Dashboard Content Enhancements (#4567)

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-06-09 16:35:21 -04:00 committed by GitHub
parent 4cc13bb57f
commit b883737198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 203 additions and 110 deletions

View File

@ -1,15 +1,15 @@
id: CVE-2009-3318 id: CVE-2009-3318
info: info:
name: Joomla! Component com_album 1.14 - Directory Traversal name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/9706 - https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318 - https://www.cvedetails.com/cve/CVE-2009-3318
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/ - https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
- http://www.securityfocus.com/bid/36441
classification: classification:
cve-id: CVE-2009-3318 cve-id: CVE-2009-3318
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
@ -29,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,14 +1,14 @@
id: CVE-2009-4202 id: CVE-2009-4202
info: info:
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/8870 - https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
- http://www.vupen.com/english/advisories/2009/1494 - http://www.vupen.com/english/advisories/2009/1494
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/ - http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
classification: classification:
cve-id: CVE-2009-4202 cve-id: CVE-2009-4202
@ -29,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,15 +1,16 @@
id: CVE-2009-4223 id: CVE-2009-4223
info: info:
name: KR-Web <= 1.1b2 RFI name: KR-Web <=1.1b2 - Remote File Inclusion
author: geeknik author: geeknik
severity: high severity: high
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents. description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
reference: reference:
- https://sourceforge.net/projects/krw/ - https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216 - https://www.exploit-db.com/exploits/10216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395 - https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
- http://www.exploit-db.com/exploits/10216 - http://www.exploit-db.com/exploits/10216
- https://nvd.nist.gov/vuln/detail/CVE-2009-4223
classification: classification:
cve-id: CVE-2009-4223 cve-id: CVE-2009-4223
tags: cve,cve2009,krweb,rfi tags: cve,cve2009,krweb,rfi
@ -28,3 +29,5 @@ requests:
part: interactsh_protocol part: interactsh_protocol
words: words:
- "http" - "http"
# Enhanced by mp on 2022/06/06

View File

@ -1,14 +1,15 @@
id: CVE-2009-4679 id: CVE-2009-4679
info: info:
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion name: Joomla! Portfolio Nexus - Remote File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. description: |
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/33440 - https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679 - https://www.cvedetails.com/cve/CVE-2009-4679
- http://secunia.com/advisories/37760 - https://nvd.nist.gov/vuln/detail/CVE-2009-4679
classification: classification:
cve-id: CVE-2009-4679 cve-id: CVE-2009-4679
tags: cve,cve2009,joomla,lfi,nexus tags: cve,cve2009,joomla,lfi,nexus
@ -28,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,15 +1,14 @@
id: CVE-2015-0554 id: CVE-2015-0554
info: info:
name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
author: daffainfo author: daffainfo
severity: high severity: high
description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
reference: reference:
- https://www.exploit-db.com/exploits/35721 - https://www.exploit-db.com/exploits/35721
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
- http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html - http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html
- http://www.exploit-db.com/exploits/35721 - https://nvd.nist.gov/vuln/detail/CVE-2015-0554
classification: classification:
cve-id: CVE-2015-0554 cve-id: CVE-2015-0554
tags: cve,cve2015,pirelli,router,disclosure tags: cve,cve2015,pirelli,router,disclosure
@ -32,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,14 +1,15 @@
id: CVE-2015-1000012 id: CVE-2015-1000012
info: info:
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI) name: WordPress MyPixs <=0.3 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.
reference: reference:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
- http://www.vapidlabs.com/advisory.php?v=154 - http://www.vapidlabs.com/advisory.php?v=154
- https://nvd.nist.gov/vuln/detail/CVE-2015-1000012
- http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 - http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -31,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/06

View File

@ -1,7 +1,7 @@
id: CVE-2015-1503 id: CVE-2015-1503
info: info:
name: IceWarp Mail Server Directory Traversal name: IceWarp Mail Server <11.1.1 - Directory Traversal
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
@ -33,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/06

View File

@ -1,10 +1,10 @@
id: CVE-2015-2067 id: CVE-2015-2067
info: info:
name: Magento Server Magmi Plugin - Directory Traversal name: Magento Server MAGMI - Directory Traversal
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/35996 - https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067 - https://nvd.nist.gov/vuln/detail/CVE-2015-2067
@ -28,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,10 +1,10 @@
id: CVE-2015-2166 id: CVE-2015-2166
info: info:
name: Ericsson Drutt MSDP (Instance Monitor) Directory Traversal name: Ericsson Drutt MSDP - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.
reference: reference:
- https://www.exploit-db.com/exploits/36619 - https://www.exploit-db.com/exploits/36619
- https://nvd.nist.gov/vuln/detail/CVE-2015-2166 - https://nvd.nist.gov/vuln/detail/CVE-2015-2166
@ -29,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,15 +1,16 @@
id: CVE-2015-3306 id: CVE-2015-3306
info: info:
name: ProFTPd RCE name: ProFTPd - Remote Code Execution
author: pdteam author: pdteam
severity: high severity: high
description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
reference: reference:
- https://github.com/t0kx/exploit-CVE-2015-3306 - https://github.com/t0kx/exploit-CVE-2015-3306
- https://www.exploit-db.com/exploits/36803/ - https://www.exploit-db.com/exploits/36803/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
classification: classification:
cve-id: CVE-2015-3306 cve-id: CVE-2015-3306
tags: cve,cve2015,ftp,rce,network,proftpd tags: cve,cve2015,ftp,rce,network,proftpd
@ -34,3 +35,5 @@ network:
part: raw part: raw
words: words:
- "Copy successful" - "Copy successful"
# Enhanced by mp on 2022/06/08

View File

@ -1,15 +1,16 @@
id: CVE-2015-3337 id: CVE-2015-3337
info: info:
name: Elasticsearch Head plugin LFI name: Elasticsearch - Local File Inclusion
author: pdteam author: pdteam
severity: high severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.
reference: reference:
- https://www.exploit-db.com/exploits/37054/ - https://www.exploit-db.com/exploits/37054/
- http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385 - http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385
- https://www.elastic.co/community/security - https://www.elastic.co/community/security
- http://www.debian.org/security/2015/dsa-3241 - http://www.debian.org/security/2015/dsa-3241
- https://nvd.nist.gov/vuln/detail/CVE-2015-3337
classification: classification:
cve-id: CVE-2015-3337 cve-id: CVE-2015-3337
tags: cve,cve2015,elastic,lfi,elasticsearch,plugin tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
@ -29,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -4,12 +4,13 @@ info:
name: ResourceSpace - Local File inclusion name: ResourceSpace - Local File inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.
reference: reference:
- https://vulners.com/cve/CVE-2015-3648/ - https://vulners.com/cve/CVE-2015-3648/
- http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/ - http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/
- http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738 - http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738
- http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html - http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3648
classification: classification:
cve-id: CVE-2015-3648 cve-id: CVE-2015-3648
tags: cve,cve2015,lfi,resourcespace tags: cve,cve2015,lfi,resourcespace
@ -29,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,10 +1,10 @@
id: CVE-2015-3897 id: CVE-2015-3897
info: info:
name: Bonita BPM 6.5.1 - Unauthenticated Directory Traversal name: Bonita BPM Portal <6.5.3 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
reference: reference:
- https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html - https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html
- https://www.bonitasoft.com/ - https://www.bonitasoft.com/
@ -37,3 +37,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:[x*]:0:0:" - "root:[x*]:0:0:"
# Enhanced by mp on 2022/06/08

