Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add software_versions to all exploits #55

Open
8 tasks
postmodern opened this issue Dec 9, 2024 · 0 comments
Open
8 tasks

Add software_versions to all exploits #55

postmodern opened this issue Dec 9, 2024 · 0 comments
Labels
enhancement New feature or request exploit-metadata Exploit metadata good first issue Good for newcomers help-wanted Extra attention is needed

Comments

@postmodern
Copy link
Member

postmodern commented Dec 9, 2024
edited
Loading

Convert the version ranges in the vulnerability summaries or descriptions into software_versions.

summary "Arbitrary remote command execution in Flowmon <11.1.14, <12.3.5"
description <<~DESC
  Flowmon versions prior to 11.1.14 and 12.3.5 have an unauthenticated
  command-injection vulnerability via the `pluginPath` query parameter
  used by the `/service.pdfs/confluence` HTTP end-point.
  ...
DESC
software_versions [
  '< 11.1.14',
  '>= 12.0.0, < 12.3.5'
]
  • exploits/ivanti/CVE-2021-44529.rb
  • exploits/ivanti/CVE-2024-21887.rb
  • exploits/palo-alto/pan-os/CVE-2024-3400.rb
  • exploits/sophos/CVE-2023-1671.rb
  • exploits/crushftp/CVE-2024-4040.rb
  • exploits/flowmon/CVE-2024-2389.rb
  • exploits/activemq/CVE-2023-46604.rb
  • exploits/d-link/CVE-2024-3273.rb
@postmodern postmodern added enhancement New feature or request help-wanted Extra attention is needed good first issue Good for newcomers exploit-metadata Exploit metadata labels Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request exploit-metadata Exploit metadata good first issue Good for newcomers help-wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@postmodern