daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancement (#4020) 

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

* Remove empty cve lines and relocate tags

* Remove blank cve lines & move tags

* Fix merge errors

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-2551.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Syntax cleanup

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Syntax and a title change

* Enhancement: cves/2021/CVE-2021-38702.yaml by mp

* Fix references

* Enhancement: cves/2021/CVE-2021-38704.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-44529.yaml by mp

* Conflicts resolved

* Fix quoting

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-23779.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp

* Enhancement: default-logins/emqx/emqx-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Update CVE-2020-25223.yaml

* Update CVE-2020-26214.yaml

* Update CVE-2020-25506.yaml

* Update CVE-2020-2551.yaml

* Update CVE-2020-26919.yaml

* Update CVE-2021-44529.yaml

* Update CVE-2020-28871.yaml

* Update CVE-2020-28188.yaml

* Update CVE-2021-45967.yaml

* Update hue-default-credential.yaml

* Update CVE-2021-44529.yaml

* misc syntax update

* Syntax  restore some characters

* Spacing

* Enhancement: vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml by mp

* Enhancement: vulnerabilities/wordpress/issuu-panel-lfi.yaml by mp

* Enhancement: cves/2019/CVE-2019-10068.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-11580.yaml by mp

* Enhancement: cves/2019/CVE-2019-11581.yaml by mp

* Enhancement: cves/2019/CVE-2019-12314.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Link wrapping issue

* Enhancement: cves/2019/CVE-2019-13462.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16759.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cves/2019/CVE-2019-16278.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-12725.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-10543.yaml by cs

* Enhancement: cves/2021/CVE-2021-33807.yaml by mp

* Enhancement: cves/2010/CVE-2010-0943.yaml by mp

* Enhancement: cves/2008/CVE-2008-6172.yaml by mp

* Enhancement: vulnerabilities/simplecrm/simple-crm-sql-injection.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: network/cisco-smi-exposure.yaml by mp

* Enhancement: cves/2021/CVE-2021-37704.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2019/CVE-2019-16313.yaml by mp

* Enhancement: cves/2021/CVE-2021-3017.yaml by mp

* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-5278.yaml by mp

* Enhancement: cves/2021/CVE-2021-37573.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2018/CVE-2018-11709.yaml by mp

* Enhancement: cves/2014/CVE-2014-2321.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Manual enhancement

* Manual enhancement push due to dashboard failure

* Testing of dashboard accidentally commited to dashboard branch

* Spacing
Put some CVEs in the classification

* Add missing cve-id fields to templates in cve/

Co-authored-by: sullo <sullo@cirt.net>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
patch-1
MostInterestingBotInTheWorld 2022-04-01 04:51:42 -04:00 committed by GitHub
parent 10bcb838c3
commit 6ddfbac2b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
91 changed files with 361 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2002/CVE-2002-1131.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: https://www.exploit-db.com/exploits/21811
classification:
cve-id: CVE-2002-1131
tags: xss,squirrelmail,cve,cve2002
requests:

2
cves/2005/CVE-2005-4385.yaml
View File

@ -8,6 +8,8 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
author: geeknik
severity: medium
classification:
cve-id: CVE-2005-4385
tags: cofax,xss,cve,cve2005
requests:

2
cves/2006/CVE-2006-1681.yaml
View File

@ -8,6 +8,8 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
author: geeknik
severity: medium
classification:
cve-id: CVE-2006-1681
tags: cherokee,httpd,xss,cve,cve2006
requests:

2
cves/2006/CVE-2006-2842.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
reference: https://www.exploit-db.com/exploits/27948
classification:
cve-id: CVE-2006-2842
tags: cve2006,lfi,squirrelmail,cve
requests:

2
cves/2007/CVE-2007-0885.yaml
View File

@ -6,6 +6,8 @@ info:
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
author: geeknik
severity: medium
classification:
cve-id: CVE-2007-0885
tags: cve,cve2007,jira,xss
requests:

2
cves/2007/CVE-2007-4504.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
classification:
cve-id: CVE-2007-4504
tags: cve,cve2007,joomla,lfi
requests:

2
cves/2007/CVE-2007-4556.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
reference: https://www.guildhab.top/?p=2326
classification:
cve-id: CVE-2007-4556
tags: cve,cve2007,apache,rce,struts
requests:

4
cves/2007/CVE-2007-5728.yaml
View File

@ -5,10 +5,12 @@ info:
author: dhiyaneshDK
severity: medium
description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
tags: cve,cve2007,xss,pgadmin,phppgadmin
reference: https://www.exploit-db.com/exploits/30090
metadata:
shodan-query: 'http.title:"phpPgAdmin"'
classification:
cve-id: CVE-2007-5728
tags: cve,cve2007,xss,pgadmin,phppgadmin
requests:
- method: GET

4
cves/2008/CVE-2008-2398.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
classification:
cve-id: CVE-2008-2398
tags: cve,cve2008,xss
requests:
@ -26,4 +28,4 @@ requests:
- type: word
words:
- "text/html"
part: header
part: header

3
cves/2008/CVE-2008-2650.yaml
View File

@ -6,7 +6,10 @@ info:
description: |
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference: https://www.exploit-db.com/exploits/5700
classification:
cve-id: CVE-2008-2650
tags: cve,cve2008,lfi
requests:
- raw:
- |

2
cves/2008/CVE-2008-4668.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/6618
- https://www.cvedetails.com/cve/CVE-2008-4668
classification:
cve-id: CVE-2008-4668
tags: cve,cve2008,joomla,lfi
requests:

2
cves/2008/CVE-2008-4764.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764
classification:
cve-id: CVE-2008-4764
tags: cve,cve2008,joomla,lfi
requests:

6
cves/2008/CVE-2008-5587.yaml
View File

@ -4,11 +4,13 @@ info:
name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
author: dhiyaneshDK
severity: medium
description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
reference: https://www.exploit-db.com/exploits/7363
tags: cve2008,lfi,phppgadmin
classification:
cve-id: CVE-2008-5587
metadata:
shodan-query: 'http.title:"phpPgAdmin"'
description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
tags: cve2008,lfi,phppgadmin
requests:
- method: GET

2
cves/2008/CVE-2008-6080.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
classification:
cve-id: CVE-2008-6080
tags: cve,cve2008,joomla,lfi
requests:

7
cves/2008/CVE-2008-6172.yaml
View File

@ -4,14 +4,13 @@ info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
remediation: Upgrade to the latest version.
description: "A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter."
reference:
- https://www.exploit-db.com/exploits/6817
- https://www.cvedetails.com/cve/CVE-2008-6172
tags: cve,cve2008,joomla,lfi
classification:
cve-id: CVE-2008-6172
tags: cve,cve2008,joomla,lfi
requests:
- method: GET
@ -29,4 +28,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/01/27
# Enhanced by mp on 2022/03/30

2
cves/2008/CVE-2008-6222.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
classification:
cve-id: CVE-2008-6222
tags: cve,cve2008,joomla,lfi
requests:

2
cves/2008/CVE-2008-6668.yaml
View File

@ -8,6 +8,8 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
author: geeknik
severity: high
classification:
cve-id: CVE-2008-6668
tags: nweb2fax,lfi,cve,cve2008,traversal
requests:

2
cves/2009/CVE-2009-0545.yaml
View File

@ -6,6 +6,8 @@ info:
description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
reference: https://www.exploit-db.com/exploits/8023
severity: critical
classification:
cve-id: CVE-2009-0545
tags: cve,cve2009,zeroshell,kerbynet,rce
requests:

5
cves/2009/CVE-2009-0932.yaml
View File

@ -4,11 +4,12 @@ info:
name: Horde - Horde_Image::factory driver Argument LFI
author: pikpikcu
severity: high
description: |
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference:
- https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
classification:
cve-id: CVE-2009-0932
tags: cve,cve2009,horde,lfi,traversal
requests:

2
cves/2009/CVE-2009-1151.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
classification:
cve-id: CVE-2009-1151
tags: cve,cve2009,phpmyadmin,rce,deserialization
requests:

2
cves/2009/CVE-2009-1496.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
classification:
cve-id: CVE-2009-1496
tags: cve,cve2009,joomla,lfi
requests:

2
cves/2009/CVE-2009-1558.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: https://www.exploit-db.com/exploits/32954
classification:
cve-id: CVE-2009-1558
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
requests:

2
cves/2009/CVE-2009-1872.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
classification:
cve-id: CVE-2009-1872
tags: cve,cve2009,adobe,xss,coldfusion
requests:

2
cves/2009/CVE-2009-2015.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
classification:
cve-id: CVE-2009-2015
tags: cve,cve2009,joomla,lfi
requests:

4
cves/2009/CVE-2009-2100.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
classification:
cve-id: CVE-2009-2100
tags: cve,cve2009,joomla,lfi
requests:
@ -24,4 +26,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2009/CVE-2009-3053.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
classification:
cve-id: CVE-2009-3053
tags: cve,cve2009,joomla,lfi
requests:
@ -24,4 +26,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2009/CVE-2009-3318.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
classification:
cve-id: CVE-2009-3318
tags: cve,cve2009,joomla,lfi
requests:
@ -24,4 +26,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2009/CVE-2009-4202.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
classification:
cve-id: CVE-2009-4202
tags: cve,cve2009,joomla,lfi,photo
requests:

2
cves/2009/CVE-2009-4223.yaml
View File

@ -8,6 +8,8 @@ info:
- https://www.exploit-db.com/exploits/10216
author: geeknik
severity: high
classification:
cve-id: CVE-2009-4223
tags: cve,cve2009,krweb,rfi
requests:

2
cves/2009/CVE-2009-4679.yaml
View File

@ -8,6 +8,8 @@ info:
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
classification:
cve-id: CVE-2009-4679
tags: cve,cve2009,joomla,lfi,nexus
requests:

