From 07833c5f250e778afc1a7ae17f6e37ffbc10b538 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 18:56:14 +0100 Subject: Refresh a bit the CVE in the documentation --- doc/source/features.rst | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'doc') diff --git a/doc/source/features.rst b/doc/source/features.rst index 0c23dc1..b3cdd9d 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst @@ -30,10 +30,13 @@ This feature is even more effective when used along with :ref:`readonly_exec `_: Authenticated remote code execution on Tuleap -- `CVE-2014-4688 `_: Authenticated remote code execution on pfSense -- `CVE-2014-1610 `_: Unauthenticated remote code execution on DokuWiki -- `CVE-2013-3630 `_: Authenticated remote code execution on Moodle +- `CVE-2013-3630 `__: Authenticated remote code execution in Moodle +- `CVE-2014-1610 `__: Unauthenticated remote code execution in DokuWiki +- `CVE-2014-4688 `__: Authenticated remote code execution in pfSense +- `CVE-2017-7981 `__: Authenticated remote code execution in Tuleap +- `CVE-2018-20434 `__: Authenticated remote code execution in LibreNMS +- `CVE-2020-5791 `__: Authenticated remote code execution in Nagios XI +- `CVE-2020-8813 `__: Unauthenticated remote code execution in Cacti - Every single `modem/router/switch/IoT/… `_. @@ -62,6 +65,7 @@ Examples of related vulnerabilities - `CVE-2016-10074 `_: remote code execution in SwiftMailer - `CVE-2016-10033 `_: remote code execution in PHPMailer - `CVE-2016-9920 `_: Unauthenticated remote code execution in Roundcube +- `CVE-2019-???? `__: Unauthenticated remote code execution in Horde .. _cookie-encryption-feature: @@ -115,6 +119,9 @@ Examples of related vulnerabilities - `CVE-2017-6090 `_: Unauthenticated remote code execution in PhpCollab - `EDB-38407 `_: Authenticated remote code execution in GLPI - `CVE-2013-5576 `_: Authenticated remote code execution in Joomla +- `CVE-2019-15813 `__: Authenticated remote code execution in Sentrifugo +- `CVE-2019-17132 `__: Authenticated remote code execution in vBulletin +- `CVE-2020-10682 `__: Authenticated remote code execution in CMS Made Simple - `EDB-19154 `_: Authenticated remote code execution in qdPM @@ -161,14 +168,17 @@ and the amount of control if provides to an attacker, like `CVE-2016-9137, CVE-2 Examples of related vulnerabilities """"""""""""""""""""""""""""""""""" -- `CVE-2016-???? `_: Unauthenticated remote code execution in Observium (leading to remote root) -- `CVE-2016-5726 `_: Unauthenticated remote code execution in Simple Machines Forums +- `CVE-2012-5692 `_: Unauthenticated remote code execution in IP.Board +- `CVE-2014-1691 `_: Unauthenticated remote code execution in Horde +- `CVE-2015-7808 `_: Unauthenticated remote code execution in vBulletin +- `CVE-2015-8562 `_: Unauthenticated remote code execution in Joomla - `CVE-2016-4010 `_: Unauthenticated remote code execution in Magento +- `CVE-2016-5726 `_: Unauthenticated remote code execution in Simple Machines Forums +- `CVE-2016-???? `_: Unauthenticated remote code execution in Observium (leading to remote root) - `CVE-2017-2641 `_: Unauthenticated remote code execution in Moodle -- `CVE-2015-8562 `_: Unauthenticated remote code execution in Joomla -- `CVE-2015-7808 `_: Unauthenticated remote code execution in vBulletin -- `CVE-2014-1691 `_: Unauthenticated remote code execution in Horde -- `CVE-2012-5692 `_: Unauthenticated remote code execution in IP.Board +- `CVE-2018-17057 `: Unauthenticated remote code execution in LimeSurvey +- `CVE-2018-19274 `__: Authenticated remote code execution in phpBB +- `CVE-2019-6340 `__: Unauthenticated remote code execution in Drupal .. _harden-rand-feature: -- cgit v1.3