View File

@ -1,15 +1,15 @@
id: CVE-2015-4050 id: CVE-2015-4050
info: info:
name: ESI unauthorized access name: Symfony - Authentication Bypass
author: ELSFA7110,meme-lord author: ELSFA7110,meme-lord
severity: high severity: high
description: FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.
reference: reference:
- https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
- http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
- http://www.debian.org/security/2015/dsa-3276 - http://www.debian.org/security/2015/dsa-3276
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
classification: classification:
cve-id: CVE-2015-4050 cve-id: CVE-2015-4050
tags: cve,cve2015,symfony,rce tags: cve,cve2015,symfony,rce
@ -29,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,13 +1,13 @@
id: CVE-2015-4414 id: CVE-2015-4414
info: info:
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/37274 - https://www.exploit-db.com/exploits/37274
- https://www.cvedetails.com/cve/CVE-2015-4414 - https://nvd.nist.gov/vuln/detail/CVE-2015-4414
- https://www.exploit-db.com/exploits/37274/ - https://www.exploit-db.com/exploits/37274/
- http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html - http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
classification: classification:
@ -29,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -4,12 +4,11 @@ info:
name: Koha 3.20.1 - Directory Traversal name: Koha 3.20.1 - Directory Traversal
author: daffainfo author: daffainfo
severity: high severity: high
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
reference: reference:
- https://www.exploit-db.com/exploits/37388 - https://www.exploit-db.com/exploits/37388
- https://www.cvedetails.com/cve/CVE-2015-4632 - https://www.cvedetails.com/cve/CVE-2015-4632
- https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ - https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
- https://www.exploit-db.com/exploits/37388/
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -31,4 +30,6 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,10 +1,10 @@
id: CVE-2015-5531 id: CVE-2015-5531
info: info:
name: ElasticSearch directory traversal vulnerability (CVE-2015-5531) name: ElasticSearch <1.6.1 - Local File Inclusion
author: princechaddha author: princechaddha
severity: high severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
reference: reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531 - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531 - https://nvd.nist.gov/vuln/detail/CVE-2015-5531
@ -55,3 +55,5 @@ requests:
- type: status - type: status
status: status:
- 400 - 400
# Enhanced by mp on 2022/06/08

View File

@ -1,14 +1,15 @@
id: CVE-2015-5688 id: CVE-2015-5688
info: info:
name: Geddy before v13.0.8 LFI name: Geddy <13.0.8 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
reference: reference:
- https://nodesecurity.io/advisories/geddy-directory-traversal - https://nodesecurity.io/advisories/geddy-directory-traversal
- https://github.com/geddy/geddy/issues/697 - https://github.com/geddy/geddy/issues/697
- https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231 - https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231
- https://nvd.nist.gov/vuln/detail/CVE-2015-5688
classification: classification:
cve-id: CVE-2015-5688 cve-id: CVE-2015-5688
tags: cve,cve2015,geddy,lfi tags: cve,cve2015,geddy,lfi
@ -28,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/08

View File

@ -1,10 +1,10 @@
id: CVE-2015-7297 id: CVE-2015-7297
info: info:
name: Joomla Core SQL Injection name: Joomla! Core SQL Injection
author: princechaddha author: princechaddha
severity: high severity: high
description: A SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2015-7297 - https://nvd.nist.gov/vuln/detail/CVE-2015-7297
- http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html

View File

@ -1,10 +1,10 @@
id: CVE-2015-8813 id: CVE-2015-8813
info: info:
name: Umbraco SSRF Vulnerability in Feedproxy.aspx name: Umbraco <7.4.0- Server-Side Request Forgery
author: emadshanab author: emadshanab
severity: high severity: high
description: A Server Side Request Forgery (SSRF) vulnerability in Umbraco in Feedproxy.aspx allows attackers to send arbitrary HTTP GET requests.Once you change the URL to the http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, you able to access the localhost application of the server description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
reference: reference:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
@ -27,3 +27,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
# Enhanced by mp on 2022/06/08

View File

@ -1,13 +1,14 @@
id: CVE-2016-0957 id: CVE-2016-0957
info: info:
name: Adobe AEM Console Disclosure name: Adobe AEM Dispatcher <4.15 - Rules Bypass
author: geeknik author: geeknik
severity: high severity: high
description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
reference: reference:
- https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html - https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html - https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-0957
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- "java.lang" - "java.lang"
- "(Runtime)" - "(Runtime)"
condition: and condition: and
# Enhanced by mp on 2022/06/08

