Hugging Face's logo

Spaces:
Red-Tech-Hub
/
CodeVulnerabilityAI
Sleeping

App Files Community
Red-Tech-Hub commited on
Commit
10ae3c4
1 Parent(s): 62f7a66

Upload 13 files

Browse files
Files changed (14) hide show
  1. .gitattributes +3 -0
  2. CVE-Angular.csv +38 -0
  3. CVE-Java(Script).csv +0 -0
  4. CVE-Python.csv +0 -0
  5. CVE-React.csv +0 -0
  6. CVE-dotnet.csv +65 -0
  7. chroma.sqlite3 +3 -0
  8. finetune.py +103 -0
  9. nomic-embed-text-v1.5.Q5_K_S.gguf +3 -0
  10. requirements.txt +15 -0
  11. run.py +44 -0
  12. server.py +29 -0
  13. titleGenerator.py +23 -0
  14. zephyr-7b-beta.Q4_K_S.gguf +3 -0
.gitattributes CHANGED
@@ -33,3 +33,6 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
33
  *.zip filter=lfs diff=lfs merge=lfs -text
34
  *.zst filter=lfs diff=lfs merge=lfs -text
35
  *tfevents* filter=lfs diff=lfs merge=lfs -text
 
 
 
 
33
  *.zip filter=lfs diff=lfs merge=lfs -text
34
  *.zst filter=lfs diff=lfs merge=lfs -text
35
  *tfevents* filter=lfs diff=lfs merge=lfs -text
36
+ chroma.sqlite3 filter=lfs diff=lfs merge=lfs -text
37
+ nomic-embed-text-v1.5.Q5_K_S.gguf filter=lfs diff=lfs merge=lfs -text
38
+ zephyr-7b-beta.Q4_K_S.gguf filter=lfs diff=lfs merge=lfs -text
CVE-Angular.csv ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ "Name","Status","Description","References","Phase","Votes",
2
+ CVE-2015-0167;Candidate;Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor.;CONFIRM:https://github.com/fraywing/textAngular/releases/tag/v1.3.7 | XF:textangular-cve20150167-xss(100929) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100929;Assigned (20141118);None (candidate not yet proposed)
3
+ CVE-2015-10035;Candidate;A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.;MISC:https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae | URL:https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae | MISC:https://vuldb.com/?ctiid.217715 | URL:https://vuldb.com/?ctiid.217715 | MISC:https://vuldb.com/?id.217715 | URL:https://vuldb.com/?id.217715;Assigned (20230109);None (candidate not yet proposed)
4
+ CVE-2016-0926;Candidate;Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.;BID:91677 | URL:http://www.securityfocus.com/bid/91677 | CONFIRM:https://pivotal.io/security/cve-2016-0926;Assigned (20151217);None (candidate not yet proposed)
5
+ CVE-2016-10524;Candidate;i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.;MISC:https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8 | MISC:https://nodesecurity.io/advisories/80;Assigned (20171029);None (candidate not yet proposed)
6
+ CVE-2016-4428;Candidate;Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.;MISC:DSA-3617 | URL:http://www.debian.org/security/2016/dsa-3617 | MISC:RHSA-2016:1268 | URL:https://access.redhat.com/errata/RHSA-2016:1268 | MISC:RHSA-2016:1269 | URL:https://access.redhat.com/errata/RHSA-2016:1269 | MISC:RHSA-2016:1270 | URL:https://access.redhat.com/errata/RHSA-2016:1270 | MISC:RHSA-2016:1271 | URL:https://access.redhat.com/errata/RHSA-2016:1271 | MISC:RHSA-2016:1272 | URL:https://access.redhat.com/errata/RHSA-2016:1272 | MISC:[oss-security] 20160617 [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428) | URL:http://www.openwall.com/lists/oss-security/2016/06/17/4 | MISC:https://bugs.launchpad.net/horizon/+bug/1567673 | URL:https://bugs.launchpad.net/horizon/+bug/1567673 | MISC:https://review.openstack.org/329996 | URL:https://review.openstack.org/329996 | MISC:https://review.openstack.org/329997 | URL:https://review.openstack.org/329997 | MISC:https://review.openstack.org/329998 | URL:https://review.openstack.org/329998 | MISC:https://security.openstack.org/ossa/OSSA-2016-010.html | URL:https://security.openstack.org/ossa/OSSA-2016-010.html;Assigned (20160502);None (candidate not yet proposed)
7
+ CVE-2017-12677;Candidate;IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.;CONFIRM:https://github.com/IdentityServer/IdentityServer3/releases/tag/2.6.1;Assigned (20170807);None (candidate not yet proposed)
8
+ CVE-2017-16009;Candidate;ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.;MISC:https://github.com/ceolter/ag-grid/issues/1287 | MISC:https://nodesecurity.io/advisories/327 | MISC:https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss;Assigned (20171029);None (candidate not yet proposed)
9
+ CVE-2017-5246;Candidate;Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.;CONFIRM:https://cve.biscom.com/bis-sft-cv-0004/ | MISC:https://twitter.com/i_bo0om/status/885050741567750145;Assigned (20170109);None (candidate not yet proposed)
10
+ CVE-2018-11537;Candidate;Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.;CONFIRM:https://auth0.com/docs/security/bulletins/cve-2018-11537;Assigned (20180529);None (candidate not yet proposed)
11
+ CVE-2018-13339;Candidate;Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.;MISC:https://github.com/TylerGarlick/angular-redactor/issues/77 | MISC:https://github.com/gleez/cms/issues/796;Assigned (20180705);None (candidate not yet proposed)
12
+ CVE-2018-18064;Candidate;cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).;MISC:https://gitlab.freedesktop.org/cairo/cairo/issues/341 | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E;Assigned (20181008);None (candidate not yet proposed)
13
+ CVE-2018-3713;Candidate;angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.;MISC:https://hackerone.com/reports/309120;Assigned (20171228);None (candidate not yet proposed)
14
+ CVE-2019-10768;Candidate;In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.;MISC:https://snyk.io/vuln/SNYK-JS-ANGULAR-534884 | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E;Assigned (20190403);None (candidate not yet proposed)
15
+ CVE-2019-11354;Candidate;The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.;MISC:http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php | MISC:http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html | MISC:http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html | MISC:https://blog.underdogsecurity.com/rce_in_origin_client/ | MISC:https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604 | MISC:https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/ | MISC:https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html | MISC:https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien | MISC:https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client | MISC:https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/ | MISC:https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942 | MISC:https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/;Assigned (20190419);None (candidate not yet proposed)
