Resultados 1 a 1 de 1

Tópico: [Ruby] Script para pega os últimos CVEs

  1. #1
    Moderador ingresso Avatar de .Nero
    Data de Ingresso
    Feb 2012
    Localização
    Earth
    Posts
    699
    Post Thanks / Like

    [Ruby] Script para pega os últimos CVEs

    Meio inútil, fiz pra treinar Ruby, mas ai vai:


    main.rb
    Código:
    #!/usr/bin/env ruby
    load 'cve.rb'
    load 'database.rb'
    
    
    db = Database.new
    
    
    # 1.Print to the console
    
    
    #puts db.get_all
    #puts db.get(CVE-ID-HERE)
    puts db.get("CVE-2014-4037")
    
    
    
    
    # 2.Print to file
    
    
    db.print_all
    #db.print(CVE-ID-HERE)
    db.print("CVE-2014-4035")
    database.rb
    Código:
    #!/usr/bin/env ruby
    load 'cve.rb'
    require 'open-uri'
    require 'json'
    
    
    class Database
        @@cve_list = []
        @cve = []
    
    
        def initialize
            json = JSON.parse(open('http://goo.gl/AuEUMs').read)
    
    
            @cve_id       = json.collect { |e| e['cve_id'] }
            @summary      = json.collect { |e| e['summary'] }
            @publish_date = json.collect { |e| e['publish_date'] }
            @update_date  = json.collect { |e| e['update_date'] }
            @url          = json.collect { |e| e['url'] }
    
    
            @cve = @cve_id.zip(@summary, @publish_date, @update_date, @url)
    
    
            @cve.each do |v|
                @@cve_list << CVE.new(v[0], v[1], v[2], v[3], v[4])
            end
        end
    
    
        def get_all
            return @@cve_list
        end
    
    
        def get (cve_id)
            @@cve_list.each do |v|
                if v.to_s.include? cve_id
                    return v
                end
            end
        end
    
    
        def print_all
            File.open('output_all.txt', 'w') do |f|
                f.puts @@cve_list
            end
        end
    
    
        def print (cve_id)
            @@cve_list.each do |v|
                if v.to_s.include? cve_id
                    File.open('output_' + cve_id + '.txt', 'w') do |f|
                        f.puts v.to_s.strip
                    end
                end
            end
        end
    end
    vce.rb
    Código:
    #!/usr/bin/env ruby
    
    
    class CVE
        def initialize(cve_id, summary, publish_date, update_date, url)
            @cve_id       = cve_id
            @summary      = summary
            @publish_date = publish_date
            @update_date  = update_date
            @url          = url
        end
    
    
        def get_cve_id
            return @cve_id
        end
    
    
        def get_summary
            return @summary
        end
    
    
        def get_publish_date
            return @publish_date
        end
    
    
        def get_update_date
            return @update_date
        end
    
    
        def get_url
            return @url
        end
    
    
        def to_s
            return "CVE ID: " + @cve_id +
                    "\nSummary: " + @summary +
                    "\nPublish Date: " + @publish_date +
                    "\nUpdate Date: " + @update_date +
                    "\nURL: " + @url + "\n\n\n"
        end
    end
    Console:
    Código:
    PS C:\Users\Juan Christian\Documents\CVExpress> ruby .\main.rb
    CVE ID: CVE-2014-4037
    Summary: Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellche
    cker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an ar
    ray key in the textinputs[] parameter, a different issue than CVE-2012-4000.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4037/
    
    
    
    
    CVE ID: CVE-2014-4036
    Summary: Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attack
    ers to inject arbitrary web script or HTML via the query parameter in a listimg action.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4036/
    
    
    
    
    CVE ID: CVE-2014-4035
    Summary: Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking S
    ystem 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4035/
    
    
    
    
    CVE ID: CVE-2014-4034
    Summary: SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrar
    y SQL commands via the article_id parameter.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4034/
    
    
    
    
    CVE ID: CVE-2014-4033
    Summary: Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.
    4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4033/
    
    
    
    
    CVE ID: CVE-2014-4032
    Summary: Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote a
    ttackers to inject arbitrary web script or HTML via the Nama field.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4032/
    
    
    
    
    CVE ID: CVE-2014-4017
    Summary: Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers t
    o inject arbitrary web script or HTML via the id parameter to lp/index.php.
    Publish Date: 2014-06-10
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-4017/
    
    
    
    
    CVE ID: CVE-2014-4012
    Summary: SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via
     unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4012/
    