View File

@ -1,10 +1,10 @@
id: CVE-2016-10924 id: CVE-2016-10924
info: info:
name: Wordpress eBook Download < 1.2 - Directory Traversal name: Wordpress Zedna eBook download <1.2 - Local File Inclusion
author: idealphase author: idealphase
severity: high severity: high
description: The Wordpress eBook Download plugin was affected by a filedownload.php Local File Inclusion security vulnerability. description: Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability.
reference: reference:
- https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c - https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
- https://www.exploit-db.com/exploits/39575 - https://www.exploit-db.com/exploits/39575
@ -34,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,14 +1,15 @@
id: CVE-2016-10956 id: CVE-2016-10956
info: info:
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) name: WordPress Mail Masta 1.0 - Local File Inclusion
author: daffainfo,0x240x23elu author: daffainfo,0x240x23elu
severity: high severity: high
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
reference: reference:
- https://cxsecurity.com/issue/WLB-2016080220 - https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609 - https://wpvulndb.com/vulnerabilities/8609
- https://wordpress.org/plugins/mail-masta/#developers - https://wordpress.org/plugins/mail-masta/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2016-10956
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
status: status:
- 200 - 200
- 500 - 500
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,16 @@
id: CVE-2016-2389 id: CVE-2016-2389
info: info:
name: SAP xMII 15.0 - Directory Traversal name: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
reference: reference:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389 - https://www.cvedetails.com/cve/CVE-2016-2389
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
- https://www.exploit-db.com/exploits/39837/ - https://www.exploit-db.com/exploits/39837/
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,15 @@
id: CVE-2016-3081 id: CVE-2016-3081
info: info:
name: Apache S2-032 Struts RCE name: Apache S2-032 Struts - Remote Code Execution
author: dhiyaneshDK author: dhiyaneshDK
severity: high severity: high
description: | description: |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).
reference: reference:
- https://cwiki.apache.org/confluence/display/WW/S2-032 - https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html - https://struts.apache.org/docs/s2-032.html
- http://www.securitytracker.com/id/1035665 - https://nvd.nist.gov/vuln/detail/CVE-2016-3081
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1 cvss-score: 8.1
@ -31,3 +31,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# Enhanced by mp on 2022/06/09

View File

@ -1,10 +1,10 @@
id: CVE-2016-6277 id: CVE-2016-6277
info: info:
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE name: NETGEAR Routers - Remote Code Execution
author: pikpikcu author: pikpikcu
severity: high severity: high
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
reference: reference:
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - https://nvd.nist.gov/vuln/detail/CVE-2016-6277
@ -32,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,10 +1,10 @@
id: CVE-2017-0929 id: CVE-2017-0929
info: info:
name: DotNetNuke ImageHandler SSRF name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
author: charanrayudu,meme-lord author: charanrayudu,meme-lord
severity: high severity: high
description: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
reference: reference:
- https://hackerone.com/reports/482634 - https://hackerone.com/reports/482634
- https://nvd.nist.gov/vuln/detail/CVE-2017-0929 - https://nvd.nist.gov/vuln/detail/CVE-2017-0929
@ -31,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 500 - 500
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,16 @@
id: CVE-2017-1000028 id: CVE-2017-1000028
info: info:
name: GlassFish LFI name: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
author: pikpikcu,daffainfo author: pikpikcu,daffainfo
severity: high severity: high
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.
reference: reference:
- https://www.exploit-db.com/exploits/45196 - https://www.exploit-db.com/exploits/45196
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
- https://www.exploit-db.com/exploits/45196/ - https://www.exploit-db.com/exploits/45196/
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000028
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -39,3 +40,5 @@ requests:
- "contains(body, 'extensions')" - "contains(body, 'extensions')"
- "status_code == 200" - "status_code == 200"
condition: and condition: and
# Enhanced by mp on 2022/06/09

