admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2025-10-24 13:43:57 +00:00
parent 7e6a1725b5
commit 7a5f9edd3e
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -445,6 +445,7 @@
{"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"}
{"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"}
{"ID":"CVE-2017-18349","Info":{"Name":"Fastjson Insecure Deserialization - Remote Code Execution","Severity":"critical","Description":"parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi-// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-18349.yaml"}
{"ID":"CVE-2017-18362","Info":{"Name":"Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution","Severity":"critical","Description":"ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.In February 2019, attackers actively exploited this vulnerability in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-18362.yaml"}
{"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"}
{"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"}
{"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
10d3701473afe9a09715c17056735e5a
2030631f70cbd2af39abf37d30c01f4f