"-Synchronized-Data."

2025-05-05 18:28:42 +00:00 · 2021-10-25 19:01:02 +00:00 · 2021-10-25 19:01:02 +00:00 · 8e976f5919
commit 8e976f5919
parent 0edd79df96
7 changed files with 108 additions and 68 deletions
--- a/2018/12xxx/CVE-2018-12613.json
+++ b/2018/12xxx/CVE-2018-12613.json
@ -81,6 +81,11 @@
                "refsource": "GENTOO",
                "name": "GLSA-201904-16",
                "url": "https://security.gentoo.org/glsa/201904-16"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html"
            }
        ]
    }
--- a/2018/12xxx/CVE-2018-12895.json
+++ b/2018/12xxx/CVE-2018-12895.json
@ -76,6 +76,11 @@
                "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1452-1] wordpress security update",
                "refsource": "MLIST",
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html",
+                "url": "http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html"
            }
        ]
    }
--- a/2021/24xxx/CVE-2021-24444.json
+++ b/2021/24xxx/CVE-2021-24444.json
@ -1,75 +1,80 @@
 {
-  "CVE_data_meta": {
-    "ID": "CVE-2021-24444",
-    "ASSIGNER": "contact@wpscan.com",
-    "STATE": "PUBLIC",
-    "TITLE": "TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)"
-  },
-  "data_format": "MITRE",
-  "data_type": "CVE",
-  "data_version": "4.0",
-  "generator": "WPScan CVE Generator",
-  "affects": {
-    "vendor": {
-      "vendor_data": [
-        {
-          "vendor_name": "Unknown",
-          "product": {
-            "product_data": [
-              {
-                "product_name": "TaxoPress – Create and Manage Taxonomies, Tags, Categories",
-                "version": {
-                  "version_data": [
-                    {
-                      "version_affected": "<",
-                      "version_name": "3.7.0.2",
-                      "version_value": "3.7.0.2"
+    "CVE_data_meta": {
+        "ID": "CVE-2021-24444",
+        "ASSIGNER": "contact@wpscan.com",
+        "STATE": "PUBLIC",
+        "TITLE": "TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)"
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "generator": "WPScan CVE Generator",
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Unknown",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "TaxoPress \u2013 Create and Manage Taxonomies, Tags, Categories",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "3.7.0.2",
+                                            "version_value": "3.7.0.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
                    }
-                  ]
                }
-              }
            ]
-          }
        }
-      ]
-    }
-  },
-  "description": {
-    "description_data": [
-      {
-        "lang": "eng",
-        "value": "The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.7.0.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue."
-      }
-    ]
-  },
-  "references": {
-    "reference_data": [
-      {
-        "refsource": "MISC",
-        "url": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b",
-        "name": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b"
-      }
-    ]
-  },
-  "problemtype": {
-    "problemtype_data": [
-      {
-        "description": [
-          {
-            "value": "CWE-79 Cross-site Scripting (XSS)",
-            "lang": "eng"
-          }
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The TaxoPress \u2013 Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.7.0.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue."
+            }
        ]
-      }
-    ]
-  },
-  "credit": [
-    {
-      "lang": "eng",
-      "value": "Akash Rajendra Patil"
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b",
+                "name": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html",
+                "url": "http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html"
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "value": "CWE-79 Cross-site Scripting (XSS)",
+                        "lang": "eng"
+                    }
+                ]
+            }
+        ]
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Akash Rajendra Patil"
+        }
+    ],
+    "source": {
+        "discovery": "UNKNOWN"
    }
-  ],
-  "source": {
-    "discovery": "UNKNOWN"
-  }
-}
+}
--- a/2021/36xxx/CVE-2021-36260.json
+++ b/2021/36xxx/CVE-2021-36260.json
@ -48,6 +48,11 @@
                "refsource": "MISC",
                "name": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/",
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html",
+                "url": "http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html"
            }
        ]
    },
--- a/2021/40xxx/CVE-2021-40371.json
+++ b/2021/40xxx/CVE-2021-40371.json
@ -61,6 +61,11 @@
                "refsource": "MISC",
                "name": "http://seclists.org/fulldisclosure/2021/Oct/33",
                "url": "http://seclists.org/fulldisclosure/2021/Oct/33"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html",
+                "url": "http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html"
            }
        ]
    }
--- a/2021/41xxx/CVE-2021-41773.json
+++ b/2021/41xxx/CVE-2021-41773.json
@ -188,6 +188,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20211016 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)",
                "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"
            }
        ]
    },
--- a/2021/42xxx/CVE-2021-42013.json
+++ b/2021/42xxx/CVE-2021-42013.json
@ -173,6 +173,16 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20211016 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)",
                "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"
            }
        ]
    },