daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#4111) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-04-11 10:42:35 -04:00 committed by GitHub
parent 6bf96047ca
commit 45174dee16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 113 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cves/2018/CVE-2018-1000533.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2018-1000533
info:
name: GitList < 0.6.0 RCE
name: GitList < 0.6.0 Remote Code Execution
author: pikpikcu
severity: critical
description: klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user.
reference: https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
tags: rce,git,cve,cve2018,gitlist
description: "klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution."
reference:
- https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-1000533
cwe-id: CWE-20
tags: rce,git,cve,cve2018,gitlist
requests:
- raw:
@ -40,3 +42,5 @@ requests:
words:
- "root:/root:/bin/bash"
part: body
# Enhanced by mp on 2022/04/08

9
cves/2018/CVE-2018-18069.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2018-18069
info:
name: Wordpress unauthenticated stored xss
name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
author: nadino
severity: medium
description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
tags: cve,cve2018,wordpress,xss,plugin
description: "WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php."
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
@ -13,6 +12,8 @@ info:
cwe-id: CWE-79
reference:
- https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/
- https://nvd.nist.gov/vuln/detail/CVE-2018-18069
tags: cve,cve2018,wordpress,xss,plugin
requests:
- method: POST
@ -25,3 +26,5 @@ requests:
- type: dsl
dsl:
- 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'
# Enhanced by mp on 2022/04/08

10
cves/2020/CVE-2020-10546.yaml
View File

@ -1,18 +1,20 @@
id: CVE-2020-10546
info:
name: rConfig 3.9.4 SQLi
name: rConfig 3.9.4 SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
description: "rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli
- https://nvd.nist.gov/vuln/detail/CVE-2020-10546
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10546
cwe-id: CWE-89,CWE-522
tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@ -27,3 +29,5 @@ requests:
words:
- "[project-discovery]"
part: body
# Enhanced by mp on 2022/04/07

9
cves/2020/CVE-2020-10547.yaml
View File

@ -1,18 +1,19 @@
id: CVE-2020-10547
info:
name: rConfig 3.9.4 SQLi
name: rConfig 3.9.4 SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
description: "rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10547
cwe-id: CWE-89,CWE-522
tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@ -27,3 +28,5 @@ requests:
words:
- "[project-discovery]"
part: body
# Enhanced by mp on 2022/04/07

10
cves/2020/CVE-2020-10548.yaml
View File

@ -1,18 +1,20 @@
id: CVE-2020-10548
info:
name: rConfig 3.9.4 SQLi
name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
description: "rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
tags: cve,cve2020,rconfig,sqli
- https://nvd.nist.gov/vuln/detail/CVE-2020-10548
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10548
cwe-id: CWE-89,CWE-522
tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@ -27,3 +29,5 @@ requests:
words:
- "[project-discovery]"
part: body
# Enhanced by mp on 2022/04/07

2
cves/2020/CVE-2020-14883.yaml
View File

@ -54,4 +54,4 @@ requests:
regex:
- "(u|g)id=.*"
# Enhanced by mp on 2022/04/05
# Enhanced by mp on 2022/04/05

6
cves/2020/CVE-2020-24312.yaml
View File

@ -9,14 +9,12 @@ info:
reference:
- https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
- https://nvd.nist.gov/vuln/detail/CVE-2020-24312
tags: cve,cve2020,wordpress,backups,plugin
# Note: Manually check content
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2020-24312
cwe-id: CWE-552
tags: cve,cve2020,wordpress,backups,plugin
requests:
- method: GET
@ -35,3 +33,5 @@ requests:
- 'wp-content/uploads/wp-file-manager-pro/fm_backup'
- 'backup_'
condition: and
# Enhanced by mp on 2022/04/08

10
cves/2020/CVE-2020-35848.yaml
View File

@ -1,19 +1,21 @@
id: CVE-2020-35848
info:
name: Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
name: Cockpit <0.12.0 NoSQL Injection
author: dwisiswant0
severity: critical
description: |
newpassword method of the Auth controller,
which is responsible for displaying the user password reset form.
reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
tags: cve,cve2020,nosqli,sqli,cockpit,injection
reference:
- https://swarm.ptsecurity.com/rce-cockpit-cms/
- https://nvd.nist.gov/vuln/detail/CVE-2020-35848
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-35848
cwe-id: CWE-89
tags: cve,cve2020,nosqli,sqli,cockpit,injection
requests:
- method: POST
@ -33,3 +35,5 @@ requests:
part: body
regex:
- 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
# Enhanced by mp on 2022/04/08

10
cves/2020/CVE-2020-6637.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2020-6637
info:
name: OpenSIS v7.3 unauthenticated SQL injection
name: OpenSIS v7.3 unauthenticated SQL Injection
author: pikpikcu
severity: critical
description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
tags: cve,cve2020,sqli,opensis
description: "OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-6637
- https://cinzinga.com/CVE-2020-6637/
- https://nvd.nist.gov/vuln/detail/CVE-2020-6637
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-6637
cwe-id: CWE-89
tags: cve,cve2020,sqli,opensis
requests:
- method: POST
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/04/08

11
exposed-panels/open-virtualization-manager-panel.yaml
View File

@ -1,16 +1,21 @@
id: open-virtualization-manager-panel
info:
name: Open Virtualization Userportal & Webadmin Panel
name: Open Virtualization Userportal & Webadmin Panel Detection
author: idealphase
severity: info
description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
metadata:
shodan-query: title:"Ovirt-Engine"
google-query: intitle:"Ovirt-Engine"
reference:
- https://www.ovirt.org/
- https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: panel,ovirt,oss
requests:
@ -36,3 +41,5 @@ requests:
group: 1
regex:
- '"application_title":"(([a-zA-Z]+\s)*[a-zA-Z]+)"'
# Enhanced by mp on 2022/04/08

10
exposed-panels/openvpn-monitor.yaml
View File

@ -4,8 +4,13 @@ info:
name: OpenVPN Monitor Disclosure
author: geeknik
severity: high
description: openvpn-monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all current connections.
description: openvpn-monitor was discovered. OpenVPN Monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all its current connections.
reference: https://openvpn-monitor.openbytes.ie/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: openvpn,disclosure,panel
requests:
@ -33,3 +38,6 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/04/08

13
exposures/files/ioncube-loader-wizard.yaml
View File

@ -1,11 +1,16 @@
id: ioncube-loader-wizard
info:
name: Ioncube Loader Wizard disclosure
name: ioncube Loader Wizard Disclosure
author: Mubassirpatel
severity: medium
description: ioncube-loader-wizard is vulnerable to xss,phpinfo, etc.
description: An ioncube Loader Wizard was discovered.
reference: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: ioncube,disclosure,exposure
requests:
@ -23,4 +28,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/04/08

11
miscellaneous/joomla-manifest-file.yaml
View File

@ -1,10 +1,15 @@
id: joomla-manifest-file
info:
name: Joomla manifest file disclosure
name: Joomla Manifest File Disclosure
author: oppsec
severity: info
description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: misc,joomla
requests:
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/04/08

11
technologies/open-virtualization-manager-detect.yaml
View File

@ -1,16 +1,21 @@
id: open-virtualization-manager-detect
info:
name: Open Virtualization Manager Detect
name: Open Virtualization Manager Detection
author: idealphase
severity: info
description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
description: Open Virtualization Manager was detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
metadata:
shodan-query: title:"Ovirt-Engine"
google-query: intitle:"Ovirt-Engine"
reference:
- https://www.ovirt.org/
- https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: tech,ovirt
requests:
@ -33,3 +38,5 @@ requests:
group: 1
regex:
- '<span class="version-text">(.+)<\/span>'
# Enhanced by mp on 2022/04/08

16
vulnerabilities/other/chamilo-lms-xss.yaml
View File

@ -1,10 +1,18 @@
id: chamilo-lms-xss
info:
name: Chamilo LMS Cross Site Scripting
name: Chamilo LMS 1.11.14 Cross-Site Scripting
author: geeknik
severity: medium
description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
severity: high
description: Chamilo LMS 1.11.14 is vulnerable to cross-site scripting.
reference:
- https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
- https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-45-2021-01-21-Moderate-impact-moderate-risk-XSS-vulnerability-in-agenda
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id:
cwe-id: CWE-79
tags: xss,chamilo
requests:
@ -25,3 +33,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/04/08

4
vulnerabilities/other/eyelock-nano-lfd.yaml
View File

@ -4,7 +4,7 @@ info:
name: EyeLock nano NXT 3.5 - Local File Disclosure
author: geeknik
severity: high
description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
tags: iot,lfi,eyelock
@ -22,3 +22,5 @@ requests:
regex:
- "root:[x*]:0:0:"
part: body
# Enhanced by mp on 2022/04/08