daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1207 from nrathaus/master 

Fixed some template issues
patch-1
PD-Team 2021-04-07 14:27:19 +05:30 committed by GitHub
parent 40c21e3871 7bc9df16d7
commit 2d3051aea1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2019/CVE-2019-12461.yaml
View File

@ -4,11 +4,10 @@ info:
name: WebPort 1.19.1 - Reflected Cross-Site Scripting name: WebPort 1.19.1 - Reflected Cross-Site Scripting
author: pikpikcu author: pikpikcu
severity: medium severity: medium
description: Web Port 1.19.1 allows XSS via the /log type parameter.
tags: cve,cve2019,xss tags: cve,cve2019,xss
reference: https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
# Vendor Homepage: https://webport.se/ software: https://webport.se/nedladdningar/
# Software Link: https://webport.se/nedladdningar/
# reference: https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
requests: requests:
- method: GET - method: GET

1
cves/2019/CVE-2019-15107.yaml
View File

@ -4,6 +4,7 @@ info:
name: Webmin <= 1.920 Unauhenticated Remote Command Execution name: Webmin <= 1.920 Unauhenticated Remote Command Execution
author: bp0lr author: bp0lr
severity: high severity: high
description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
tags: cve,cve2019,webmin,rce tags: cve,cve2019,webmin,rce

2
cves/2019/CVE-2019-3403.yaml
View File

@ -5,7 +5,7 @@ info:
author: Ganofins author: Ganofins
severity: medium severity: medium
description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-3403 reference: https://jira.atlassian.com/browse/JRASERVER-69242
tags: cve,cve2019,atlassian,jira tags: cve,cve2019,atlassian,jira
requests: requests:

2
cves/2020/CVE-2020-24550.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium severity: medium
description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.
tags: cve,cve2020,redirect,episerver tags: cve,cve2020,redirect,episerver
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-24550 reference: https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/
requests: requests:
- method: GET - method: GET

2
cves/2021/CVE-2021-21402.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-21402 id: CVE-2021-21402
info: info:
name: Jellyfin prior to 10.7.0 Unauthenticated Abritrary File Read name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
description: | description: |