16
+ CVE-2019-14863;Candidate;There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863 | MISC:https://snyk.io/vuln/npm:angular:20150807;Assigned (20190810);None (candidate not yet proposed)
17
+ CVE-2019-17125;Candidate;A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.;CONFIRM:https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1 | MISC:https://support.solarwinds.com/SuccessCenter/s/orion-platform;Assigned (20191004);None (candidate not yet proposed)
18
+ CVE-2019-17127;Candidate;A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.;CONFIRM:https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1 | MISC:https://support.solarwinds.com/SuccessCenter/s/orion-platform;Assigned (20191004);None (candidate not yet proposed)
19
+ CVE-2020-5219;Candidate;Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.;CONFIRM:https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43 | MISC:http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html | MISC:https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667;Assigned (20200102);None (candidate not yet proposed)
20
+ CVE-2020-6200;Candidate;The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.;MISC:https://launchpad.support.sap.com/#/notes/2876413 | MISC:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305;Assigned (20200108);None (candidate not yet proposed)
21
+ CVE-2020-7676;Candidate;"angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping ""<option>"" elements in ""<select>"" ones changes parsing behavior, leading to possibly unsanitizing code.";MISC:https://github.com/angular/angular.js/pull/17028, | MISC:https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 | MLIST:[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481) | URL:https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 | URL:https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E;Assigned (20200121);None (candidate not yet proposed)
22
+ CVE-2021-21277;Candidate;"angular-expressions is ""angular's nicest part extracted as a standalone module for the browser and node"". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call ""expressions.compile(userControlledInput)"" where ""userControlledInput"" is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a "".constructor.constructor"" technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.";CONFIRM:https://github.com/peerigon/angular-expressions/security/advisories/GHSA-j6px-jwvv-vpwq | URL:https://github.com/peerigon/angular-expressions/security/advisories/GHSA-j6px-jwvv-vpwq | MISC:http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html | URL:http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html | MISC:https://github.com/peerigon/angular-expressions/commit/07edb62902b1f6127b3dcc013da61c6316dd0bf1 | URL:https://github.com/peerigon/angular-expressions/commit/07edb62902b1f6127b3dcc013da61c6316dd0bf1 | MISC:https://www.npmjs.com/package/angular-expressions | URL:https://www.npmjs.com/package/angular-expressions;Assigned (20201222);None (candidate not yet proposed)
23
+ CVE-2021-29551;Candidate;TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixTriangularSolve`(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vqw6-72r7-fgw7 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vqw6-72r7-fgw7 | MISC:https://github.com/tensorflow/tensorflow/commit/480641e3599775a8895254ffbc0fc45621334f68 | URL:https://github.com/tensorflow/tensorflow/commit/480641e3599775a8895254ffbc0fc45621334f68;Assigned (20210330);None (candidate not yet proposed)
24
+ CVE-2021-29612;Candidate;TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278) calls `ValidateInputTensors` for input validation but fails to validate that the two tensors are not empty. Furthermore, since `OP_REQUIRES` macro only stops execution of current function after setting `ctx->status()` to a non-OK value, callers of helper functions that use `OP_REQUIRES` must check value of `ctx->status()` before continuing. This doesn't happen in this op's implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219), hence the validation that is present is also not effective. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv | MISC:https://github.com/tensorflow/tensorflow/commit/0ab290774f91a23bebe30a358fde4e53ab4876a0 | URL:https://github.com/tensorflow/tensorflow/commit/0ab290774f91a23bebe30a358fde4e53ab4876a0 | MISC:https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2 | URL:https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2;Assigned (20210330);None (candidate not yet proposed)
25
+ CVE-2021-32816;Candidate;ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027.;CONFIRM:https://securitylab.github.com/advisories/GHSL-2021-027-redos-ProtonMail/ | URL:https://securitylab.github.com/advisories/GHSL-2021-027-redos-ProtonMail/ | MISC:https://github.com/ProtonMail/WebClient/commit/6687fbb867ef872c96cf4fde68cb6e9c58d3fddc | URL:https://github.com/ProtonMail/WebClient/commit/6687fbb867ef872c96cf4fde68cb6e9c58d3fddc;Assigned (20210512);None (candidate not yet proposed)
26
+ CVE-2021-32854;Candidate;textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.;CONFIRM:https://securitylab.github.com/advisories/GHSL-2021-1001-textAngular/ | URL:https://securitylab.github.com/advisories/GHSL-2021-1001-textAngular/;Assigned (20210512);None (candidate not yet proposed)
27
+ CVE-2021-41174;Candidate;"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(&#8216;alert(1)&#8217;)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.";CONFIRM:https://security.netapp.com/advisory/ntap-20211125-0003/ | CONFIRM:https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8 | URL:https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8 | MISC:https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912 | URL:https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912 | MISC:https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82 | URL:https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82 | MISC:https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88 | URL:https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88;Assigned (20210915);None (candidate not yet proposed)