View File

@ -1,14 +1,15 @@
id: CVE-2017-1000029 id: CVE-2017-1000029
info: info:
name: GlassFish Server Open Source Edition 3.0.1 - LFI name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.
reference: reference:
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784
- https://www.cvedetails.com/cve/CVE-2017-1000029 - https://www.cvedetails.com/cve/CVE-2017-1000029
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000029
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -30,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,14 +1,15 @@
id: CVE-2017-1000170 id: CVE-2017-1000170
info: info:
name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
description: jqueryFileTree 2.1.5 and older Directory Traversal description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
reference: reference:
- https://www.exploit-db.com/exploits/49693 - https://www.exploit-db.com/exploits/49693
- https://github.com/jqueryfiletree/jqueryfiletree/issues/66 - https://github.com/jqueryfiletree/jqueryfiletree/issues/66
- http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html - http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000170
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -5,12 +5,12 @@ info:
author: dr_set,ImNightmaree author: dr_set,ImNightmaree
severity: high severity: high
description: | description: |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
reference: reference:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc - https://github.com/SuperHacker-liuan/cve-2017-10271-poc
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securitytracker.com/id/1039608 - https://nvd.nist.gov/vuln/detail/CVE-2017-10271
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5 cvss-score: 7.5
@ -93,4 +93,6 @@ requests:
dsl: dsl:
- body == "{{randstr}}" - body == "{{randstr}}"
- status_code == 200 - status_code == 200
condition: and condition: and
# Enhanced by mp on 2022/06/09

View File

@ -1,14 +1,13 @@
id: CVE-2017-10974 id: CVE-2017-10974
info: info:
name: Yaws 1.91 - Remote File Disclosure name: Yaws 1.91 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080 description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.
reference: reference:
- https://www.exploit-db.com/exploits/42303 - https://www.exploit-db.com/exploits/42303
- https://nvd.nist.gov/vuln/detail/CVE-2017-10974 - https://nvd.nist.gov/vuln/detail/CVE-2017-10974
- https://www.exploit-db.com/exploits/42303/
- http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt - http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -34,4 +33,6 @@ requests:
- type: dsl - type: dsl
dsl: dsl:
- '!contains(tolower(body), "<html")' - '!contains(tolower(body), "<html")'
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,16 @@
id: CVE-2017-11512 id: CVE-2017-11512
info: info:
name: ManageEngine ServiceDesk - Arbitrary File Retrieval name: ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: | description: |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
reference: reference:
- https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html - https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html
- https://www.cvedetails.com/cve/CVE-2017-11512 - https://www.cvedetails.com/cve/CVE-2017-11512
- https://www.tenable.com/security/research/tra-2017-31 - https://www.tenable.com/security/research/tra-2017-31
- https://nvd.nist.gov/vuln/detail/CVE-2017-11512
- https://web.archive.org/web/20210116180015/https://www.securityfocus.com/bid/101789/ - https://web.archive.org/web/20210116180015/https://www.securityfocus.com/bid/101789/
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -36,3 +37,5 @@ requests:
- "fonts" - "fonts"
- "extensions" - "extensions"
condition: and condition: and
# Enhanced by mp on 2022/06/09

View File

@ -1,10 +1,10 @@
id: CVE-2017-11610 id: CVE-2017-11610
info: info:
name: Supervisor XMLRPC Exec name: XML-RPC Server - Remote Code Execution
author: notnotnotveg author: notnotnotveg
severity: high severity: high
description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.
reference: reference:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md
- https://nvd.nist.gov/vuln/detail/CVE-2017-11610 - https://nvd.nist.gov/vuln/detail/CVE-2017-11610
@ -54,3 +54,5 @@ requests:
- "<methodResponse>" - "<methodResponse>"
- "<int>" - "<int>"
condition: and condition: and
# Enhanced by mp on 2022/06/09

View File

@ -1,18 +1,16 @@
id: CVE-2017-12615 id: CVE-2017-12615
info: info:
name: Apache Tomcat RCE name: Apache Tomcat Servers - Remote Code Execution
author: pikpikcu author: pikpikcu
severity: high severity: high
description: | description: |
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers. Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
reference: reference:
- https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615 - https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E - https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
- http://www.securitytracker.com/id/1039392 - http://www.securitytracker.com/id/1039392
- https://nvd.nist.gov/vuln/detail/CVE-2017-12615
- http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901 - http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -57,3 +55,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,14 @@
id: CVE-2017-12637 id: CVE-2017-12637
info: info:
name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5 name: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
author: apt-mirror author: apt-mirror
severity: high severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
reference: reference:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
- http://www.sh0w.top/index.php/archives/7/ - http://www.sh0w.top/index.php/archives/7/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +31,5 @@ requests:
- "META-INF" - "META-INF"
condition: and condition: and
part: body part: body
# Enhanced by mp on 2022/06/09

View File

@ -1,13 +1,14 @@
id: CVE-2017-14849 id: CVE-2017-14849
info: info:
name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal name: Node.js <8.6.0 - Directory Traversal
author: Random_Robbie author: Random_Robbie
severity: high severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
reference: reference:
- https://twitter.com/nodejs/status/913131152868876288 - https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- https://nvd.nist.gov/vuln/detail/CVE-2017-14849
- http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056 - http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -29,3 +30,5 @@ requests:
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
part: body part: body
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,16 @@
id: CVE-2017-15363 id: CVE-2017-15363
info: info:
name: TYPO3 Restler - Arbitrary File Retrieval name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/42985 - https://www.exploit-db.com/exploits/42985
- https://www.cvedetails.com/cve/CVE-2017-15363 - https://www.cvedetails.com/cve/CVE-2017-15363
- https://extensions.typo3.org/extension/restler/ - https://extensions.typo3.org/extension/restler/
- https://extensions.typo3.org/extension/download/restler/1.7.1/zip/ - https://extensions.typo3.org/extension/download/restler/1.7.1/zip/
- https://nvd.nist.gov/vuln/detail/CVE-2017-15363
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -37,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,14 +1,15 @@
id: CVE-2017-15647 id: CVE-2017-15647
info: info:
name: FiberHome - Directory Traversal name: FiberHome Routers - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference: reference:
- https://www.exploit-db.com/exploits/44054 - https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647 - https://www.cvedetails.com/cve/CVE-2017-15647
- https://blogs.securiteam.com/index.php/archives/3472 - https://blogs.securiteam.com/index.php/archives/3472
- https://nvd.nist.gov/vuln/detail/CVE-2017-15647
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -31,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,15 +1,15 @@
id: CVE-2017-15715 id: CVE-2017-15715
info: info:
name: Apache Arbitrary File Upload name: Apache httpd <=2.4.29 - Arbitrary File Upload
author: geeknik author: geeknik
severity: high severity: high
description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
reference: reference:
- https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 - https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
- https://httpd.apache.org/security/vulnerabilities_24.html - https://httpd.apache.org/security/vulnerabilities_24.html
- http://www.openwall.com/lists/oss-security/2018/03/24/6 - http://www.openwall.com/lists/oss-security/2018/03/24/6
- http://www.securitytracker.com/id/1040570 - https://nvd.nist.gov/vuln/detail/CVE-2017-15715
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1 cvss-score: 8.1
@ -46,3 +46,5 @@ requests:
- type: dsl - type: dsl
dsl: dsl:
- 'contains(body_2, "{{randstr_1}}")' - 'contains(body_2, "{{randstr_1}}")'
# Enhanced by mp on 2022/06/09

View File

@ -1,13 +1,14 @@
id: CVE-2017-16877 id: CVE-2017-16877
info: info:
name: Nextjs v2.4.1 LFI name: Nextjs <2.4.1 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference: reference:
- https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 - https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
- https://github.com/zeit/next.js/releases/tag/2.4.1 - https://github.com/zeit/next.js/releases/tag/2.4.1
- https://nvd.nist.gov/vuln/detail/CVE-2017-16877
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/09

View File

@ -1,10 +1,10 @@
id: CVE-2020-29597 id: CVE-2020-29597
info: info:
name: IncomCMS 2.0 - Arbitary files upload name: IncomCMS 2.0 - Arbitrary File Upload
author: princechaddha author: princechaddha
severity: critical severity: critical
description: | description: |
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server. IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
reference: reference:
- https://github.com/Trhackno/CVE-2020-29597 - https://github.com/Trhackno/CVE-2020-29597
- https://nvd.nist.gov/vuln/detail/CVE-2020-29597 - https://nvd.nist.gov/vuln/detail/CVE-2020-29597
@ -43,3 +43,5 @@ requests:
- contains(body_1, '\"name\":\"{{randstr}}.png\"') - contains(body_1, '\"name\":\"{{randstr}}.png\"')
- status_code_2 == 200 - status_code_2 == 200
condition: and condition: and
# Enhanced by CS 06/06/2022

View File

@ -4,7 +4,7 @@ info:
name: ChronoForums 2.0.11 - Directory Traversal name: ChronoForums 2.0.11 - Directory Traversal
author: 0x_Akoko author: 0x_Akoko
severity: medium severity: medium
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, like for instance Joomla's configuration file containing secret credentials. description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, for example the Joomla! configuration file which contains credentials.
reference: reference:
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - https://herolab.usd.de/en/security-advisories/usd-2021-0007/
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377 - https://nvd.nist.gov/vuln/detail/CVE-2021-28377

View File

@ -1,10 +1,10 @@
id: joomla-config-dist-file id: joomla-config-dist-file
info: info:
name: Joomla Config Dist File name: Joomla! Config Dist File
author: oppsec author: oppsec
severity: low severity: low
description: configuration.php-dist is a file created by Joomla to save Joomla settings. description: configuration.php-dist is a file created by Joomla! to save Joomla settings.
tags: config,exposure,joomla tags: config,exposure,joomla
requests: requests:

View File

@ -1,10 +1,10 @@
id: joomla-htaccess-file id: joomla-htaccess-file
info: info:
name: Joomla htaccess file disclosure name: Joomla! htaccess file disclosure
author: oppsec author: oppsec
severity: info severity: info
description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc. description: Joomla! has an htaccess file to store configurations about HTTP config, directory listing, etc.
tags: misc,joomla tags: misc,joomla
requests: requests:

View File

@ -1,10 +1,10 @@
id: joomla-manifest-file id: joomla-manifest-file
info: info:
name: Joomla Manifest File Disclosure name: Joomla! Manifest File Disclosure
author: oppsec author: oppsec
severity: info severity: info
description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths. description: A Joomla! Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla!, such as version, files, and paths.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3

View File

@ -1,11 +1,11 @@
id: rusty-joomla id: rusty-joomla
info: info:
name: Joomla CMS <=3.4.6 - Remote Code Execution name: Joomla! CMS <=3.4.6 - Remote Code Execution
author: leovalcante,kiks7 author: leovalcante,kiks7
severity: critical severity: critical
description: | description: |
Joomla CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution. Joomla! CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
reference: reference:
- https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/ - https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/
- https://github.com/kiks7/rusty_joomla_rce - https://github.com/kiks7/rusty_joomla_rce

View File

@ -25,5 +25,4 @@ requests:
- "e807f1fcf82d132f9bb018ca6738a19f" - "e807f1fcf82d132f9bb018ca6738a19f"
part: body part: body
# Enhanced by mp on 2022/03/02
# Enhanced by ritikchaddha on 2022/05/05 # Enhanced by ritikchaddha on 2022/05/05

View File

@ -3,7 +3,7 @@ id: joomla-workflow
info: info:
name: Joomla! Security Checks name: Joomla! Security Checks
author: daffainfo author: daffainfo
description: A simple workflow that runs all Joomla related nuclei templates on a given target. description: A simple workflow that runs all Joomla! related nuclei templates on a given target.
workflows: workflows:
- template: technologies/tech-detect.yaml - template: technologies/tech-detect.yaml