oob tags update
sandeep
parent
b9392d5a3e
commit
33badb66d1
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Weblogic SSRF in SearchPublicRegistries.jsp
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
tags: cve,cve2014,weblogic,oracle,ssrf,oob
|
||||
tags: cve,cve2014,weblogic,oracle,ssrf,oast
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
|
||||
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
|
||||
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7450
|
||||
tags: cve,cve2015,websphere,deserialization,rce,oob
|
||||
tags: cve,cve2015,websphere,deserialization,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
||||
tags: cve,cve2015,ssrf,oob
|
||||
tags: cve,cve2015,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
|
||||
cvss-score: 8.20
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oob
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.50
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Apache Solr <= 7.1 XML entity injection
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
tags: cve,cve2017,solr,apache,oob,xxe
|
||||
tags: cve,cve2017,solr,apache,oast,xxe
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12629
|
||||
- https://twitter.com/honoki/status/1298636315613974532
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://github.com/graphite-project/graphite-web/issues/2008
|
||||
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
|
||||
tags: cve,cve2017,graphite,ssrf,oob
|
||||
tags: cve,cve2017,graphite,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: pdteam
|
||||
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
|
||||
severity: high
|
||||
tags: cve,cve2017,weblogic,oracle,rce,oob
|
||||
tags: cve,cve2017,weblogic,oracle,rce,oast
|
||||
reference:
|
||||
- https://hackerone.com/reports/810778
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
|
||||
- https://ecosystem.atlassian.net/browse/OAUTH-344
|
||||
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
|
||||
tags: cve,cve2017,atlassian,jira,ssrf,oob
|
||||
tags: cve,cve2017,atlassian,jira,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
- https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: cve,cve2018,jenkins,ssrf,oob
|
||||
tags: cve,cve2018,jenkins,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
|
||||
- https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
|
||||
tags: cve,cve2018,lg-nas,rce,oob
|
||||
tags: cve,cve2018,lg-nas,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
- http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt
|
||||
author: gy741
|
||||
severity: high
|
||||
tags: cve,cve2018,dlink,ssrf,oob
|
||||
tags: cve,cve2018,dlink,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
||||
cvss-score: 8.60
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/49918
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16167
|
||||
tags: cve,cve2018,logontracer,rce,oob
|
||||
tags: cve,cve2018,logontracer,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
|
||||
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
|
||||
- https://paper.seebug.org/1009/
|
||||
tags: cve,cve2019,apache,rce,solr,oob
|
||||
tags: cve,cve2019,apache,rce,solr,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.20
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ info:
|
|||
author: pikpikcu,madrobot
|
||||
severity: high
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
||||
tags: cve,cve2019,apache,rce,solr,oob
|
||||
tags: cve,cve2019,apache,rce,solr,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.50
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
- https://github.com/igniterealtime/Openfire/pull/1497
|
||||
tags: cve,cve2019,ssrf,openfire,oob
|
||||
tags: cve,cve2019,ssrf,openfire,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2616
|
||||
- https://www.exploit-db.com/exploits/46729
|
||||
tags: cve,cve2019,oracle,xxe,oob
|
||||
tags: cve,cve2019,oracle,xxe,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.20
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
|
||||
- https://www.exploit-db.com/exploits/46729
|
||||
tags: cve,cve2019,oracle,xxe,oob
|
||||
tags: cve,cve2019,oracle,xxe,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.20
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69793
|
||||
- https://hackerone.com/reports/713900
|
||||
tags: cve,cve2019,atlassian,jira,ssrf,oob
|
||||
tags: cve,cve2019,atlassian,jira,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
||||
cvss-score: 6.50
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 5.30
|
||||
cve-id: CVE-2020-10770
|
||||
cwe-id: CWE-601
|
||||
tags: keycloak,ssrf,oob,cve,cve2020
|
||||
tags: keycloak,ssrf,oast,cve,cve2020
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.
|
||||
reference:
|
||||
- https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html
|
||||
tags: cve,cve2020,wavlink,rce,oob
|
||||
tags: cve,cve2020,wavlink,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
|
||||
reference:
|
||||
- https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
|
||||
tags: cve,cve2020,sophos,rce,oob
|
||||
tags: cve,cve2020,sophos,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675
|
||||
- https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
|
||||
tags: cve,cve2020,dlink,rce,oob
|
||||
tags: cve,cve2020,dlink,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
|
||||
- https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
|
||||
tags: cve,cve2020,netgear,rce,oob
|
||||
tags: cve,cve2020,netgear,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
|
||||
- https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
|
||||
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
|
||||
tags: cve,cve2020,terramaster,rce,oob
|
||||
tags: cve,cve2020,terramaster,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2020-28871
|
||||
- https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
|
||||
- https://www.exploit-db.com/exploits/48980
|
||||
tags: cve,cve2020,monitorr,rce,oob
|
||||
tags: cve,cve2020,monitorr,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/49189
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-28976
|
||||
tags: cve,cve2020,ssrf,wordpress,wp-plugin,oob
|
||||
tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.30
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html
|
||||
description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
|
||||
tags: cve,cve2020,linksys,rce,oob,router
|
||||
tags: cve,cve2020,linksys,rce,oast,router
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: madrobot
|
||||
severity: medium
|
||||
reference: https://github.com/InitRoot/CVE-2020-6308-PoC
|
||||
tags: cve,cve2020,sap,ssrf,oob
|
||||
tags: cve,cve2020,sap,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.30
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ info:
|
|||
author: princechaddha
|
||||
severity: critical
|
||||
reference: https://www.openwall.com/lists/oss-security/2020/01/28/3
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oob
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
|
||||
reference:
|
||||
- https://www.adminxe.com/2183.html
|
||||
tags: cve,cve2020,zimbra,ssrf,oob
|
||||
tags: cve,cve2020,zimbra,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
|
||||
reference:
|
||||
- https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
|
||||
tags: cve,cve2020,cacti,rce,oob
|
||||
tags: cve,cve2020,cacti,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
- https://twitter.com/ptswarm/status/1390300625129201664
|
||||
- https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md
|
||||
tags: cve,cve2021,cisco,rce,oob
|
||||
tags: cve,cve2021,cisco,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
- https://twitter.com/ptswarm/status/1390300625129201664
|
||||
- https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md
|
||||
tags: cve,cve2021,cisco,rce,oob
|
||||
tags: cve,cve2021,cisco,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q
|
||||
- https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21287
|
||||
tags: cve,cve2021,minio,ssrf,oob
|
||||
tags: cve,cve2021,minio,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 7.70
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22214
|
||||
- https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
|
||||
- https://docs.gitlab.com/ee/api/lint.html
|
||||
tags: cve,cve2021,gitlab,ssrf,oob
|
||||
tags: cve,cve2021,gitlab,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.60
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.
|
||||
severity: critical
|
||||
reference: https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a
|
||||
tags: cve,cve2021,wordpress,lfi,ssrf,oob
|
||||
tags: cve,cve2021,wordpress,lfi,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
|
||||
tags: cve,cve2021,ssrf,rce,exchange,oob,microsoft
|
||||
tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft
|
||||
reference:
|
||||
- https://proxylogon.com/#timeline
|
||||
- https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3
|
||||
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
|
||||
tags: cve,cve2021,tenda,rce,oob
|
||||
tags: cve,cve2021,tenda,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-32305
|
||||
- https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
|
||||
tags: cve,cve2021,websvn,rce,oob
|
||||
tags: cve,cve2021,websvn,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
- https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
|
||||
- https://www.linuxlz.com/aqld/2331.html
|
||||
- https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
|
||||
tags: cve,cve2021,nodejs,rce,oob
|
||||
tags: cve,cve2021,nodejs,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-33357
|
||||
- https://github.com/RaspAP/raspap-webgui
|
||||
description: RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
|
||||
tags: cve,cve2021,rce,raspap,oob
|
||||
tags: cve,cve2021,rce,raspap,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
|
||||
tags: cve,cve2021,geutebruck,rce,oob
|
||||
tags: cve,cve2021,geutebruck,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.20
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-3577
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2021,rce,oob,motorola,iot
|
||||
tags: cve,cve2021,rce,oast,motorola,iot
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
severity: critical
|
||||
reference:
|
||||
- https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/
|
||||
tags: cve,cve2021,sureline,rce,oob
|
||||
tags: cve,cve2021,sureline,rce,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://firzen.de/building-a-poc-for-cve-2021-40438
|
||||
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40438
|
||||
tags: cve,cve2021,ssrf,apache,mod-proxy,oob
|
||||
tags: cve,cve2021,ssrf,apache,mod-proxy,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9.00
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application.
|
||||
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php
|
||||
tags: targa,ssrf,oob,iot
|
||||
tags: targa,ssrf,oast,iot
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: info
|
||||
description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
|
||||
reference: https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
|
||||
tags: cloudflare,misconfig,oob
|
||||
tags: cloudflare,misconfig,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Linkerd SSRF detection
|
||||
author: dudez
|
||||
severity: high
|
||||
tags: ssrf,linkerd,oob
|
||||
tags: ssrf,linkerd,oast
|
||||
reference: https://twitter.com/nirvana_msu/status/1084144955034165248
|
||||
|
||||
requests:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: KabirSuda
|
||||
severity: medium
|
||||
description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.
|
||||
tags: misconfig,oob,oauth
|
||||
tags: misconfig,oast,oauth
|
||||
reference: https://portswigger.net/research/hidden-oauth-attack-vectors
|
||||
|
||||
requests:
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://bitbucket.org/atlassian/confluence-business-blueprints/pull-requests/144/issue-60-conf-45342-ssrf-in-sharelinks
|
||||
- https://github.com/assetnote/blind-ssrf-chains#confluence
|
||||
tags: confluence,atlassian,ssrf,jira,oob
|
||||
tags: confluence,atlassian,ssrf,jira,oast
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
- https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.24-rce
|
||||
- https://www.freebuf.com/vuls/208339.html
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.freebuf.com/vuls/208339.html
|
||||
- https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
|
||||
- https://github.com/wyzxxz/fastjson_rce_tool
|
||||
tags: fastjson,rce,deserialization,oob
|
||||
tags: fastjson,rce,deserialization,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: info
|
||||
description: The remote server fetched a spoofed URL from the request headers.
|
||||
reference: https://github.com/PortSwigger/collaborator-everywhere
|
||||
tags: oob,ssrf,generic
|
||||
tags: oast,ssrf,generic
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: info
|
||||
description: The remote server fetched a spoofed URL from the request parameters.
|
||||
reference: https://github.com/PortSwigger/collaborator-everywhere
|
||||
tags: oob,ssrf,generic
|
||||
tags: oast,ssrf,generic
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: info
|
||||
description: The remote server fetched a spoofed DNS Name from the request.
|
||||
reference: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
|
||||
tags: oob,ssrf,generic
|
||||
tags: oast,ssrf,generic
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://www.exploit-db.com/exploits/46074
|
||||
tags: hashicorp,rce,oob,intrusive
|
||||
tags: hashicorp,rce,oast,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
|
||||
reference:
|
||||
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
|
||||
tags: mirai,rce,oob
|
||||
tags: mirai,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: vulnerabilities in the web-based management interface of NETGEAR WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
|
||||
tags: netgear,rce,oob,router
|
||||
tags: netgear,rce,oast,router
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://packetstormsecurity.com/files/162993/OptiLink-ONT1GEW-GPON-2.1.11_X101-Remote-Code-Execution.html
|
||||
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
|
||||
tags: optiLink,rce,oob
|
||||
tags: optiLink,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
|
||||
reference: https://www.exploit-db.com/exploits/49344
|
||||
tags: sar2html,rce,oob
|
||||
tags: sar2html,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50098
|
||||
tags: visualtools,rce,oob
|
||||
tags: visualtools,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: critical
|
||||
reference:
|
||||
- https://www.adminxe.com/2183.html
|
||||
tags: zimbra,ssrf,oob
|
||||
tags: zimbra,ssrf,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Wordpress XMLRPC Pingback detection
|
||||
author: pdteam
|
||||
severity: info
|
||||
tags: wordpress,ssrf,oob
|
||||
tags: wordpress,ssrf,oast
|
||||
reference:
|
||||
- https://github.com/dorkerdevil/rpckiller
|
||||
- https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
|
||||
|
|
|
|||
Loading…
Reference in New Issue