28
+ CVE-2021-4231;Candidate;A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.;MISC:https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09 | URL:https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09 | MISC:https://github.com/angular/angular/issues/40136 | URL:https://github.com/angular/angular/issues/40136 | MISC:https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902 | URL:https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902 | MISC:https://vuldb.com/?id.181356 | URL:https://vuldb.com/?id.181356;Assigned (20220526);None (candidate not yet proposed)
29
+ CVE-2022-25844;Candidate;The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.;CONFIRM:https://security.netapp.com/advisory/ntap-20220629-0009/ | FEDORA:FEDORA-2022-e016e6f445 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/ | FEDORA:FEDORA-2022-edf635cf39 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/ | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736 | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738 | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737 | MISC:https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735 | URL:https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735 | MISC:https://stackblitz.com/edit/angularjs-material-blank-zvtdvb | URL:https://stackblitz.com/edit/angularjs-material-blank-zvtdvb;Assigned (20220224);None (candidate not yet proposed)
30
+ CVE-2022-25869;Candidate;All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.;MISC:https://glitch.com/edit/%23%21/angular-repro-textarea-xss | URL:https://glitch.com/edit/%23%21/angular-repro-textarea-xss | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783 | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784 | MISC:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782 | URL:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782 | MISC:https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781 | URL:https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781;Assigned (20220224);None (candidate not yet proposed)
31
+ CVE-2022-27665;Candidate;Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.;MISC:https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 | MISC:https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm | MISC:https://github.com/dievus/CVE-2022-27665;Assigned (20220323);None (candidate not yet proposed)
32
+ CVE-2023-26116;Candidate;Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.;FEDORA:FEDORA-2023-035866b576 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ | FEDORA:FEDORA-2023-7342330743 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 | MISC:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 | URL:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 | MISC:https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos | URL:https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos;Assigned (20230220);None (candidate not yet proposed)
33
+ CVE-2023-26117;Candidate;Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.;FEDORA:FEDORA-2023-035866b576 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ | FEDORA:FEDORA-2023-7342330743 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324 | MISC:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 | URL:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 | MISC:https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos | URL:https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos;Assigned (20230220);None (candidate not yet proposed)
34
+ CVE-2023-26118;Candidate;"Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=""url""> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.";FEDORA:FEDORA-2023-035866b576 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ | FEDORA:FEDORA-2023-7342330743 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327 | MISC:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 | URL:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 | MISC:https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos | URL:https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos;Assigned (20230220);None (candidate not yet proposed)
35
+ CVE-2023-26270;Candidate;IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.;MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 | MISC:https://www.ibm.com/support/pages/node/6995161 | URL:https://www.ibm.com/support/pages/node/6995161;Assigned (20230221);None (candidate not yet proposed)
36
+ CVE-2023-28444;Candidate;angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation.;MISC:https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86 | URL:https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86 | MISC:https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0 | URL:https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0 | MISC:https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5 | URL:https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5;Assigned (20230315);None (candidate not yet proposed)
37
+ CVE-2023-34840;Candidate;angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.;MISC:http://alexcrack.com | MISC:https://github.com/Xh4H/CVE-2023-34840 | MISC:https://github.com/alexcrack/angular-ui-notification;Assigned (20230607);None (candidate not yet proposed)
38
+ CVE-2023-40311;Candidate;Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue.;MISC:https://github.com/OpenNMS/opennms | URL:https://github.com/OpenNMS/opennms | MISC:https://github.com/OpenNMS/opennms/pull/6365 | URL:https://github.com/OpenNMS/opennms/pull/6365 | MISC:https://github.com/OpenNMS/opennms/pull/6366 | URL:https://github.com/OpenNMS/opennms/pull/6366;Assigned (20230814);None (candidate not yet proposed)
CVE-Java(Script).csv ADDED
The diff for this file is too large to render. See raw diff
 
CVE-Python.csv ADDED
The diff for this file is too large to render. See raw diff
 
CVE-React.csv ADDED
The diff for this file is too large to render. See raw diff
 
CVE-dotnet.csv ADDED
@@ -0,0 +1,65 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ "Name","Status","Description","References","Phase","Votes",
2
+ CVE-2004-2323;Candidate;DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3749 | URL:http://www.osvdb.org/3749 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-get-information-disclosure(14972) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14972;Assigned (20050816);None (candidate not yet proposed)
3
+ CVE-2004-2324;Candidate;SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3750 | URL:http://www.osvdb.org/3750 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-multiple-sql-injection(14973) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14973;Assigned (20050816);None (candidate not yet proposed)
4
+ CVE-2004-2325;Candidate;Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3751 | URL:http://www.osvdb.org/3751 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-editmoduleaspxxss(14974) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14974;Assigned (20050816);None (candidate not yet proposed)
5
+ CVE-2004-2699;Candidate;deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.;BID:10506 | URL:http://www.securityfocus.com/bid/10506 | BUGTRAQ:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation | URL:http://www.securityfocus.com/archive/1/365559 | FULLDISC:20040609 Advisory: ASPDOTNETSTOREFRONT Improper Session Validation | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0235.html | OSVDB:6958 | URL:http://www.osvdb.org/6958 | SECUNIA:11839 | URL:http://secunia.com/advisories/11839 | SREASON:3206 | URL:http://securityreason.com/securityalert/3206 | XF:aspdotnetstorefront-improper-validation(16377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16377;Assigned (20071006);None (candidate not yet proposed)
6
+ CVE-2004-2700;Candidate;Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.;FULLDISC:20040609 ASPDOTNETSTOREFRONT ASPDOTNETSTOREFRONT Improper Upload Validation | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0230.html | OSVDB:6959 | URL:http://www.osvdb.org/6959 | SECUNIA:11839 | URL:http://secunia.com/advisories/11839;Assigned (20071006);None (candidate not yet proposed)
7
+ CVE-2004-2701;Candidate;Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.;BID:10507 | URL:http://www.securityfocus.com/bid/10507 | BUGTRAQ:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.html | FULLDISC:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.html | SECUNIA:11839 | URL:http://secunia.com/advisories/11839 | XF:aspdotnetstorefront-signin-xss(16426) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16426;Assigned (20071006);None (candidate not yet proposed)
8
+ CVE-2005-0040;Candidate;Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.;BID:13644 | URL:http://www.securityfocus.com/bid/13644 | BID:13646 | URL:http://www.securityfocus.com/bid/13646 | BID:13647 | URL:http://www.securityfocus.com/bid/13647 | BUGTRAQ:20050516 DotNetNuke (Multiple XSS) | URL:http://marc.info/?l=bugtraq&m=111627180518591&w=2 | MISC:http://www.woany.co.uk/advisories/dotnetnukexss.txt | SECUNIA:15397 | URL:http://secunia.com/advisories/15397;Assigned (20050107);None (candidate not yet proposed)
9
+ CVE-2006-1415;Candidate;Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.;BID:17246 | URL:http://www.securityfocus.com/bid/17246 | MISC:http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html | OSVDB:24122 | URL:http://www.osvdb.org/24122 | SECUNIA:19398 | URL:http://secunia.com/advisories/19398 | VUPEN:ADV-2006-1098 | URL:http://www.vupen.com/english/advisories/2006/1098 | XF:dotnetbb-iforget-xss(25462) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/25462;Assigned (20060328);None (candidate not yet proposed)
10
+ CVE-2006-3601;Candidate;** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.;BID:18522 | URL:http://www.securityfocus.com/bid/18522 | MISC:http://www.zone-h.org/content/view/4770/31/ | SECTRACK:1016332 | URL:http://securitytracker.com/id?1016332;Assigned (20060714);None (candidate not yet proposed)
11
+ CVE-2006-4973;Candidate;Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.;BID:20117 | URL:http://www.securityfocus.com/bid/20117 | CONFIRM:http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx | MISC:http://www.secureshapes.com/advisories/vuln20-09-2006.htm | SECUNIA:22051 | URL:http://secunia.com/advisories/22051 | VUPEN:ADV-2006-3734 | URL:http://www.vupen.com/english/advisories/2006/3734 | XF:dotnetnuke-default-xss(29048) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29048;Assigned (20060924);None (candidate not yet proposed)
12
+ CVE-2007-0660;Candidate;"Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to ""Pass through values.""";BID:22334 | URL:http://www.securityfocus.com/bid/22334 | CONFIRM:http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 | OSVDB:36476 | URL:http://osvdb.org/36476 | VUPEN:ADV-2007-0433 | URL:http://www.vupen.com/english/advisories/2007/0433 | XF:dotnetnuke-iframe-unspecified-xss(32037) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32037;Assigned (20070201);None (candidate not yet proposed)
13
+ CVE-2008-6399;Candidate;"Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to ""add additional roles to their user account"" via unknown attack vectors.";BID:33109 | URL:http://www.securityfocus.com/bid/33109 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspx | OSVDB:51141 | URL:http://osvdb.org/51141 | SECUNIA:33401 | URL:http://secunia.com/advisories/33401;Assigned (20090305);None (candidate not yet proposed)
14
+ CVE-2008-6540;Candidate;DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.;BID:28391 | URL:http://www.securityfocus.com/bid/28391 | BUGTRAQ:20080321 DotNetNuke Default Machine Key Exposure | URL:http://www.securityfocus.com/archive/1/489957/100/0/threaded | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx | OSVDB:43720 | URL:http://osvdb.org/43720 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488 | XF:dotnetnuke-webconfig-weak-security(41399) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41399;Assigned (20090329);None (candidate not yet proposed)
15
+ CVE-2008-6541;Candidate;Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.;BID:28438 | URL:http://www.securityfocus.com/bid/28438 | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspx | OSVDB:43719 | URL:http://osvdb.org/43719 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488;Assigned (20090329);None (candidate not yet proposed)
16
+ CVE-2008-6542;Candidate;"Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform ""server-side execution of application logic"" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.";BID:28438 | URL:http://www.securityfocus.com/bid/28438 | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx | OSVDB:43721 | URL:http://osvdb.org/43721 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488 | XF:dotnetnuke-skinmanager-unspecified(49767) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49767;Assigned (20090329);None (candidate not yet proposed)
17
+ CVE-2008-6644;Candidate;Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.;BID:29437 | URL:http://www.securityfocus.com/bid/29437 | BUGTRAQ:20080530 Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability | URL:http://www.securityfocus.com/archive/1/492793/100/0/threaded | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno19/tabid/1166/Default.aspx | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-pathinfo-xss(42752) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42752;Assigned (20090406);None (candidate not yet proposed)
18
+ CVE-2008-6732;Candidate;"Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via ""newly generated paths.""";BID:29686 | URL:http://www.securityfocus.com/bid/29686 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx | OSVDB:46322 | URL:http://www.osvdb.org/46322 | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-lso-xss(43030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43030;Assigned (20090421);None (candidate not yet proposed)
19
+ CVE-2008-6733;Candidate;Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.;BID:29686 | URL:http://www.securityfocus.com/bid/29686 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx | OSVDB:46323 | URL:http://www.osvdb.org/46323 | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-errorpage-xss(43026) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43026;Assigned (20090421);None (candidate not yet proposed)
20
+ CVE-2008-7100;Candidate;"Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a ""unique id"" for user actions and improper validation of a ""user identity.""";BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx | OSVDB:48343 | URL:http://osvdb.org/48343 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-identity-auth-bypass(45081) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45081;Assigned (20090827);None (candidate not yet proposed)
21
+ CVE-2008-7101;Candidate;Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.;BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno22/tabid/1175/Default.aspx | OSVDB:48344 | URL:http://osvdb.org/48344 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-installwizard-info-disclosure(45080) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45080;Assigned (20090827);None (candidate not yet proposed)
22
+ CVE-2008-7102;Candidate;DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.;BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx | OSVDB:48345 | URL:http://osvdb.org/48345 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-skinfiles-security-bypass(45077) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45077;Assigned (20090827);None (candidate not yet proposed)
23
+ CVE-2009-1366;Candidate;"Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to ""name/value pairs"" and ""paypal IPN functionality.""";BID:34484 | URL:http://www.securityfocus.com/bid/34484 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno25/tabid/1260/Default.aspx | SECUNIA:34686 | URL:http://secunia.com/advisories/34686;Assigned (20090422);None (candidate not yet proposed)
24
+ CVE-2009-4109;Candidate;The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.;BID:37139 | URL:http://www.securityfocus.com/bid/37139 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx | OSVDB:60520 | URL:http://osvdb.org/60520 | SECUNIA:37480 | URL:http://secunia.com/advisories/37480;Assigned (20091128);None (candidate not yet proposed)
25
+ CVE-2009-4110;Candidate;Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.;BID:37139 | URL:http://www.securityfocus.com/bid/37139 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx | OSVDB:60519 | URL:http://osvdb.org/60519 | SECUNIA:37480 | URL:http://secunia.com/advisories/37480 | XF:dotnetnuke-search-xss(54453) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54453;Assigned (20091128);None (candidate not yet proposed)
26
+ CVE-2010-4514;Candidate;Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.;BID:45180 | URL:http://www.securityfocus.com/bid/45180 | MISC:http://packetstormsecurity.org/files/view/96378/PR10-19.txt | MISC:http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19 | SECTRACK:1024828 | URL:http://www.securitytracker.com/id?1024828 | SECUNIA:42478 | URL:http://secunia.com/advisories/42478;Assigned (20101209);None (candidate not yet proposed)
27
+ CVE-2011-4153;Candidate;PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.;BUGTRAQ:20120114 PHP 5.3.8 Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html | EXPLOIT-DB:18370 | URL:http://www.exploit-db.com/exploits/18370/ | HP:HPSBMU02786 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | HP:HPSBUX02791 | URL:http://marc.info/?l=bugtraq&m=134012830914727&w=2 | HP:SSRT100856 | URL:http://marc.info/?l=bugtraq&m=134012830914727&w=2 | HP:SSRT100877 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | MISC:http://cxsecurity.com/research/103 | SECUNIA:48668 | URL:http://secunia.com/advisories/48668 | SUSE:SUSE-SU-2012:0411 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html | SUSE:SUSE-SU-2012:0472 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html | SUSE:openSUSE-SU-2012:0426 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html;Assigned (20111021);None (candidate not yet proposed)
28
+ CVE-2011-4741;Candidate;The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.;MISC:http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html | XF:plesk-database-info-disclosure(72318) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/72318;Assigned (20111211);None (candidate not yet proposed)
29
+ CVE-2012-1030;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.;CONFIRM:http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr12-003;Assigned (20120207);None (candidate not yet proposed)
30
+ CVE-2012-1036;Candidate;Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.;CONFIRM:http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr12-002;Assigned (20120208);None (candidate not yet proposed)
31
+ CVE-2013-3943;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.;BID:61809 | URL:http://www.securityfocus.com/bid/61809 | CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:53493 | URL:http://secunia.com/advisories/53493;Assigned (20130604);None (candidate not yet proposed)
32
+ CVE-2013-4649;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.;CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | MISC:http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html | SECUNIA:53493 | URL:http://secunia.com/advisories/53493 | XF:dotnetnuke-cve20134649-dnnvariable-xss(86432) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/86432;Assigned (20130624);None (candidate not yet proposed)
33
+ CVE-2013-5117;Candidate;SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.;BID:61788 | URL:http://www.securityfocus.com/bid/61788 | CONFIRM:http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx | EXPLOIT-DB:27602 | URL:http://www.exploit-db.com/exploits/27602 | FULLDISC:20130902 DotNetNuke (DNNArticle Module) SQL Injection Vulnerability | URL:http://seclists.org/fulldisclosure/2013/Sep/9 | OSVDB:96306 | URL:http://osvdb.org/96306;Assigned (20130813);None (candidate not yet proposed)
34
+ CVE-2013-7335;Candidate;Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.;BID:61809 | URL:http://www.securityfocus.com/bid/61809 | CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:53493 | URL:http://secunia.com/advisories/53493;Assigned (20140312);None (candidate not yet proposed)
35
+ CVE-2015-1566;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.;CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:62832 | URL:http://secunia.com/advisories/62832;Assigned (20150209);None (candidate not yet proposed)
36
+ CVE-2015-2794;Candidate;The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.;BID:96373 | URL:http://www.securityfocus.com/bid/96373 | CONFIRM:http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue | CONFIRM:http://www.dnnsoftware.com/community/security/security-center | CONFIRM:https://dotnetnuke.codeplex.com/releases/view/615317 | EXPLOIT-DB:39777 | URL:https://www.exploit-db.com/exploits/39777/;Assigned (20150330);None (candidate not yet proposed)
37
+ CVE-2016-7119;Candidate;Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.;BID:92719 | URL:http://www.securityfocus.com/bid/92719 | CONFIRM:http://www.dnnsoftware.com/community/security/security-center;Assigned (20160831);None (candidate not yet proposed)
38
+ CVE-2017-0929;Candidate;DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.;MISC:https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3;Assigned (20161130);None (candidate not yet proposed)
39
+ CVE-2017-9822;Candidate;"DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka ""2017-08 (Critical) Possible remote code execution on DNN sites.""";BID:102213 | URL:http://www.securityfocus.com/bid/102213 | CONFIRM:http://www.dnnsoftware.com/community/security/security-center | MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html;Assigned (20170622);None (candidate not yet proposed)
40
+ CVE-2018-1000210;Candidate;"YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line ""currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);"" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.";CONFIRM:https://github.com/aaubry/YamlDotNet#version-500 | CONFIRM:https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35;Assigned (20180713);None (candidate not yet proposed)
41
+ CVE-2018-1002205;Candidate;DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.;CONFIRM:https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366 | CONFIRM:https://github.com/haf/DotNetZip.Semverd/pull/121 | MISC:https://github.com/snyk/zip-slip-vulnerability | MISC:https://snyk.io/research/zip-slip-vulnerability | MISC:https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245;Assigned (20180725);None (candidate not yet proposed)
42
+ CVE-2018-10138;Candidate;The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.;MISC:https://cxsecurity.com/issue/WLB-2018040120;Assigned (20180416);None (candidate not yet proposed)
43
+ CVE-2018-14486;Candidate;DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.;MISC:http://packetstormsecurity.com/files/151304/DNN-9.1-XML-Related-Cross-Site-Scripting.html | MISC:http://www.dnnsoftware.com/community/security/security-center;Assigned (20180720);None (candidate not yet proposed)
44
+ CVE-2018-15811;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20180823);None (candidate not yet proposed)
45
+ CVE-2018-15812;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20180823);None (candidate not yet proposed)
46
+ CVE-2018-18325;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20181015);None (candidate not yet proposed)
47
+ CVE-2018-18326;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20181015);None (candidate not yet proposed)
48
+ CVE-2018-19395;Candidate;"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(""WScript.Shell"").";BID:105989 | URL:http://www.securityfocus.com/bid/105989 | CONFIRM:https://security.netapp.com/advisory/ntap-20181221-0005/ | MISC:https://bugs.php.net/bug.php?id=77177;Assigned (20181120);None (candidate not yet proposed)
49
+ CVE-2018-19396;Candidate;ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.;BID:105989 | URL:http://www.securityfocus.com/bid/105989 | CONFIRM:https://security.netapp.com/advisory/ntap-20181221-0005/ | MISC:https://bugs.php.net/bug.php?id=77177;Assigned (20181120);None (candidate not yet proposed)
50
+ CVE-2018-9126;Candidate;The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.;EXPLOIT-DB:44414 | URL:https://www.exploit-db.com/exploits/44414/ | MISC:http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html;Assigned (20180329);None (candidate not yet proposed)
51
+ CVE-2019-12562;Candidate;Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.;MISC:http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html | MISC:https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/;Assigned (20190602);None (candidate not yet proposed)
52
+ CVE-2019-13355;Candidate;In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.;MISC:https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/Local%20Privilege%20Escalation/v9.0.0.773 | MISC:https://www.totaldefense.com/security-blog;Assigned (20190705);None (candidate not yet proposed)
53