    
    
    
    CVE ID: CVE-2014-4011
    Summary: SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access vi
    a unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4011/
    
    
    
    
    CVE ID: CVE-2014-4010
    Summary: SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain acces
    s via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4010/
    
    
    
    
    CVE ID: CVE-2014-4009
    Summary: SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtai
    n access via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4009/
    
    
    
    
    CVE ID: CVE-2014-4008
    Summary: SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obt
    ain access via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4008/
    
    
    
    
    CVE ID: CVE-2014-4007
    Summary: The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain
    access via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4007/
    
    
    
    
    CVE ID: CVE-2014-4006
    Summary: The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil &amp; Gas has hardcoded credentials, whi
    ch makes it easier for remote attackers to obtain access via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4006/
    
    
    
    
    CVE ID: CVE-2014-4005
    Summary: SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via un
    specified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4005/
    
    
    
    
    CVE ID: CVE-2014-4004
    Summary: The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credenti
    als, which makes it easier for remote attackers to obtain access via unspecified vectors.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4004/
    
    
    
    
    CVE ID: CVE-2014-4003
    Summary: The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors
     related to adding a system.
    Publish Date: 2014-06-09
    Update Date: 2014-06-10
    URL: http://www.cvedetails.com/cve/CVE-2014-4003/
    
    
    
    
    CVE ID: CVE-2014-3986
    Summary: include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink at
    tack on a /tmp/lynis.*.unsorted file with an easily determined name.
    Publish Date: 2014-06-08
    Update Date: 2014-06-09
    URL: http://www.cvedetails.com/cve/CVE-2014-3986/
    
    
    
    
    CVE ID: CVE-2014-3984
    Summary: Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and v
    ectors.
    Publish Date: 2014-06-06
    Update Date: 2014-06-09
    URL: http://www.cvedetails.com/cve/CVE-2014-3984/
    
    
    
    
    CVE ID: CVE-2014-3982
    Summary: include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a sym
    link attack on a /tmp/lynis.##### file.
    Publish Date: 2014-06-08
    Update Date: 2014-06-09
    URL: http://www.cvedetails.com/cve/CVE-2014-3982/
    
    
    
    
    CVE ID: CVE-2014-3981
    Summary: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitr
    ary files via a symlink attack on the /tmp/phpglibccheck file.
    Publish Date: 2014-06-08
    Update Date: 2014-06-09
    URL: http://www.cvedetails.com/cve/CVE-2014-3981/
    
    
    
    
    CVE ID: CVE-2014-3980
    Summary: libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows loc
    al users to gain privileges via unspecified vectors.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-3980/
    
    
    
    
    CVE ID: CVE-2014-3977
    Summary: libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink
    attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
    Publish Date: 2014-06-08
    Update Date: 2014-06-09
    URL: http://www.cvedetails.com/cve/CVE-2014-3977/
    
    
    
    
    CVE ID: CVE-2014-3976
    Summary: Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1
    _55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session
    id in the URI to sys_reboot.html.  NOTE: some of these details are obtained from third party information.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3976/
    
    
    
    
    CVE ID: CVE-2014-3975
    Summary: Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a direc
    tory via a full pathname in the viewdir parameter.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3975/
    
    
    
    
    CVE ID: CVE-2014-3974
    Summary: Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers
    to inject arbitrary web script or HTML via the viewdir parameter.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3974/
    
    
    
    
    CVE ID: CVE-2014-3973
    Summary: Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute
    arbitrary SQL commands via unspecified vectors.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3973/
    
    
    
    
    CVE ID: CVE-2014-3970
    Summary: The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allow
    s remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
    Publish Date: 2014-06-11
    Update Date: 2014-06-11
    URL: http://www.cvedetails.com/cve/CVE-2014-3970/
    
    
    
    
    CVE ID: CVE-2014-3969
    Summary: Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which
     allows local guest administrators to gain privileges via unspecified vectors.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3969/
    
    
    
    
    CVE ID: CVE-2014-3968
    Summary: The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a d
    enial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
    Publish Date: 2014-06-05
    Update Date: 2014-06-06
    URL: http://www.cvedetails.com/cve/CVE-2014-3968/
    
    
    
    
    PS C:\Users\Juan Christian\Documents\CVExpress>
    Última edição por .Nero; 12 Jun 2014 às 17:08.
    - kiss principle -
    - repeat after me: harem -


  2. Likes mmxm, str0p liked this post

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •