daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#4567) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-06-09 16:35:21 -04:00 committed by GitHub
parent 4cc13bb57f
commit b883737198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 203 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2009/CVE-2009-3318.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2009-3318
info:
name: Joomla! Component com_album 1.14 - Directory Traversal
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
- http://www.securityfocus.com/bid/36441
classification:
cve-id: CVE-2009-3318
tags: cve,cve2009,joomla,lfi
@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

8
cves/2009/CVE-2009-4202.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2009-4202
info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
- http://www.vupen.com/english/advisories/2009/1494
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
classification:
cve-id: CVE-2009-4202
@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

7
cves/2009/CVE-2009-4223.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2009-4223
info:
name: KR-Web <= 1.1b2 RFI
name: KR-Web <=1.1b2 - Remote File Inclusion
author: geeknik
severity: high
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
reference:
- https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
- http://www.exploit-db.com/exploits/10216
- https://nvd.nist.gov/vuln/detail/CVE-2009-4223
classification:
cve-id: CVE-2009-4223
tags: cve,cve2009,krweb,rfi
@ -28,3 +29,5 @@ requests:
part: interactsh_protocol
words:
- "http"
# Enhanced by mp on 2022/06/06

9
cves/2009/CVE-2009-4679.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2009-4679
info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
name: Joomla! Portfolio Nexus - Remote File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description: |
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
- http://secunia.com/advisories/37760
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
classification:
cve-id: CVE-2009-4679
tags: cve,cve2009,joomla,lfi,nexus
@ -28,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

9
cves/2015/CVE-2015-0554.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2015-0554
info:
name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
author: daffainfo
severity: high
description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
reference:
- https://www.exploit-db.com/exploits/35721
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
- http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html
- http://www.exploit-db.com/exploits/35721
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
classification:
cve-id: CVE-2015-0554
tags: cve,cve2015,pirelli,router,disclosure
@ -32,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

7
cves/2015/CVE-2015-1000012.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2015-1000012
info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
name: WordPress MyPixs <=0.3 - Local File Inclusion
author: daffainfo
severity: high
description: Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.
reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
- http://www.vapidlabs.com/advisory.php?v=154
- https://nvd.nist.gov/vuln/detail/CVE-2015-1000012
- http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -31,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/06

4
cves/2015/CVE-2015-1503.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2015-1503
info:
name: IceWarp Mail Server Directory Traversal
name: IceWarp Mail Server <11.1.1 - Directory Traversal
author: 0x_Akoko
severity: high
description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
@ -33,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/06

6
cves/2015/CVE-2015-2067.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-2067
info:
name: Magento Server Magmi Plugin - Directory Traversal
name: Magento Server MAGMI - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
@ -28,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

6
cves/2015/CVE-2015-2166.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-2166
info:
name: Ericsson Drutt MSDP (Instance Monitor) Directory Traversal
name: Ericsson Drutt MSDP - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.
reference:
- https://www.exploit-db.com/exploits/36619
- https://nvd.nist.gov/vuln/detail/CVE-2015-2166
@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

7
cves/2015/CVE-2015-3306.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2015-3306
info:
name: ProFTPd RCE
name: ProFTPd - Remote Code Execution
author: pdteam
severity: high
description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
reference:
- https://github.com/t0kx/exploit-CVE-2015-3306
- https://www.exploit-db.com/exploits/36803/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
classification:
cve-id: CVE-2015-3306
tags: cve,cve2015,ftp,rce,network,proftpd
@ -34,3 +35,5 @@ network:
part: raw
words:
- "Copy successful"
# Enhanced by mp on 2022/06/08

7
cves/2015/CVE-2015-3337.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2015-3337
info:
name: Elasticsearch Head plugin LFI
name: Elasticsearch - Local File Inclusion
author: pdteam
severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.
reference:
- https://www.exploit-db.com/exploits/37054/
- http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385
- https://www.elastic.co/community/security
- http://www.debian.org/security/2015/dsa-3241
- https://nvd.nist.gov/vuln/detail/CVE-2015-3337
classification:
cve-id: CVE-2015-3337
tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
@ -29,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

5
cves/2015/CVE-2015-3648.yaml
View File

@ -4,12 +4,13 @@ info:
name: ResourceSpace - Local File inclusion
author: pikpikcu
severity: high
description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.
reference:
- https://vulners.com/cve/CVE-2015-3648/
- http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/
- http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738
- http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3648
classification:
cve-id: CVE-2015-3648
tags: cve,cve2015,lfi,resourcespace
@ -29,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

6
cves/2015/CVE-2015-3897.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-3897
info:
name: Bonita BPM 6.5.1 - Unauthenticated Directory Traversal
name: Bonita BPM Portal <6.5.3 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
reference:
- https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html
- https://www.bonitasoft.com/
@ -37,3 +37,5 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0:"
# Enhanced by mp on 2022/06/08

8
cves/2015/CVE-2015-4050.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2015-4050
info:
name: ESI unauthorized access
name: Symfony - Authentication Bypass
author: ELSFA7110,meme-lord
severity: high
description: FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.
reference:
- https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
- http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
- http://www.debian.org/security/2015/dsa-3276
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
classification:
cve-id: CVE-2015-4050
tags: cve,cve2015,symfony,rce
@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

8
cves/2015/CVE-2015-4414.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2015-4414
info:
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414
- https://nvd.nist.gov/vuln/detail/CVE-2015-4414
- https://www.exploit-db.com/exploits/37274/
- http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
classification:
@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

7
cves/2015/CVE-2015-4632.yaml
View File

@ -4,12 +4,11 @@ info:
name: Koha 3.20.1 - Directory Traversal
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
reference:
- https://www.exploit-db.com/exploits/37388
- https://www.cvedetails.com/cve/CVE-2015-4632
- https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
- https://www.exploit-db.com/exploits/37388/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -31,4 +30,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/06/08

6
cves/2015/CVE-2015-5531.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-5531
info:
name: ElasticSearch directory traversal vulnerability (CVE-2015-5531)
name: ElasticSearch <1.6.1 - Local File Inclusion
author: princechaddha
severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531
@ -55,3 +55,5 @@ requests:
- type: status
status:
- 400
# Enhanced by mp on 2022/06/08

7
cves/2015/CVE-2015-5688.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2015-5688
info:
name: Geddy before v13.0.8 LFI
name: Geddy <13.0.8 - Local File Inclusion
author: pikpikcu
severity: high
description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
reference:
- https://nodesecurity.io/advisories/geddy-directory-traversal
- https://github.com/geddy/geddy/issues/697
- https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231
- https://nvd.nist.gov/vuln/detail/CVE-2015-5688
classification:
cve-id: CVE-2015-5688
tags: cve,cve2015,geddy,lfi
@ -28,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

4
cves/2015/CVE-2015-7297.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-7297
info:
name: Joomla Core SQL Injection
name: Joomla! Core SQL Injection
author: princechaddha
severity: high
description: A SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2015-7297
- http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html

6
cves/2015/CVE-2015-8813.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2015-8813
info:
name: Umbraco SSRF Vulnerability in Feedproxy.aspx
name: Umbraco <7.4.0- Server-Side Request Forgery
author: emadshanab
severity: high
description: A Server Side Request Forgery (SSRF) vulnerability in Umbraco in Feedproxy.aspx allows attackers to send arbitrary HTTP GET requests.Once you change the URL to the http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, you able to access the localhost application of the server
description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
reference:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
@ -27,3 +27,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# Enhanced by mp on 2022/06/08

5
cves/2016/CVE-2016-0957.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2016-0957
info:
name: Adobe AEM Console Disclosure
name: Adobe AEM Dispatcher <4.15 - Rules Bypass
author: geeknik
severity: high
description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
reference:
- https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-0957
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- "java.lang"
- "(Runtime)"
condition: and
# Enhanced by mp on 2022/06/08

6
cves/2016/CVE-2016-10924.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2016-10924
info:
name: Wordpress eBook Download < 1.2 - Directory Traversal
name: Wordpress Zedna eBook download <1.2 - Local File Inclusion
author: idealphase
severity: high
description: The Wordpress eBook Download plugin was affected by a filedownload.php Local File Inclusion security vulnerability.
description: Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability.
reference:
- https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
- https://www.exploit-db.com/exploits/39575
@ -34,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

7
cves/2016/CVE-2016-10956.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2016-10956
info:
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
name: WordPress Mail Masta 1.0 - Local File Inclusion
author: daffainfo,0x240x23elu
severity: high
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
reference:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
- https://wordpress.org/plugins/mail-masta/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2016-10956
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
status:
- 200
- 500
# Enhanced by mp on 2022/06/09

7
cves/2016/CVE-2016-2389.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2016-2389
info:
name: SAP xMII 15.0 - Directory Traversal
name: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
reference:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
- https://www.exploit-db.com/exploits/39837/
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

8
cves/2016/CVE-2016-3081.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2016-3081
info:
name: Apache S2-032 Struts RCE
name: Apache S2-032 Struts - Remote Code Execution
author: dhiyaneshDK
severity: high
description: |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).
reference:
- https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html
- http://www.securitytracker.com/id/1035665
- https://nvd.nist.gov/vuln/detail/CVE-2016-3081
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
@ -31,3 +31,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/06/09

6
cves/2016/CVE-2016-6277.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2016-6277
info:
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
name: NETGEAR Routers - Remote Code Execution
author: pikpikcu
severity: high
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
reference:
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
@ -32,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

6
cves/2017/CVE-2017-0929.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2017-0929
info:
name: DotNetNuke ImageHandler SSRF
name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
author: charanrayudu,meme-lord
severity: high
description: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
reference:
- https://hackerone.com/reports/482634
- https://nvd.nist.gov/vuln/detail/CVE-2017-0929
@ -31,3 +31,5 @@ requests:
- type: status
status:
- 500
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-1000028.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2017-1000028
info:
name: GlassFish LFI
name: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
author: pikpikcu,daffainfo
severity: high
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.
reference:
- https://www.exploit-db.com/exploits/45196
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
- https://www.exploit-db.com/exploits/45196/
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000028
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -39,3 +40,5 @@ requests:
- "contains(body, 'extensions')"
- "status_code == 200"
condition: and
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-1000029.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2017-1000029
info:
name: GlassFish Server Open Source Edition 3.0.1 - LFI
name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.
reference:
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784
- https://www.cvedetails.com/cve/CVE-2017-1000029
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000029
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -30,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-1000170.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2017-1000170
info:
name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal
name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
author: dwisiswant0
severity: high
description: jqueryFileTree 2.1.5 and older Directory Traversal
description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
reference:
- https://www.exploit-db.com/exploits/49693
- https://github.com/jqueryfiletree/jqueryfiletree/issues/66
- http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000170
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

8
cves/2017/CVE-2017-10271.yaml
View File

@ -5,12 +5,12 @@ info:
author: dr_set,ImNightmaree
severity: high
description: |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
reference:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securitytracker.com/id/1039608
- https://nvd.nist.gov/vuln/detail/CVE-2017-10271
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
@ -93,4 +93,6 @@ requests:
dsl:
- body == "{{randstr}}"
- status_code == 200
condition: and
condition: and
# Enhanced by mp on 2022/06/09

9
cves/2017/CVE-2017-10974.yaml
View File

@ -1,14 +1,13 @@
id: CVE-2017-10974
info:
name: Yaws 1.91 - Remote File Disclosure
name: Yaws 1.91 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080
description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.
reference:
- https://www.exploit-db.com/exploits/42303
- https://nvd.nist.gov/vuln/detail/CVE-2017-10974
- https://www.exploit-db.com/exploits/42303/
- http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -34,4 +33,6 @@ requests:
- type: dsl
dsl:
- '!contains(tolower(body), "<html")'
- '!contains(tolower(body), "<html")'
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-11512.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2017-11512
info:
name: ManageEngine ServiceDesk - Arbitrary File Retrieval
name: ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
author: 0x_Akoko
severity: high
description: |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
reference:
- https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html
- https://www.cvedetails.com/cve/CVE-2017-11512
- https://www.tenable.com/security/research/tra-2017-31
- https://nvd.nist.gov/vuln/detail/CVE-2017-11512
- https://web.archive.org/web/20210116180015/https://www.securityfocus.com/bid/101789/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -36,3 +37,5 @@ requests:
- "fonts"
- "extensions"
condition: and
# Enhanced by mp on 2022/06/09

6
cves/2017/CVE-2017-11610.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2017-11610
info:
name: Supervisor XMLRPC Exec
name: XML-RPC Server - Remote Code Execution
author: notnotnotveg
severity: high
description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.
reference:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md
- https://nvd.nist.gov/vuln/detail/CVE-2017-11610
@ -54,3 +54,5 @@ requests:
- "<methodResponse>"
- "<int>"
condition: and
# Enhanced by mp on 2022/06/09

10
cves/2017/CVE-2017-12615.yaml
View File

@ -1,18 +1,16 @@
id: CVE-2017-12615
info:
name: Apache Tomcat RCE
name: Apache Tomcat Servers - Remote Code Execution
author: pikpikcu
severity: high
description: |
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
reference:
- https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
- http://www.securitytracker.com/id/1039392
- https://nvd.nist.gov/vuln/detail/CVE-2017-12615
- http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -57,3 +55,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

9
cves/2017/CVE-2017-12637.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2017-12637
info:
name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
name: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
author: apt-mirror
severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
reference:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
- http://www.sh0w.top/index.php/archives/7/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +31,5 @@ requests:
- "META-INF"
condition: and
part: body
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-14849.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2017-14849
info:
name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal
name: Node.js <8.6.0 - Directory Traversal
author: Random_Robbie
severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
reference:
- https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- https://nvd.nist.gov/vuln/detail/CVE-2017-14849
- http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -29,3 +30,5 @@ requests:
regex:
- "root:.*:0:0:"
part: body
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-15363.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2017-15363
info:
name: TYPO3 Restler - Arbitrary File Retrieval
name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.
description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.
reference:
- https://www.exploit-db.com/exploits/42985
- https://www.cvedetails.com/cve/CVE-2017-15363
- https://extensions.typo3.org/extension/restler/
- https://extensions.typo3.org/extension/download/restler/1.7.1/zip/
- https://nvd.nist.gov/vuln/detail/CVE-2017-15363
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-15647.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2017-15647
info:
name: FiberHome - Directory Traversal
name: FiberHome Routers - Local File Inclusion
author: daffainfo
severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference:
- https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647
- https://blogs.securiteam.com/index.php/archives/3472
- https://nvd.nist.gov/vuln/detail/CVE-2017-15647
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -31,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