8
cves/2010/CVE-2010-0943.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-0943
info:
name: Joomla! Component com_jashowcase - Directory Traversal
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
remediation: Apply all relevant security patches and product upgrades.
reference:
- https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-0943
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13
# Enhanced by mp on 2022/03/30

10
cves/2010/CVE-2010-1353.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-1353
info:
name: Joomla! Component LoginBox - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
remediation: Upgrade to a supported version.
description: "A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php."
reference:
- https://www.exploit-db.com/exploits/12068
- https://www.cvedetails.com/cve/CVE-2010-1353
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1353
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14
# Enhanced by mp on 2022/03/30

8
cves/2010/CVE-2010-1474.yaml
View File

@ -4,14 +4,13 @@ info:
name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
description: "A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php."
reference:
- https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1474
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
@ -25,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14
# Enhanced by mp on 2022/03/30

6
cves/2010/CVE-2010-1602.yaml
View File

@ -4,13 +4,13 @@ info:
name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description: "A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php."
reference:
- https://www.exploit-db.com/exploits/12283
- https://www.cvedetails.com/cve/CVE-2010-1602
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1602
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
@ -25,4 +25,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/03/07
# Enhanced by mp on 2022/03/30

7
cves/2010/CVE-2010-5278.yaml
View File

@ -4,14 +4,13 @@ info:
name: MODx manager - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.
remediation: Upgrade to a supported version.
description: "A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled."
reference:
- https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278
tags: cve,cve2010,lfi
classification:
cve-id: CVE-2010-5278
tags: cve,cve2010,lfi
requests:
- method: GET
@ -31,4 +30,4 @@ requests:
condition: and
part: body
# Enhanced by mp on 2022/02/18
# Enhanced by mp on 2022/03/30

4
cves/2014/CVE-2014-2321.yaml
View File

@ -8,9 +8,9 @@ info:
- https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
- https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
severity: high
tags: iot,cve,cve2014,zte
classification:
cve-id: CVE-2014-2321
tags: iot,cve,cve2014,zte
requests:
- method: GET
@ -30,4 +30,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/02/23
# Enhanced by mp on 2022/03/31

2
cves/2015/CVE-2015-0554.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/35721
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
classification:
cve-id: CVE-2015-0554
tags: cve,cve2015,pirelli,router,disclosure
requests:

2
cves/2015/CVE-2015-1427.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://blog.csdn.net/JiangBuLiu/article/details/94457980
- http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
classification:
cve-id: CVE-2015-1427
tags: cve,cve2015,elastic,rce,elasticsearch
requests:

2
cves/2015/CVE-2015-1880.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1880
- https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
classification:
cve-id: CVE-2015-1880
tags: cve,cve2015,xss,fortigates,ssl
requests:

2
cves/2015/CVE-2015-2067.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
classification:
cve-id: CVE-2015-2067
tags: cve,cve2015,lfi,magento,magmi,plugin
requests:

2
cves/2015/CVE-2015-2068.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
classification:
cve-id: CVE-2015-2068
tags: cve,cve2015,magento,magmi,xss,plugin
requests:

4
cves/2015/CVE-2015-2807.yaml
View File

@ -4,11 +4,13 @@ info:
name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
reference:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
classification:
cve-id: CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
requests:
- method: GET

2
cves/2015/CVE-2015-3306.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
reference: https://github.com/t0kx/exploit-CVE-2015-3306
description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
classification:
cve-id: CVE-2015-3306
tags: cve,cve2015,ftp,rce,network,proftpd
network:

2
cves/2015/CVE-2015-3337.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
reference: https://www.exploit-db.com/exploits/37054/
classification:
cve-id: CVE-2015-3337
tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
requests:

2
cves/2015/CVE-2015-3648.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://vulners.com/cve/CVE-2015-3648/
- https://www.securityfocus.com/bid/75019
classification:
cve-id: CVE-2015-3648
tags: cve,cve2015,lfi,resourcespace
requests:

4
cves/2015/CVE-2015-4050.yaml
View File

@ -5,10 +5,12 @@ info:
author: ELSFA7110,meme-lord
severity: high
description: FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
tags: cve,cve2015,symfony,rce
reference:
- https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
classification:
cve-id: CVE-2015-4050
tags: cve,cve2015,symfony,rce
requests:
- method: GET

4
cves/2015/CVE-2015-4414.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414
classification:
cve-id: CVE-2015-4414
tags: cve,cve2015,wordpress,wp-plugin,lfi
requests:
@ -24,4 +26,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2015/CVE-2015-5461.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://wpscan.com/vulnerability/afc0d5b5-280f-424f-bc3e-d04452e56e16
- https://nvd.nist.gov/vuln/detail/CVE-2015-5461
classification:
cve-id: CVE-2015-5461
tags: redirect,cve,cve2015,wordpress,wp-plugin
requests:

2
cves/2015/CVE-2015-5531.yaml
View File

@ -7,6 +7,8 @@ info:
reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531
classification:
cve-id: CVE-2015-5531
tags: cve,cve2015,elasticsearch
requests:

2
cves/2015/CVE-2015-5688.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://nodesecurity.io/advisories/geddy-directory-traversal
- https://github.com/geddy/geddy/issues/697
classification:
cve-id: CVE-2015-5688
tags: cve,cve2015,geddy,lfi
requests:

3
cves/2015/CVE-2015-6477.yaml
View File

@ -7,9 +7,10 @@ info:
- https://seclists.org/fulldisclosure/2015/Dec/117
- https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
- https://nvd.nist.gov/vuln/detail/CVE-2015-6477
author: geeknik
severity: medium
classification:
cve-id: CVE-2015-6477
tags: cve,cve2015,xss,iot,nordex,nc2
requests:

2
cves/2015/CVE-2015-6920.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://packetstormsecurity.com/files/133371/
- https://nvd.nist.gov/vuln/detail/CVE-2015-6920
classification:
cve-id: CVE-2015-6920
tags: cve,cve2015,wordpress,wp-plugin,xss
requests:

4
cves/2015/CVE-2015-7377.yaml
View File

@ -4,11 +4,13 @@ info:
name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
reference:
- https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-7377
classification:
cve-id: CVE-2015-7377
tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
requests:
- method: GET

4
cves/2015/CVE-2015-7823.yaml
View File

@ -8,6 +8,8 @@ info:
- https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-7823
severity: low
classification:
cve-id: CVE-2015-7823
tags: cve,cve2015,kentico,redirect
requests:
@ -19,4 +21,4 @@ requests:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
part: header
part: header

14
cves/2017/CVE-2017-5487.yaml
View File

@ -1,46 +1,42 @@
id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik
severity: medium
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
description: "WordPress Core < 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2017-5487
cwe-id: CWE-200
tags: cve,cve2017,wordpress
requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "application/json"
- type: word
words:
- '"id":'
- '"name":'
- '"avatar_urls":'
condition: and
extractors:
- type: json
json:
- '.[].name'
# Enahnced by mp 03/31/2022

2
cves/2018/CVE-2018-10818.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
- https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
classification:
cve-id: CVE-2018-10818
tags: cve,cve2018,lg-nas,rce,oast,injection
requests:

12
cves/2018/CVE-2018-11709.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2018-11709
info:
name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS)
name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
author: daffainfo
severity: medium
description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
tags: cve,cve2018,wordpress,xss,wp-plugin
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-11709
- https://wordpress.org/plugins/wpforo/#developers
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2018-11709
cwe-id: CWE-79
tags: cve,cve2018,wordpress,xss,wp-plugin
requests:
- method: GET
@ -33,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/31

2
cves/2018/CVE-2018-16341.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: high
description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
classification:
cve-id: CVE-2018-16341
tags: cve,cve2018,nuxeo,ssti,rce,bypass
requests:

11
cves/2019/CVE-2019-10068.yaml
View File

@ -1,12 +1,10 @@
id: CVE-2019-10068
info:
name: Kentico CMS Insecure Deserialization RCE
name: Kentico CMS Insecure Deserialization Remote Code Execution
author: davidmckennirey
severity: critical
description: |
Searches for Kentico CMS installations that are vulnerable to a .NET deserialization vulnerability that could be exploited to achieve remote command execution. Credit to Manoj Cherukuri and Justin LeMay from Aon Cyber Solutions for discovery of the vulnerability.
tags: cve,cve2019,rce,deserialization,kentico,iis
description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
reference:
- https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
- https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
@ -17,6 +15,7 @@ info:
cvss-score: 9.80
cve-id: CVE-2019-10068
cwe-id: CWE-502
tags: cve,cve2019,rce,deserialization,kentico,iis
requests:
- method: POST
@ -37,4 +36,6 @@ requests:
- 'System.InvalidCastException'
- 'System.Web.Services.Protocols.SoapException'
part: body
condition: and
condition: and
# Enhanced by mp on 2022/03/29

9
cves/2019/CVE-2019-10232.yaml
View File

@ -1,19 +1,20 @@
id: CVE-2019-10232
info:
name: Pre-authenticated SQL injection in GLPI <= 9.3.3
name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
author: RedTeamBrasil
severity: critical
description: Synacktiv discovered that GLPI exposes a script (/scripts/unlock_tasks.php) that not correctly sanitize usercontrolled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. This script is reachable without authentication.
description: "Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records."
reference:
- https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
- https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
tags: cve,cve2019,glpi,sqli,injection
- https://nvd.nist.gov/vuln/detail/CVE-2019-10232
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-10232
cwe-id: CWE-89
tags: cve,cve2019,glpi,sqli,injection
requests:
- method: GET
@ -35,3 +36,5 @@ requests:
part: body
regex:
- "[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"
# Enhanced by mp on 2022/03/29

11
cves/2019/CVE-2019-10758.yaml
View File

@ -1,20 +1,21 @@
id: CVE-2019-10758
info:
name: Mongo-Express Remote Code Execution - CVE-2019-10758
name: mongo-express Remote Code Execution
author: princechaddha
severity: critical
description: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
description: "mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment."
reference:
- https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
- https://nvd.nist.gov/vuln/detail/CVE-2019-10758
remediation: This issue will be fixed by updating to the latest version of mongo-express
remediation: Upgrade mongo-express to version 0.54.0 or higher.
metadata:
shodan-query: http.title:"Mongo Express"
tags: cve,cve2019,mongo,mongo-express
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.90
cve-id: CVE-2019-10758
tags: cve,cve2019,mongo,mongo-express
requests:
- raw:
@ -30,3 +31,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# Enhanced by mp on 2022/03/29

14
cves/2019/CVE-2019-11510.yaml
View File

@ -1,17 +1,20 @@
id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
name: Pulse Connect Secure SSL VPN Arbitrary File Read
author: organiccrap
severity: critical
reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
tags: cve,cve2019,pulsesecure,lfi
description: "Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access."
reference:
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11510
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2019-11510
cwe-id: CWE-22
description: "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
tags: cve,cve2019,pulsesecure,lfi
requests:
- method: GET
@ -26,3 +29,6 @@ requests:
regex:
- "root:.*:0:0:"
part: body
# Enhanced by mp on 2022/03/29

23
cves/2019/CVE-2019-11580.yaml
View File

@ -1,30 +1,19 @@
id: CVE-2019-11580
info:
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
name: Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution
author: dwisiswant0
severity: critical
tags: cve,cve2019,atlassian,rce
description: |
Atlassian Crowd and Crowd Data Center
had the pdkinstall development plugin incorrectly enabled in release builds.
Attackers who can send unauthenticated or authenticated requests
to a Crowd or Crowd Data Center instance can exploit this vulnerability
to install arbitrary plugins, which permits remote code execution on
systems running a vulnerable version of Crowd or Crowd Data Center.
All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
description: "Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability."
reference:
- https://github.com/jas502n/CVE-2019-11580
- https://jira.atlassian.com/browse/CWD-5388
- https://nvd.nist.gov/vuln/detail/CVE-2019-11580
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-11580
tags: cve,cve2019,atlassian,rce
requests:
- method: GET
@ -40,4 +29,6 @@ requests:
part: body
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/29

15
cves/2019/CVE-2019-11581.yaml
View File

@ -1,17 +1,20 @@
id: CVE-2019-11581
info:
name: Atlassian Jira template injection
description: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
name: Atlassian Jira Server-Side Template Injection
description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
author: ree4pwn
severity: critical
reference: https://github.com/jas502n/CVE-2019-11581
tags: cve,cve2019,atlassian,jira,ssti,rce
reference:
- https://github.com/jas502n/CVE-2019-11581
- https://jira.atlassian.com/browse/JRASERVER-69532
- https://nvd.nist.gov/vuln/detail/CVE-2019-11581
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-11581
cwe-id: CWE-74
tags: cve,cve2019,atlassian,jira,ssti,rce
requests:
- method: GET
@ -44,4 +47,6 @@ requests:
words:
- "has not yet configured this contact form"
part: body
negative: true
negative: true
# Enhanced by mp on 2022/03/29

14
cves/2019/CVE-2019-12314.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2019-12314
info:
name: Deltek Maconomy 2.2.5 LFIl
name: Deltek Maconomy 2.2.5 Local File Inclusion
author: madrobot
severity: critical
tags: cve,cve2019,lfi
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
description: "Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI."
reference:
http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
- http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
- https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
- https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-12314
cwe-id: CWE-22
tags: cve,cve2019,lfi
requests:
- method: GET
@ -29,3 +29,5 @@ requests:
regex:
- "root:.*:0:0:"
part: body
# Enhanced by mp on 2022/03/29

4
cves/2019/CVE-2019-12725.yaml
View File

@ -10,12 +10,12 @@ info:
- https://www.zeroshell.org/new-release-and-critical-vulnerability/
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
tags: cve,cve2019,rce,zeroshell
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-12725
cwe-id: CWE-78
tags: cve,cve2019,rce,zeroshell
requests:
- method: GET
@ -33,4 +33,4 @@ requests:
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/02/04
# Enhanced by mp on 2022/03/29

12
cves/2019/CVE-2019-13101.yaml
View File

@ -2,19 +2,19 @@ id: CVE-2019-13101
info:
author: Suman_Kar
name: D-Link DIR-600M - Authentication Bypass
description: An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
name: D-Link DIR-600M Authentication Bypass
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
severity: critical
tags: cve,cve2019,dlink,router,iot
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-13101
- https://github.com/d0x0/D-Link-DIR-600M
- https://www.exploit-db.com/exploits/47250
- https://nvd.nist.gov/vuln/detail/CVE-2019-13101
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-13101
cwe-id: CWE-306
tags: cve,cve2019,dlink,router,iot
requests:
- raw:
@ -32,4 +32,6 @@ requests:
- type: word
words:
- "/PPPoE/"
part: body
part: body
# Enhanced by mp on 2022/03/29

9
cves/2019/CVE-2019-13462.yaml
View File

@ -4,15 +4,16 @@ info:
name: Lansweeper Unauthenticated SQL Injection
author: divya_mudgal
severity: critical
reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
reference:
- https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
- https://nvd.nist.gov/vuln/detail/CVE-2019-13462
description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
remediation: Upgrade to the latest version.
tags: cve,cve2019,sqli,lansweeper
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.10
cve-id: CVE-2019-13462
cwe-id: CWE-89
tags: cve,cve2019,sqli,lansweeper
requests:
- method: GET
@ -36,4 +37,4 @@ requests:
status:
- 500
# Enhanced by mp on 2022/02/04
# Enhanced by mp on 2022/03/29

10
cves/2019/CVE-2019-15107.yaml
View File

@ -4,14 +4,16 @@ info:
name: Webmin <= 1.920 Unauthenticated Remote Command Execution
author: bp0lr
severity: critical
description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability.
reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
tags: cve,cve2019,webmin,rce
description: "Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi."
reference:
- https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-15107
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-15107
cwe-id: CWE-78
tags: cve,cve2019,webmin,rce
requests:
- raw: #
@ -29,3 +31,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/03/29

12
cves/2019/CVE-2019-15859.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2019-15859
info:
name: Socomec DIRIS Password Disclosure
name: Socomec DIRIS A-40 Devices Password Disclosure
author: geeknik
description: Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
reference: https://seclists.org/fulldisclosure/2019/Oct/10
description: "Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI."
reference:
- https://seclists.org/fulldisclosure/2019/Oct/10
- https://nvd.nist.gov/vuln/detail/CVE-2019-15859
severity: critical
tags: cve,cve2019,disclosure,socomec,diris,iot
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-15859
cwe-id: CWE-200
tags: cve,cve2019,disclosure,socomec,diris,iot
requests:
- method: GET
@ -33,3 +35,5 @@ requests:
- "password"
part: body
condition: and
# Enhanced by mp on 2022/03/29

13
cves/2019/CVE-2019-16278.yaml
View File

@ -4,14 +4,17 @@ info:
author: pikpikcu
name: nostromo 1.9.6 - Remote Code Execution
severity: critical
reference: https://www.exploit-db.com/raw/47837
tags: cve,cve2019,rce
description: "nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify."
reference:
- https://packetstormsecurity.com/files/155802/nostromo-1.9.6-Remote-Code-Execution.html
- https://www.exploit-db.com/raw/47837
- https://nvd.nist.gov/vuln/detail/CVE-2019-16278
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-16278
cwe-id: CWE-22
description: "Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request."
tags: cve,cve2019,rce
requests:
- raw:
@ -26,4 +29,6 @@ requests:
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "root:.*:0:0:"
# Enhanced by mp on 2022/03/29

8
cves/2019/CVE-2019-16313.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2019-16313
info:
name: ifw8 Router ROM v4.31 allows credential disclosure
name: ifw8 Router ROM v4.31 Credential Discovery
author: pikpikcu
severity: high
description: ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
description: "ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code."
reference:
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
- https://nvd.nist.gov/vuln/detail/CVE-2019-16313
tags: cve,cve2019,exposure,router,iot
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2019-16313
cwe-id: CWE-798
tags: cve,cve2019,exposure,router,iot
requests:
- method: GET
@ -37,3 +37,5 @@ requests:
group: 1
regex:
- '<td class="pwd" data="([a-z]+)">\*\*\*\*\*\*<\/td>'
# Enhanced by mp on 2022/03/30

12
cves/2019/CVE-2019-16662.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2019-16662
info:
name: rConfig 3.9.2 - Remote Code Execution
name: rConfig 3.9.2 Remote Code Execution
author: pikpikcu
severity: critical
reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
tags: cve,cve2019,rce,intrusive,rconfig
description: "rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution."
reference:
- https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
- https://nvd.nist.gov/vuln/detail/CVE-2019-16662
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-16662
cwe-id: CWE-78
description: "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution."
tags: cve,cve2019,rce,intrusive,rconfig
requests:
- method: GET
@ -26,3 +28,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/03/29

12
cves/2019/CVE-2019-16759.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2019-16759
info:
name: RCE in vBulletin v5.0.0-v5.5.4 fix bypass
name: vBulletin v5.0.0-v5.5.4 Remote Command Execution
author: madrobot
severity: critical
reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
tags: cve,cve2019,vbulletin,rce
description: "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request."
reference:
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
- https://nvd.nist.gov/vuln/detail/CVE-2019-16759
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2019-16759
cwe-id: CWE-94
description: "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request."
tags: cve,cve2019,vbulletin,rce
requests:
- raw:
@ -30,3 +32,5 @@ requests:
- type: word
words:
- "PHP Version"
# Enhanced by mp on 2022/03/29

2
cves/2020/CVE-2020-26073.yaml
View File

@ -7,6 +7,8 @@ info:
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
reference:
- https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
classification:
cve-id: CVE-2020-26073
tags: cve,cve2020,cisco,lfi
requests:

2
cves/2021/CVE-2021-28854.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021.
reference: https://github.com/JHHAX/VICIdial
classification:
cve-id: CVE-2021-28854
tags: cve,cve2021
requests:

8
cves/2021/CVE-2021-3017.yaml
View File

@ -1,18 +1,18 @@
id: CVE-2021-3017
info:
name: Intelbras WIN 300/WRN 342 Disclosure
name: Intelbras WIN 300/WRN 342 Credential Disclosure
author: pikpikcu
severity: high
description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
description: "Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code."
reference:
- https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-3017
tags: cve,cve2021,exposure,router
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-3017
tags: cve,cve2021,exposure,router
requests:
- method: GET
@ -37,3 +37,5 @@ requests:
part: body
regex:
- 'def_wirelesspassword = "([A-Za-z0-9=]+)";'
# Enhanced by mp on 2022/03/30

2
cves/2021/CVE-2021-30497.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
reference: https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
classification:
cve-id: CVE-2021-30497
tags: cve,cve2021,avalanche,traversal
requests:

2
cves/2021/CVE-2021-32853.yaml
View File

@ -10,6 +10,8 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3285
metadata:
shodan-query: http.title:"erxes"
classification:
cve-id: CVE-2021-32853
tags: cve,cve2021,xss,erxes,oss
requests:

7
cves/2021/CVE-2021-33807.yaml
View File

@ -4,16 +4,17 @@ info:
name: Cartadis Gespage 8.2.1 - Directory Traversal
author: daffainfo
severity: high
description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
description: "Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData."
reference:
- https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
tags: cve,cve2021,lfi,gespage
- https://www.gespage.com/cartadis-db/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-33807
cwe-id: CWE-22
tags: cve,cve2021,lfi,gespage
requests:
- method: GET
@ -36,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/30

9
cves/2021/CVE-2021-37573.yaml
View File

@ -1,18 +1,19 @@
id: CVE-2021-37573
info:
name: Tiny Java Web Server - Reflected XSS
name: Tiny Java Web Server - Reflected Cross-Site Scripting
author: geeknik
severity: medium
description: "A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page."
reference:
- https://seclists.org/fulldisclosure/2021/Aug/13
tags: cve,cve2021,xss,tjws,java
- https://nvd.nist.gov/vuln/detail/CVE-2021-37573
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-37573
cwe-id: CWE-79
description: "A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page"
tags: cve,cve2021,xss,tjws,java
requests:
- method: GET
@ -34,3 +35,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/03/30

8
cves/2021/CVE-2021-37704.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2021-37704
info:
name: phpfastcache phpinfo exposure
name: phpinfo Resource Exposure
author: whoever
severity: medium
description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache.
tags: cve,cve2021,exposure,phpfastcache,phpinfo
description: "phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache."
reference:
https://github.com/PHPSocialNetwork/phpfastcache/pull/813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
@ -14,6 +13,7 @@ info:
cvss-score: 4.30
cve-id: CVE-2021-37704
cwe-id: CWE-668
tags: cve,cve2021,exposure,phpfastcache,phpinfo
requests:
- method: GET
@ -39,3 +39,5 @@ requests:
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'
# Enhanced by mp on 2022/03/30

2
cves/2022/CVE-2022-22963.yaml
View File

@ -10,6 +10,8 @@ info:
- https://tanzu.vmware.com/security/cve-2022-22963
- https://nsfocusglobal.com/spring-cloud-function-spel-expression-injection-vulnerability-alert/
- https://github.com/vulhub/vulhub/tree/scf-spel/spring/spring-cloud-function-spel-injection
classification:
cve-id: CVE-2022-22963
tags: cve,cve2022,springcloud,rce
requests:

13
network/cisco-smi-exposure.yaml
View File

@ -4,17 +4,18 @@ info:
name: Cisco Smart Install Endpoints Exposure
author: dwisiswant0
severity: info
description: |
This template attempts & supports the detection part only by
connecting to the specified Cisco Smart Install port and determines
if it speaks the Smart Install Protocol. Exposure of SMI to
untrusted networks can allow complete compromise of the switch.
description: Cisco Smart Install endpoints were discovered. Exposure of SMI to untrusted networks could allow complete compromise of the switch.
reference:
- https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
- https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
- https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
- https://github.com/Cisco-Talos/smi_check/blob/master/smi_check.py#L52-L53
- https://github.com/Sab0tag3d/SIET
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id:
cwe-id: CWE-200
tags: network,cisco,smi,exposure
network:
@ -31,3 +32,5 @@ network:
encoding: hex
words:
- "000000040000000000000003000000080000000100000000"
# Enhanced by mp on 2022/03/30

9
vulnerabilities/oracle/oracle-siebel-xss.yaml
View File

@ -3,17 +3,18 @@ id: oracle-siebel-xss
info:
name: Oracle Siebel Loyalty 8.1 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: A vulnerability in Oracle Siebel Loyalty allows remote unauthenticated attackers to inject arbitrary Javascript code into the responses returned by the '/loyalty_enu/start.swe/' endpoint.
severity: high
description: "A vulnerability in Oracle Siebel Loyalty allows remote unauthenticated attackers to inject arbitrary Javascript code into the responses returned by the '/loyalty_enu/start.swe/' endpoint."
remediation: Upgrade to Siebel Loyalty version 8.2 or later.
reference:
- https://packetstormsecurity.com/files/86721/Oracle-Siebel-Loyalty-8.1-Cross-Site-Scripting.html
- https://exploit-db.com/exploits/47762
tags: xss,oracle
- https://docs.oracle.com/cd/E95904_01/books/Secur/siebel-security-hardening.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,oracle,siebel
requests:
- method: GET
@ -35,4 +36,4 @@ requests:
status:
- 200
# Enhanced by cs on 2022/02/28
# Enhanced by mp on 2022/03/30

11
vulnerabilities/other/antsword-backdoor.yaml
View File

@ -1,12 +1,17 @@
id: antsword-backdoor
info:
name: Antsword backdook
name: Antsword Backdoor Identified
author: ffffffff0x
severity: critical
description: 蚁剑「绕过 disable_functions」插件生成的 shell
description: The Antsword application contains a backdoor shell.
remediation: Reinstall Anstsword on a new system due to the target system's compromise. Follow best practices for securing PHP servers/applications via the php.ini and other mechanisms.
reference: https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9
tags: backdoor,antsword
classification:
cwe-id: CWE-553
cvss-score: 10.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
requests:
- method: POST
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 2022/03/31

13
vulnerabilities/other/microweber-xss.yaml
View File

@ -1,15 +1,20 @@
id: microweber-xss
info:
name: Microweber XSS
name: Microweber Cross-Site Scripting
author: gy741
severity: medium
description: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
severity: high
description: "Microweber prior to 1.2.11 is susceptible to reflected cross-site Scripting via Packagist microweber/microweber."
reference:
- https://github.com/microweber/microweber/issues/809
- https://github.com/microweber/microweber
metadata:
shodan-query: 'http.favicon.hash:780351152'
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id:
cwe-id: CWE-79
tags: microweber,xss,oss
requests:
@ -32,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/30

2
vulnerabilities/other/visual-tools-dvr-rce.yaml
View File

@ -26,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/31

13
vulnerabilities/simplecrm/simple-crm-sql-injection.yaml
View File

@ -1,10 +1,17 @@
id: simple-crm-sql-injection
info:
name: Simple CRM 3.0 - 'email' SQL injection & Authentication Bypass
name: Simple CRM 3.0 SQL Injection and Authentication Bypass
author: geeknik
severity: high
reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
description: Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities.
reference:
- https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id:
cwe-id: CWE-89
tags: sqli,simplecrm,auth-bypass,injection
requests:
@ -28,3 +35,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/03/30

12
vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml
View File

@ -1,11 +1,17 @@
id: hide-security-enhancer-lfi
info:
name: WP Hide Security Enhancer 1.3.9.2 - Arbitrary File Download Vulnerability
name: WordPress Hide Security Enhancer 1.3.9.2 Local File Inclusion
author: dhiyaneshDK
severity: high
description: WP Hide Security Enhancer version 1.3.9.2 or less is victim of an Arbitrary File Download vulnerability. This allows any visitor to download any file in our installation
description: WordPress Hide Security Enhancer version 1.3.9.2 or less is susceptible to a local file inclusion vulnerability which could allow malicious visitors to download any file in the installation.
remediation: Upgrade to version 1.4 or later.
reference: https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id:
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -25,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/29

13
vulnerabilities/wordpress/issuu-panel-lfi.yaml
View File

@ -1,11 +1,18 @@
id: issuu-panel-lfi
info:
name: Wordpress Plugin Issuu Panel - RFI & LFI
name: Wordpress Plugin Issuu Panel Remote/Local File Inclusion
author: 0x_Akoko
severity: high
description: The WordPress Issuu Plugin includes an arbitrary file disclosure vulnerability that allows unauthenticated attackers to disclose the content of local and remote files.
reference: https://cxsecurity.com/issue/WLB-2016030131
reference:
- https://cxsecurity.com/issue/WLB-2016030131
- https://wordpress.org/plugins/issuu-panel/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id:
cwe-id: CWE-22
tags: wp-plugin,wordpress,lfi,rfi
requests:
@ -23,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/29