+ CVE-2019-19392;Candidate;"The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles=""Administrators"" in XML or CSV data.";MISC:https://blog.joaoorvalho.com/description-cve-2019-19392/ | MISC:https://github.com/fordnn/usersexportimport/commits/master;Assigned (20191129);None (candidate not yet proposed)
54
+ CVE-2020-11585;Candidate;There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter.;MISC:https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure/;Assigned (20200406);None (candidate not yet proposed)
55
+ CVE-2020-27385;Candidate;Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.;MISC:https://blog.vonahi.io/whats-in-a-re-name/ | MISC:https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11;Assigned (20201021);None (candidate not yet proposed)
56
+ CVE-2020-27386;Candidate;An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.;MISC:http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html | MISC:https://blog.vonahi.io/whats-in-a-re-name/ | MISC:https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9 | MISC:https://github.com/rapid7/metasploit-framework/pull/14339;Assigned (20201021);None (candidate not yet proposed)
57
+ CVE-2020-5186;Candidate;DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).;MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175 | MISC:https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html;Assigned (20200101);None (candidate not yet proposed)
58
+ CVE-2020-5187;Candidate;DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).;MISC:http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175;Assigned (20200101);None (candidate not yet proposed)
59
+ CVE-2020-5188;Candidate;DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.;MISC:http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175;Assigned (20200101);None (candidate not yet proposed)
60
+ CVE-2021-31858;Candidate;DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.;MISC:https://labs.integrity.pt/advisories/cve-2021-31858/ | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20210428);None (candidate not yet proposed)
61
+ CVE-2021-40186;Candidate;The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.;MISC:https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186 | URL:https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186;Assigned (20210829);None (candidate not yet proposed)
62
+ CVE-2021-43569;Candidate;The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.;MISC:https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 | URL:https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 | MISC:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ | URL:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/;Assigned (20211109);None (candidate not yet proposed)
63
+ CVE-2021-44150;Candidate;The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.;MISC:https://github.com/tusdotnet/tusdotnet/issues/157;Assigned (20211122);None (candidate not yet proposed)
64
+ CVE-2022-47053;Candidate;An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.;MISC:https://www.dnnsoftware.com/community/security/security-center | MISC:https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager;Assigned (20221212);None (candidate not yet proposed)
65
+ CVE-2024-23838;Candidate;TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.;MISC:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | URL:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | MISC:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh | URL:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh;Assigned (20240122);None (candidate not yet proposed)
chroma.sqlite3 ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:a891484ada865ece4c707faf558848011741f497d5431653122592f0258d46f4
3
+ size 23683072
finetune.py ADDED
@@ -0,0 +1,103 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import uuid
2
+ import chromadb
3
+ import pandas as pd
4
+ import os
5
+ from dotenv import load_dotenv
6
+ import json
7
+ from transformers import AutoModelForCausalLM
8
+
9
+ load_dotenv()
10
+
11
+ ollama_ef = AutoModelForCausalLM.from_pretrained("nomic-embed-text-v1.5.Q5_K_S.gguf",
12
+ model_type='llama',
13
+ max_new_tokens = 10960,
14
+ threads = 3,
15
+ )
16
+
17
+ csv_files = []
18
+ root_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
19
+ cve_csv_path = os.path.join(root_dir, 'data\\cve')
20
+
21
+ csv_files.extend([os.path.join(cve_csv_path, f) for f in os.listdir(cve_csv_path) if f.endswith('.csv')])
22
+
23
+ dtype_dict = {
24
+ 'Name': str,
25
+ 'Status': str,
26
+ 'Description': str,
27
+ 'References': str,
28
+ 'Phase': str,
29
+ 'Votes': str,
30
+ 'Comments': str
31
+ }
32
+
33
+ chroma_data_path = str(os.getenv('CHROMA_DATA_PATH'))
34
+
35
+ chroma_db_directory = str("chroma_db/")
36
+
37
+ client = chromadb.PersistentClient(path=os.path.join(chroma_data_path, chroma_db_directory))
38
+
39
+ collection = client.get_or_create_collection(name="CVE", embedding_function=ollama_ef)
40
+
41
+ documents_to_add = []
42
+ ids_to_add = []
43
+ metadata_to_add = []
44
+ documents_to_add_string = []
45
+
46
+ batch_size = 10
47
+ current_batch = 0
48
+
49
+ if csv_files:
50
+ for csv_file in csv_files:
51
+ print(f"Processing {csv_file}...")
52
+ df = pd.read_csv(csv_file, on_bad_lines='skip', dtype=dtype_dict)
53
+
54
+ documents = df['Description'].fillna('').astype(str).tolist()
55
+
56
+ if not df.empty and 'Description' in df.columns:
57
+ for index, row in df.iterrows():
58
+ metadata_parts = row['Name'].split(';')
59
+ metadata = {
60
+ "Name": str(metadata_parts[0].strip()),
61
+ "Status": str(metadata_parts[1].strip()) if len(metadata_parts) > 1 else "",
62
+ "Description": str(metadata_parts[2].strip()) if len(metadata_parts) > 2 else "",
63
+ "References": str(metadata_parts[3].strip()) if len(metadata_parts) > 3 else "",
64
+ "Phase": str(metadata_parts[4].strip()) if len(metadata_parts) > 4 else "",
65
+ "Votes": str(metadata_parts[5].strip()) if len(metadata_parts) > 5 else "",
66
+ }
67
+ document_id = str(uuid.uuid4())
68
+
69
+ document_content = metadata["Description"]
70
+
71
+ document = {'id': document_id, 'content': document_content}
72
+
73
+ documents_to_add.append(document)
74
+ documents_to_add_string.append(json.dumps(documents_to_add))
75
+ ids_to_add.append(document_id)
76
+ metadata_to_add.append(metadata)
77
+
78
+ current_batch += 1
79
+ if current_batch % batch_size == 0:
80
+ print(f"Batch {current_batch // batch_size} added to the collection.")
81
+ collection.add(documents=documents_to_add_string, ids=ids_to_add, metadatas=metadata_to_add)
82
+ documents_to_add = []
83
+ ids_to_add = []
84
+ metadata_to_add = []
85
+ documents_to_add_string = []
86
+ print(f"Batch {current_batch // batch_size} completed.")
87
+
88
+ else:
89
+ print(f"Skipping file {csv_file} due to empty DataFrame or missing 'Description' column")
90
+ else:
91
+ print("No CSV files found in the directory. Skipping processing.")
92
+
93
+ # Add the remaining documents if there are less than 100 left
94
+ if documents_to_add:
95
+ print(f"Adding remaining {len(documents_to_add)} documents to the collection.")
96
+ collection.add(documents=documents_to_add_string, ids=ids_to_add, metadatas=metadata_to_add)
97
+
98
+ # results = collection.query(
99
+ # query_texts=["Dotnet"],
100
+ # n_results=3,
101
+ # )
102
+
103
+ # print(results)
nomic-embed-text-v1.5.Q5_K_S.gguf ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:07782a46f2d36931b7ca28e4b4f1d88aea1fb3e1704a7e5fc6a8be104195bd51
3
+ size 94888768
requirements.txt ADDED
@@ -0,0 +1,15 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ torch
2
+ pandas
3
+ fastapi==0.110.1
4
+ transformers
5
+ pydantic==1.10.8
6
+ uvicorn==0.23.2
7
+ requests==2.31.0
8
+ python-dotenv==1.0.1
9
+ langchain==0.1.11
10
+ langchain_core==0.1.48
11
+ langchain_community==0.0.36
12
+ langserve==0.1.1
13
+ chromadb==0.4.24
14
+ starlette==0.37.2
15
+ typer==0.10.0
run.py ADDED
@@ -0,0 +1,44 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ from langchain.prompts import ChatPromptTemplate
2
+ from langchain_core.output_parsers import StrOutputParser
3
+ from langchain_core.runnables import RunnablePassthrough
4
+ from langchain_community.vectorstores import Chroma
5
+ from transformers import AutoModelForCausalLM
6
+
7
+ embedding = AutoModelForCausalLM.from_pretrained(
8
+ "deployllm/nomic-embed-text-v1.5-GGUF",
9
+ model_type='llama',
10
+ threads=3,
11
+ )
12
+
13
+ db = Chroma(
14
+ persist_directory="./chroma_db",
15
+ embedding_function=embedding,
16
+ collection_name='CVE'
17
+ )
18
+
19
+ retriever = db.as_retriever()
20
+
21
+ template = """Answer the question based only on the following context:
22
+ {context}
23
+ Do not tell the source of the data
24
+ Question: {question}
25
+ """
26
+
27
+ prompt = ChatPromptTemplate.from_template(template)
28
+
29
+ model = AutoModelForCausalLM.from_pretrained(
30
+ "zephyr-7b-beta.Q4_K_S.gguf",
31
+ model_type='mistral',
32
+ threads=3,
33
+ )
34
+
35
+ chain = (
36
+ {"context": retriever, "question": RunnablePassthrough()}
37
+ | prompt
38
+ | model
39
+ | StrOutputParser()
40
+ )
41
+
42
+ # Uncomment and use the following for testing
43
+ # for chunk in chain.stream("Your question here"):
44
+ # print(chunk, end="", flush=True)
server.py ADDED
@@ -0,0 +1,29 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ from fastapi import FastAPI, HTTPException, Request, Body
2
+ from langserve import add_routes
3
+ from run import chain
4
+ import os
5
+ import uvicorn
6
+ from pydantic import BaseModel
7
+ from titleGenerator import generate_title
8
+
9
+ app = FastAPI(title="Code Vulnerability AI")
10
+
11
+ add_routes(app, chain)
12
+
13
+ class MessageInput(BaseModel):
14
+ message: str
15
+
16
+ @app.post("/generate_title")
17
+ async def generate_title_endpoint(request: Request, body: MessageInput = Body(...)):
18
+ message = body.message
19
+
20
+ if not message:
21
+ raise HTTPException(status_code=400, detail="Message is required")
22
+
23
+ generated_title = generate_title(message)
24
+
25
+ return {"title": generated_title}
26
+
27
+ if __name__ == "__main__":
28
+ host = os.environ.get('STAGING', '0.0.0.0')
29
+ uvicorn.run(app, host=host, port=4000)
titleGenerator.py ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ from langchain_community.chat_models import ChatOllama
2
+ from langchain.prompts import ChatPromptTemplate
3
+ from langchain_core.output_parsers import StrOutputParser
4
+ from langchain_core.runnables import RunnablePassthrough
5
+
6
+ def generate_title(message: str) -> str:
7
+ prompt_template = """Generate one concise and descriptive title that is not longer than 3 words. Only generate one that title. Only generate 3 words. No alternatives. No explanation. Generate this title based on the following message:
8
+ Message: {message}
9
+ Title: """
10
+
11
+ prompt = ChatPromptTemplate.from_template(prompt_template)
12
+
13
+ model = ChatOllama(model="mistral")
14
+
15
+ title_chain = (
16
+ {"message": RunnablePassthrough()}
17
+ | prompt
18
+ | model
19
+ | StrOutputParser()
20
+ )
21
+
22
+ result = title_chain.invoke(message)
23
+ return result
zephyr-7b-beta.Q4_K_S.gguf ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:cafa0b85b2efc15ca33023f3b87f8d0c44ddcace16b3fb608280e0eb8f425cb1
3
+ size 4140373696