From 780f0dfe156691e10854453ab4ed6a5b67de533e Mon Sep 17 00:00:00 2001 From: Marcuccio Date: Thu, 5 Sep 2024 12:23:47 +0000 Subject: [PATCH] fetch of nuclei cves --- nuclei.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nuclei.json b/nuclei.json index c2be9b9..be2203f 100644 --- a/nuclei.json +++ b/nuclei.json @@ -4087,6 +4087,8 @@ , {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} , +{"ID":"CVE-2023-22621","Info":{"Name":"Strapi Versions \u003c=4.5.5 - SSTI to Remote Code Execution","Severity":"high","Description":"Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-22621.yaml"} +, {"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"} , {"ID":"CVE-2023-22893","Info":{"Name":"Strapi Versions \u003c=4.5.6 - Authentication Bypass","Severity":"high","Description":"Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22893.yaml"} @@ -4543,6 +4545,8 @@ , {"ID":"CVE-2023-41599","Info":{"Name":"JFinalCMS v5.0.0 - Directory Traversal","Severity":"medium","Description":"An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-41599.yaml"} , +{"ID":"CVE-2023-41621","Info":{"Name":"Emlog Pro v2.1.14 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in Emlog Pro v2.1.14 via /admin/store.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41621.yaml"} +, {"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"} , {"ID":"CVE-2023-4168","Info":{"Name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","Severity":"high","Description":"Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4168.yaml"} @@ -4741,6 +4745,8 @@ , {"ID":"CVE-2023-6114","Info":{"Name":"Duplicator \u003c 1.5.7.1; Duplicator Pro \u003c 4.5.14.2 - Unauthenticated Sensitive Data Exposure","Severity":"high","Description":"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6114.yaml"} , +{"ID":"CVE-2023-6329","Info":{"Name":"Control iD iDSecure - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \"passwordCustom\" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6329.yaml"} +, {"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"} , {"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"} @@ -4915,6 +4921,8 @@ , {"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"} , +{"ID":"CVE-2024-28987","Info":{"Name":"SolarWinds Web Help Desk - Hardcoded Credential","Severity":"critical","Description":"The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-28987.yaml"} +, {"ID":"CVE-2024-28995","Info":{"Name":"SolarWinds Serv-U - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-28995.yaml"} , {"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"} @@ -4927,6 +4935,8 @@ , {"ID":"CVE-2024-29868","Info":{"Name":"Apache StreamPipes \u003c= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation","Severity":"critical","Description":"Apache StreamPipes from version 0.69.0 through 0.93.0 uses a cryptographically weak Pseudo-Random Number Generator (PRNG) in the recovery token generation mechanism. Given a valid token it's possible to predict all past and future generated tokens.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-29868.yaml"} , +{"ID":"CVE-2024-29889","Info":{"Name":"GLPI 10.0.10-10.0.14 - SQL Injection","Severity":"high","Description":"GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2024/CVE-2024-29889.yaml"} +, {"ID":"CVE-2024-29895","Info":{"Name":"Cacti cmd_realtime.php - Command Injection","Severity":"critical","Description":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-29895.yaml"} , {"ID":"CVE-2024-29972","Info":{"Name":"Zyxel NAS326 Firmware \u003c V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account","Severity":"critical","Description":"The command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.\n","Classification":{"CVSSScore":"9.88"}},"file_path":"http/cves/2024/CVE-2024-29972.yaml"} @@ -5055,6 +5065,8 @@ , {"ID":"CVE-2024-41628","Info":{"Name":"Cluster Control CMON API - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-41628.yaml"} , +{"ID":"CVE-2024-41955","Info":{"Name":"Open Redirect in Login Redirect - MobSF","Severity":"medium","Description":"Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.\n","Classification":{"CVSSScore":"5.2"}},"file_path":"http/cves/2024/CVE-2024-41955.yaml"} +, {"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"} , {"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"} @@ -5121,6 +5133,8 @@ , {"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"} , +{"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"} +, {"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"} , {"ID":"CVE-2024-6646","Info":{"Name":"Netgear-WN604 downloadFile.php - Information Disclosure","Severity":"medium","Description":"There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6646.yaml"}