8
cves/2017/CVE-2017-15715.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2017-15715
info:
name: Apache Arbitrary File Upload
name: Apache httpd <=2.4.29 - Arbitrary File Upload
author: geeknik
severity: high
description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
reference:
- https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
- https://httpd.apache.org/security/vulnerabilities_24.html
- http://www.openwall.com/lists/oss-security/2018/03/24/6
- http://www.securitytracker.com/id/1040570
- https://nvd.nist.gov/vuln/detail/CVE-2017-15715
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
@ -46,3 +46,5 @@ requests:
- type: dsl
dsl:
- 'contains(body_2, "{{randstr_1}}")'
# Enhanced by mp on 2022/06/09

7
cves/2017/CVE-2017-16877.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2017-16877
info:
name: Nextjs v2.4.1 LFI
name: Nextjs <2.4.1 - Local File Inclusion
author: pikpikcu
severity: high
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference:
- https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
- https://github.com/zeit/next.js/releases/tag/2.4.1
- https://nvd.nist.gov/vuln/detail/CVE-2017-16877
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/09

6
cves/2020/CVE-2020-29597.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-29597
info:
name: IncomCMS 2.0 - Arbitary files upload
name: IncomCMS 2.0 - Arbitrary File Upload
author: princechaddha
severity: critical
description: |
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
reference:
- https://github.com/Trhackno/CVE-2020-29597
- https://nvd.nist.gov/vuln/detail/CVE-2020-29597
@ -43,3 +43,5 @@ requests:
- contains(body_1, '\"name\":\"{{randstr}}.png\"')
- status_code_2 == 200
condition: and
# Enhanced by CS 06/06/2022

2
cves/2021/CVE-2021-28377.yaml
View File

@ -4,7 +4,7 @@ info:
name: ChronoForums 2.0.11 - Directory Traversal
author: 0x_Akoko
severity: medium
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, like for instance Joomla's configuration file containing secret credentials.
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, for example the Joomla! configuration file which contains credentials.
reference:
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377

4
exposures/configs/joomla-config-file.yaml
View File

@ -1,10 +1,10 @@
id: joomla-config-dist-file
info:
name: Joomla Config Dist File
name: Joomla! Config Dist File
author: oppsec
severity: low
description: configuration.php-dist is a file created by Joomla to save Joomla settings.
description: configuration.php-dist is a file created by Joomla! to save Joomla settings.
tags: config,exposure,joomla
requests:

4
miscellaneous/joomla-htaccess.yaml
View File

@ -1,10 +1,10 @@
id: joomla-htaccess-file
info:
name: Joomla htaccess file disclosure
name: Joomla! htaccess file disclosure
author: oppsec
severity: info
description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc.
description: Joomla! has an htaccess file to store configurations about HTTP config, directory listing, etc.
tags: misc,joomla
requests:

4
miscellaneous/joomla-manifest-file.yaml
View File

@ -1,10 +1,10 @@
id: joomla-manifest-file
info:
name: Joomla Manifest File Disclosure
name: Joomla! Manifest File Disclosure
author: oppsec
severity: info
description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
description: A Joomla! Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla!, such as version, files, and paths.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3

4
vulnerabilities/joomla/rusty-joomla.yaml
View File

@ -1,11 +1,11 @@
id: rusty-joomla
info:
name: Joomla CMS <=3.4.6 - Remote Code Execution
name: Joomla! CMS <=3.4.6 - Remote Code Execution
author: leovalcante,kiks7
severity: critical
description: |
Joomla CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
Joomla! CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
reference:
- https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/
- https://github.com/kiks7/rusty_joomla_rce

1
vulnerabilities/other/74cms-sqli.yaml
View File

@ -25,5 +25,4 @@ requests:
- "e807f1fcf82d132f9bb018ca6738a19f"
part: body
# Enhanced by mp on 2022/03/02
# Enhanced by ritikchaddha on 2022/05/05

2
workflows/joomla-workflow.yaml
View File

@ -3,7 +3,7 @@ id: joomla-workflow
info:
name: Joomla! Security Checks
author: daffainfo
description: A simple workflow that runs all Joomla related nuclei templates on a given target.
description: A simple workflow that runs all Joomla! related nuclei templates on a given target.
workflows:
- template: technologies/tech-detect.yaml