188.yaml"} {"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"} {"ID":"CVE-2024-7339","Info":{"Name":"TVT DVR Sensitive Device - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-7339.yaml"} {"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"} {"ID":"CVE-2024-7593","Info":{"Name":"Ivanti vTM - Authentication Bypass","Severity":"critical","Description":"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7593.yaml"} {"ID":"CVE-2024-7714","Info":{"Name":"AI Assistant with ChatGPT by AYS \u003c= 2.0.9 - Unauthenticated AJAX Calls","Severity":"medium","Description":"The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-7714.yaml"} {"ID":"CVE-2024-7786","Info":{"Name":"Sensei LMS \u003c 4.24.2 - Email Template Leak","Severity":"high","Description":"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-7786.yaml"} {"ID":"CVE-2024-7928","Info":{"Name":"FastAdmin \u003c V1.3.4.20220530 - Path Traversal","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-7928.yaml"} {"ID":"CVE-2024-7954","Info":{"Name":"SPIP Porte Plume Plugin - Remote Code Execution","Severity":"critical","Description":"The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7954.yaml"} {"ID":"CVE-2024-8181","Info":{"Name":"Flowise \u003c= 1.8.2 Authentication Bypass","Severity":"high","Description":"An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-8181.yaml"} {"ID":"CVE-2024-8484","Info":{"Name":"REST API TO MiniProgram \u003c= 4.7.1 - SQL Injection","Severity":"high","Description":"The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8484.yaml"} {"ID":"CVE-2024-8503","Info":{"Name":"VICIdial - SQL Injection","Severity":"critical","Description":"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8503.yaml"} {"ID":"CVE-2024-8517","Info":{"Name":"SPIP BigUp Plugin - Remote Code Execution","Severity":"critical","Description":"SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8517.yaml"} {"ID":"CVE-2024-8522","Info":{"Name":"LearnPress – WordPress LMS - SQL Injection","Severity":"critical","Description":"The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8522.yaml"} {"ID":"CVE-2024-8752","Info":{"Name":"WebIQ 2.15.9 - Directory Traversal","Severity":"high","Description":"The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8752.yaml"} {"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"} {"ID":"CVE-2024-8883","Info":{"Name":"Keycloak - Open Redirect","Severity":"medium","Description":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2024/CVE-2024-8883.yaml"} {"ID":"CVE-2024-9014","Info":{"Name":"pgAdmin 4 - Authentication Bypass","Severity":"critical","Description":"pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9014.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2004-2687","Info":{"Name":"Distccd v1 - Remote Code Execution","Severity":"high","Description":"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"network/cves/2004/CVE-2004-2687.yaml"} {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"} {"ID":"CVE-2016-2004","Info":{"Name":"HP Data Protector - Arbitrary Command Execution","Severity":"critical","Description":"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2016/CVE-2016-2004.yaml"} {"ID":"CVE-2016-3510","Info":{"Name":"Oracle WebLogic Server Java Object Deserialization - Remote Code Execution","Severity":"critical","Description":"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2016/CVE-2016-3510.yaml"} {"ID":"CVE-2017-3881","Info":{"Name":"Cisco IOS 12.2(55)SE11 - Remote Code Execution","Severity":"critical","Description":"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2017/CVE-2017-3881.yaml"} {"ID":"CVE-2017-5645","Info":{"Name":"Apache Log4j Server - Deserialization Command Execution","Severity":"critical","Description":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2017/CVE-2017-5645.yaml"} {"ID":"CVE-2018-2628","Info":{"Name":"Oracle WebLogic Server Deserialization - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contains an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2018/CVE-2018-2628.yaml"} {"ID":"CVE-2018-2893","Info":{"Name":"Oracle WebLogic Server - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2018/CVE-2018-2893.yaml"} {"ID":"CVE-2020-11981","Info":{"Name":"Apache Airflow \u003c=1.10.10 - Command Injection","Severity":"critical","Description":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-11981.yaml"} {"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"} {"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"} {"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"} {"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"} {"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"} {"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"} {"ID":"CVE-2012-2122","Info":{"Name":"MySQL - Authentication Bypass","Severity":"medium","Description":"sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.\n","Classification":{"CVSSScore":"5.1"}},"file_path":"javascript/cves/2012/CVE-2012-2122.yaml"} {"ID":"CVE-2016-8706","Info":{"Name":"Memcached Server SASL Authentication - Remote Code Execution","Severity":"high","Description":"An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"javascript/cves/2016/CVE-2016-8706.yaml"} {"ID":"CVE-2019-9193","Info":{"Name":"PostgreSQL 9.3-12.3 Authenticated Remote Code Execution","Severity":"high","Description":"In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"javascript/cves/2019/CVE-2019-9193.yaml"} {"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2020/CVE-2020-7247.yaml"} {"ID":"CVE-2023-34039","Info":{"Name":"VMWare Aria Operations - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\nVersion: All versions from 6.0 to 6.10\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2023/CVE-2023-34039.yaml"} {"ID":"CVE-2023-46604","Info":{"Name":"Apache ActiveMQ - Remote Code Execution","Severity":"critical","Description":"Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2023/CVE-2023-46604.yaml"} {"ID":"CVE-2023-48795","Info":{"Name":"OpenSSH Terrapin Attack - Detection","Severity":"medium","Description":"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"javascript/cves/2023/CVE-2023-48795.yaml"} {"ID":"CVE-2024-23897","Info":{"Name":"Jenkins \u003c 2.441 - Arbitrary File Read","Severity":"high","Description":"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"javascript/cves/2024/CVE-2024-23897.yaml"} {"ID":"CVE-2024-45519","Info":{"Name":"Zimbra Collaboration Suite \u003c 9.0.0 - Remote Code Execution","Severity":"critical","Description":"SMTP-based vulnerability in the PostJournal service of Zimbra Collaboration Suite that allows unauthenticated attackers to inject arbitrary commands. This vulnerability arises due to improper sanitization of SMTP input, enabling attackers to craft malicious SMTP messages that execute commands under the Zimbra user context. Successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"javascript/cves/2024/CVE-2024-45519.yaml"} {"ID":"CVE-2024-47176","Info":{"Name":"CUPS - Remote Code Execution","Severity":"high","Description":"CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDR_ANY-631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL.\nDue to the service binding to *-631 ( INADDR_ANY ), multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"javascript/cves/2024/CVE-2024-47176.yaml"}