Dhiyaneshwaran
GitHub
commit
855a34af5e
|
|
@ -1,44 +1,7 @@
|
|||
cves/2013/CVE-2013-6281.yaml
|
||||
cves/2017/CVE-2017-12138.yaml
|
||||
cves/2018/CVE-2018-18608.yaml
|
||||
cves/2018/CVE-2018-6200.yaml
|
||||
cves/2019/CVE-2019-16931.yaml
|
||||
cves/2019/CVE-2019-16932.yaml
|
||||
cves/2019/CVE-2019-18371.yaml
|
||||
cves/2019/CVE-2019-20224.yaml
|
||||
cves/2021/CVE-2021-21745.yaml
|
||||
cves/2021/CVE-2021-45428.yaml
|
||||
cves/2022/CVE-2022-0346.yaml
|
||||
cves/2022/CVE-2022-1609.yaml
|
||||
cves/2022/CVE-2022-1713.yaml
|
||||
cves/2022/CVE-2022-21500.yaml
|
||||
cves/2022/CVE-2022-24856.yaml
|
||||
cves/2022/CVE-2022-30776.yaml
|
||||
exposed-panels/drawio-flowchartmaker-panel.yaml
|
||||
exposed-panels/jupyter-notebook.yaml
|
||||
exposed-panels/looker-panel.yaml
|
||||
exposed-panels/netdata-panel.yaml
|
||||
exposed-panels/weblogic-uddiexplorer.yaml
|
||||
exposures/files/xampp-environment-variables.yaml
|
||||
miscellaneous/robots-txt-endpoint.yaml
|
||||
misconfiguration/selenium-exposure.yaml
|
||||
ssl/self-signed-ssl.yaml
|
||||
technologies/nimsoft-wasp.yaml
|
||||
token-spray/api-binaryedge.yaml
|
||||
token-spray/api-c99.yaml
|
||||
token-spray/api-debounce.yaml
|
||||
token-spray/api-flickr.yaml
|
||||
token-spray/api-front.yaml
|
||||
token-spray/api-fullhunt.yaml
|
||||
token-spray/api-google-drive.yaml
|
||||
token-spray/api-intelx.yaml
|
||||
token-spray/api-securitytrails.yaml
|
||||
token-spray/api-sentry.yaml
|
||||
token-spray/api-shodan.yaml
|
||||
token-spray/api-sslmate.yaml
|
||||
token-spray/api-tatum.yaml
|
||||
token-spray/api-zoomeye.yaml
|
||||
vulnerabilities/dedecms/dedecms-config-xss.yaml
|
||||
vulnerabilities/other/digitalrebar-traversal.yaml
|
||||
vulnerabilities/other/sangfor-ba-rce.yaml
|
||||
vulnerabilities/wordpress/ait-csv-import-export-rce.yaml
|
||||
cves/2018/CVE-2018-14474.yaml
|
||||
cves/2018/CVE-2018-16761.yaml
|
||||
cves/2020/CVE-2020-29597.yaml
|
||||
cves/2022/CVE-2022-29383.yaml
|
||||
exposed-panels/eventum-panel.yaml
|
||||
exposures/files/appsettings-file-disclosure.yaml
|
||||
vulnerabilities/other/phpok-sqli.yaml
|
||||
|
|
|
|||
22
README.md
22
README.md
|
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
|
||||
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
|
||||
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
|
||||
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
|
||||
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
|
||||
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
|
||||
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
|
||||
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
|
||||
| tech | 274 | gy741 | 122 | file | 76 | | | | |
|
||||
|
||||
**262 directories, 3566 files**.
|
||||
**265 directories, 3636 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
3177
TEMPLATES-STATS.md
3177
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
|
||||
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
|
||||
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
|
||||
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
|
||||
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
|
||||
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
|
||||
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
|
||||
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
|
||||
| tech | 274 | gy741 | 122 | file | 76 | | | | |
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ info:
|
|||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cve-id:
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sangfor,rce
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,17 @@
|
|||
id: CNVD-2021-01931
|
||||
|
||||
info:
|
||||
name: Ruoyi Management System - Arbitrary File Retrieval
|
||||
name: Ruoyi Management System - Local File Inclusion
|
||||
author: daffainfo,ritikchaddha
|
||||
severity: high
|
||||
description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system.
|
||||
reference:
|
||||
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
|
||||
tags: ruoyi,lfi,cnvd,cnvd2021
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
@ -28,3 +33,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 06/03/2022
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
||||
classification:
|
||||
cve-id: CVE-2009-1151
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cve-id: CVE-2010-2861
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2010,coldfusion,lfi,adobe
|
||||
tags: cve,cve2010,coldfusion,lfi,adobe,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
- http://www.php.net/ChangeLog-5.php#5.4.2
|
||||
classification:
|
||||
cve-id: CVE-2012-1823
|
||||
tags: rce,php,cve,cve2012
|
||||
tags: rce,php,cve,cve2012,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later.
|
||||
classification:
|
||||
cve-id: CVE-2013-2251
|
||||
tags: cve,cve2013,rce,struts,apache,ognl
|
||||
tags: cve,cve2013,rce,struts,apache,ognl,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
- http://bouk.co/blog/elasticsearch-rce/
|
||||
classification:
|
||||
cve-id: CVE-2014-3120
|
||||
tags: cve,cve2014,elastic,rce,elasticsearch
|
||||
tags: cve,cve2014,elastic,rce,elasticsearch,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2014-6271
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2014,rce,shellshock
|
||||
tags: cve,cve2014,rce,shellshock,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
- http://www.securityfocus.com/bid/72585
|
||||
classification:
|
||||
cve-id: CVE-2015-1427
|
||||
tags: cve,cve2015,elastic,rce,elasticsearch
|
||||
tags: cve,cve2015,elastic,rce,elasticsearch,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2015-5354
|
||||
|
||||
info:
|
||||
name: Novius OS 5.0.1-elche - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
|
||||
- https://vuldb.com/?id.76181
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-5354
|
||||
- http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2015-5354
|
||||
cwe-id: CWE-601
|
||||
tags: cve,cve2015,redirect,novius
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://example.com'
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2016-3088
|
||||
cwe-id: CWE-20
|
||||
tags: fileupload,cve,cve2016,apache,activemq
|
||||
tags: fileupload,cve,cve2016,apache,activemq,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2016-6277
|
||||
cwe-id: CWE-352
|
||||
tags: cve,cve2016,netgear,rce,iot
|
||||
tags: cve,cve2016,netgear,rce,iot,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-1000486
|
||||
cwe-id: CWE-326
|
||||
tags: cve,cve2017,primetek,rce,injection
|
||||
tags: cve,cve2017,primetek,rce,injection,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2017-10271
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oast
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
@ -81,16 +81,16 @@ requests:
|
|||
</soapenv:Envelope>
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "<faultstring>.*</faultstring>"
|
||||
- "{{randstr}}"
|
||||
condition: or
|
||||
- type: dsl
|
||||
dsl:
|
||||
- regex("<faultstring>.*</faultstring>", body)
|
||||
- status_code == 500
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
- 200
|
||||
condition: or
|
||||
- type: dsl
|
||||
dsl:
|
||||
- body == "{{randstr}}"
|
||||
- status_code == 200
|
||||
condition: and
|
||||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-12149
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2017,jboss,java,rce,deserialization
|
||||
tags: cve,cve2017,jboss,java,rce,deserialization,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2017-12615
|
||||
cwe-id: CWE-434
|
||||
tags: cve,cve2017,apache,rce,tomcat
|
||||
tags: cve,cve2017,apache,rce,tomcat,cisa
|
||||
|
||||
requests:
|
||||
- method: PUT
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2017-17562
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2017,rce,goahead,fuzz
|
||||
tags: cve,cve2017,rce,goahead,fuzz,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-3881
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2017,cisco,rce,network
|
||||
tags: cve,cve2017,cisco,rce,network,cisa
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 10
|
||||
cve-id: CVE-2017-5638
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2017,struts,rce,apache
|
||||
tags: cve,cve2017,struts,rce,apache,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-7269
|
||||
cwe-id: CWE-119
|
||||
tags: cve,cve2017,rce,windows,iis
|
||||
tags: cve,cve2017,rce,windows,iis,cisa
|
||||
|
||||
requests:
|
||||
- method: OPTIONS
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-9791
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2017,apache,rce,struts
|
||||
tags: cve,cve2017,apache,rce,struts,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2017-9805
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2017,apache,rce,struts
|
||||
tags: cve,cve2017,apache,rce,struts,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2017-9822
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization
|
||||
tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-9841
|
||||
cwe-id: CWE-94
|
||||
tags: cve,cve2017,php,phpunit,rce
|
||||
tags: cve,cve2017,php,phpunit,rce,cisa
|
||||
|
||||
requests:
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-0296
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2018,cisco,lfi,traversal
|
||||
tags: cve,cve2018,cisco,lfi,traversal,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-1000861
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2018,jenkin,rce,jenkins
|
||||
tags: cve,cve2018,jenkin,rce,jenkins,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2018-11776
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2018,apache,rce,struts
|
||||
tags: cve,cve2018,apache,rce,struts,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2018-12675
|
||||
|
||||
info:
|
||||
name: SV3C HD Camera L-SERIES - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: |
|
||||
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
|
||||
reference:
|
||||
- https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory
|
||||
- https://vuldb.com/?id.125799
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-12675
|
||||
- https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-12675
|
||||
cwe-id: CWE-601
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2018,redirect,sv3c,camera,iot
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Fattacker.com'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<META http-equiv="Refresh" content="0;URL=http://attacker.com">'
|
||||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-13379
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2018,fortios
|
||||
tags: cve,cve2018,fortios,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2018-14474
|
||||
|
||||
info:
|
||||
name: OrangeForum 1.4.0 - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: |
|
||||
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
|
||||
reference:
|
||||
- https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa
|
||||
- https://seclists.org/fulldisclosure/2019/Jan/32
|
||||
- https://vuldb.com/?id.122045
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-14474
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-14474
|
||||
cwe-id: CWE-601
|
||||
tags: cve,cve2018,redirect,orangeforum,oss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login?next=http://attacker.com/?app.scan/'
|
||||
- '{{BaseURL}}/signup?next=http://attacker.com/?app.scan/'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-434
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2018-16761
|
||||
|
||||
info:
|
||||
name: Eventum v3.3.4 - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: |
|
||||
Eventum before 3.4.0 has an open redirect vulnerability.
|
||||
reference:
|
||||
- https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/
|
||||
- https://github.com/eventum/eventum/
|
||||
- https://www.cvedetails.com/cve/CVE-2018-16761/
|
||||
- https://github.com/eventum/eventum/releases/tag/v3.4.0
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-16761
|
||||
cwe-id: CWE-601
|
||||
tags: cve,cve2018,redirect,eventum,oss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/select_project.php?url=http://attacker.com'
|
||||
- '{{BaseURL}}/clock_status.php?current_page=http://attacker.com'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-7600
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2018,drupal,rce
|
||||
tags: cve,cve2018,drupal,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-7602
|
||||
tags: cve,cve2018,drupal,authenticated
|
||||
tags: cve,cve2018,drupal,authenticated,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 7.2
|
||||
cve-id: CVE-2019-0193
|
||||
cwe-id: CWE-94
|
||||
tags: cve,cve2019,apache,rce,solr,oast
|
||||
tags: cve,cve2019,apache,rce,solr,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-10068
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2019,rce,deserialization,kentico,iis
|
||||
tags: cve,cve2019,rce,deserialization,kentico,iis,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cve-id: CVE-2019-10758
|
||||
metadata:
|
||||
shodan-query: http.title:"Mongo Express"
|
||||
tags: cve,cve2019,mongo,mongo-express
|
||||
tags: cve,cve2019,mongo,mongo-express,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 10
|
||||
cve-id: CVE-2019-11510
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2019,pulsesecure,lfi
|
||||
tags: cve,cve2019,pulsesecure,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-11580
|
||||
tags: cve,cve2019,atlassian,rce
|
||||
tags: cve,cve2019,atlassian,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-11581
|
||||
cwe-id: CWE-74
|
||||
tags: cve,cve2019,atlassian,jira,ssti,rce
|
||||
tags: cve,cve2019,atlassian,jira,ssti,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2019-12581
|
||||
|
||||
info:
|
||||
name: Zyxel ZyWall / USG / UAG - Reflected Cross-site scripting
|
||||
author: n-thumann
|
||||
severity: medium
|
||||
description: A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-12581
|
||||
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
||||
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
|
||||
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-12581
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: http.title:"ZyWall"
|
||||
tags: cve,cve2019,zyxel,zywall,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/free_time_failed.cgi?err_msg=<script>alert(document.domain);</script>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<script>alert(document.domain);</script>"
|
||||
- "Please contact with administrator."
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2019-12583
|
||||
|
||||
info:
|
||||
name: Zyxel ZyWall UAG/USG - Account Creation Access
|
||||
author: n-thumann
|
||||
severity: critical
|
||||
description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
|
||||
reference:
|
||||
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
||||
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-12583
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
||||
cvss-score: 9.1
|
||||
cve-id: CVE-2019-12583
|
||||
cwe-id: CWE-425
|
||||
tags: cve,cve2019,zyxel,zywall
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/free_time.cgi"
|
||||
|
||||
req-condition: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "contains(body_1, 'zyFunction.js')"
|
||||
- "!contains(body_1, '/free_time_transaction.cgi')"
|
||||
- "!contains(body_2, '/free_time_failed.cgi?err_msg=The Free Time feature is disabled at this time.')"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/01
|
||||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-15107
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2019,webmin,rce
|
||||
tags: cve,cve2019,webmin,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw: #
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-1653
|
||||
cwe-id: CWE-200
|
||||
tags: cve,cve2019,cisco
|
||||
tags: cve,cve2019,cisco,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-16759
|
||||
cwe-id: CWE-94
|
||||
tags: cve,cve2019,vbulletin,rce
|
||||
tags: cve,cve2019,vbulletin,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-16920
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2019,dlink,rce,router,unauth
|
||||
tags: cve,cve2019,dlink,rce,router,unauth,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2019-16932
|
||||
|
||||
info:
|
||||
name: Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
|
||||
name: Visualizer <3.3.1 - Blind Server-Side Request Forgery
|
||||
author: akincibor
|
||||
severity: critical
|
||||
description: |
|
||||
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint.
|
||||
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9892
|
||||
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
||||
|
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/27
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-17558
|
||||
cwe-id: CWE-74
|
||||
tags: cve,cve2019,apache,rce,solr,oast
|
||||
tags: cve,cve2019,apache,rce,solr,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-19781
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2019,citrix,lfi
|
||||
tags: cve,cve2019,citrix,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-20085
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2019,iot,lfi
|
||||
tags: cve,cve2019,iot,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2019-2616
|
||||
tags: cve,cve2019,oracle,xxe,oast
|
||||
tags: cve,cve2019,oracle,xxe,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-2725
|
||||
cwe-id: CWE-74
|
||||
tags: cve,cve2019,oracle,weblogic,rce
|
||||
tags: cve,cve2019,oracle,weblogic,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-22
|
||||
metadata:
|
||||
shodan-query: http.component:"Atlassian Confluence"
|
||||
tags: cve,cve2019,atlassian,confluence,lfi,rce
|
||||
tags: cve,cve2019,atlassian,confluence,lfi,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-3929
|
||||
cwe-id: CWE-78
|
||||
tags: rce,cve,cve2019,oast,injection
|
||||
tags: rce,cve,cve2019,oast,injection,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2019-6340
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2019,drupal,rce
|
||||
tags: cve,cve2019,drupal,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-7481
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2019,sonicwall,sqli
|
||||
tags: cve,cve2019,sonicwall,sqli,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 10
|
||||
cve-id: CVE-2019-7609
|
||||
cwe-id: CWE-94
|
||||
tags: cve,cve2019,kibana,rce
|
||||
tags: cve,cve2019,kibana,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-9670
|
||||
cwe-id: CWE-611
|
||||
tags: cve,cve2019,zimbra,xxe
|
||||
tags: cve,cve2019,zimbra,xxe,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-9978
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-10148
|
||||
cwe-id: CWE-287
|
||||
tags: cve,cve2020,solarwinds,rce,auth-bypass
|
||||
tags: cve,cve2020,solarwinds,rce,auth-bypass,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-11738
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2020,wordpress,wp-plugin,lfi
|
||||
tags: cve,cve2020,wordpress,wp-plugin,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ info:
|
|||
metadata:
|
||||
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
|
||||
verified: "true"
|
||||
tags: cve,cve2020,apache,airflow,rce
|
||||
tags: cve,cve2020,apache,airflow,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
|
||||
tags: cve,cve2020,apache,airflow,unauth,auth-bypass
|
||||
tags: cve,cve2020,apache,airflow,unauth,auth-bypass,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-14864
|
||||
tags: cve,cve2020,oracle,lfi
|
||||
tags: cve,cve2020,oracle,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-14882
|
||||
tags: cve,cve2020,oracle,rce,weblogic,oast
|
||||
tags: cve,cve2020,oracle,rce,weblogic,oast,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2020-14883
|
||||
tags: cve,cve2020,oracle,rce,weblogic
|
||||
tags: cve,cve2020,oracle,rce,weblogic,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-15505
|
||||
tags: cve,cve2020,mobileiron,rce,sentry
|
||||
tags: cve,cve2020,mobileiron,rce,sentry,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-16846
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2020,saltstack
|
||||
tags: cve,cve2020,saltstack,cisa
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-17496
|
||||
cwe-id: CWE-74
|
||||
tags: cve,cve2020,vbulletin,rce
|
||||
tags: cve,cve2020,vbulletin,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-17530
|
||||
cwe-id: CWE-917
|
||||
tags: cve,cve2020,apache,rce,struts
|
||||
tags: cve,cve2020,apache,rce,struts,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-1938
|
||||
cwe-id: CWE-269
|
||||
tags: cve,cve2020,apache,tomcat,lfi,network
|
||||
tags: cve,cve2020,apache,tomcat,lfi,network,cisa
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-25213
|
||||
cwe-id: CWE-434
|
||||
tags: cve,cve2020,wordpress,rce
|
||||
tags: cve,cve2020,wordpress,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-25223
|
||||
tags: cve,cve2020,sophos,rce,oast,unauth
|
||||
tags: cve,cve2020,sophos,rce,oast,unauth,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-25506
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router
|
||||
tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-26919
|
||||
tags: cve,cve2020,netgear,rce,oast,router,unauth
|
||||
tags: cve,cve2020,netgear,rce,oast,router,unauth,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,45 @@
|
|||
id: CVE-2020-29597
|
||||
info:
|
||||
name: IncomCMS 2.0 - Arbitary files upload
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: |
|
||||
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
|
||||
reference:
|
||||
- https://github.com/Trhackno/CVE-2020-29597
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-29597
|
||||
- https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2020-12-07-incom-insecure-up.md
|
||||
- https://m4dm0e.github.io/2020/12/07/incom-insecure-up.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-29597
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2020,incomcms,fileupload,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /incom/modules/uploader/showcase/script.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBEJZt0IK73M2mAbt
|
||||
|
||||
------WebKitFormBoundaryBEJZt0IK73M2mAbt
|
||||
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.png"
|
||||
Content-Type: image/png
|
||||
|
||||
|
||||
------WebKitFormBoundaryBEJZt0IK73M2mAbt--
|
||||
- |
|
||||
GET /upload/userfiles/image/{{randstr}}.png HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- contains(body_1, '\"name\":\"{{randstr}}.png\"')
|
||||
- status_code_2 == 200
|
||||
condition: and
|
||||
|
|
@ -18,7 +18,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-3452
|
||||
cwe-id: CWE-20
|
||||
tags: cve,cve2020,cisco,lfi
|
||||
tags: cve,cve2020,cisco,lfi,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-3580
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2020,xss,cisco
|
||||
tags: cve,cve2020,xss,cisco,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-5410
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2020,lfi,springcloud,config,traversal
|
||||
tags: cve,cve2020,lfi,springcloud,config,traversal,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-5847
|
||||
cwe-id: CWE-94,CWE-668
|
||||
tags: cve,cve2020,rce
|
||||
tags: cve,cve2020,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-5902
|
||||
cwe-id: CWE-22,CWE-829
|
||||
tags: cve,cve2020,bigip,rce
|
||||
tags: cve,cve2020,bigip,rce,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-6207
|
||||
cwe-id: CWE-306
|
||||
tags: cve,cve2020,sap,solman,rce
|
||||
tags: cve,cve2020,sap,solman,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 10
|
||||
cve-id: CVE-2020-6287
|
||||
cwe-id: CWE-306
|
||||
tags: cve,cve2020,sap
|
||||
tags: cve,cve2020,sap,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-7247
|
||||
cwe-id: CWE-78,CWE-755
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast,cisa
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-7961
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2020,rce,liferay
|
||||
tags: cve,cve2020,rce,liferay,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.5
|
||||
cve-id: CVE-2020-8193
|
||||
cwe-id: CWE-862
|
||||
tags: cve,cve2020,citrix,lfi
|
||||
tags: cve,cve2020,citrix,lfi,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-8515
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2020,rce
|
||||
tags: cve,cve2020,rce,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-9054
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2020,rce,zyxel,injection
|
||||
tags: cve,cve2020,rce,zyxel,injection,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-1497
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2021,cisco,rce,oast
|
||||
tags: cve,cve2021,cisco,rce,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-1498
|
||||
cwe-id: CWE-78
|
||||
tags: cve,cve2021,cisco,rce,oast,mirai
|
||||
tags: cve,cve2021,cisco,rce,oast,mirai,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-20090
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2021,lfi,buffalo,firmware,iot
|
||||
tags: cve,cve2021,lfi,buffalo,firmware,iot,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2021-20137
|
||||
|
||||
info:
|
||||
name: Gryphon Tower - Reflected XSS
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-20137
|
||||
cwe-id: CWE-79
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
|
||||
- https://www.tenable.com/security/research/tra-2021-51
|
||||
tags: cve,cve2021,gryphon,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/luci/site_access/?url=%22%20onfocus=alert(document.domain)%20autofocus=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'onfocus=alert(document.domain) autofocus=1>'
|
||||
- 'Send Access Request URL'
|
||||
condition: and
|
||||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-21315
|
||||
cwe-id: CWE-78
|
||||
tags: nodejs,cve,cve2021
|
||||
tags: nodejs,cve,cve2021,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-21972
|
||||
cwe-id: CWE-269
|
||||
tags: cve,cve2021,vmware,rce,vcenter
|
||||
tags: cve,cve2021,vmware,rce,vcenter,cisa
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 5.3
|
||||
cve-id: CVE-2021-21973
|
||||
cwe-id: CWE-918
|
||||
tags: cve,cve2021,vmware,ssrf,vcenter,oast
|
||||
tags: cve,cve2021,vmware,ssrf,vcenter,oast,cisa
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue