parent
4cc13bb57f
commit
b883737198
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2009-3318
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_album 1.14 - Directory Traversal
|
||||
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
|
||||
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
|
||||
- http://www.securityfocus.com/bid/36441
|
||||
classification:
|
||||
cve-id: CVE-2009-3318
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2009-4202
|
||||
|
||||
info:
|
||||
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4202
|
||||
- http://www.vupen.com/english/advisories/2009/1494
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
|
||||
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
|
||||
classification:
|
||||
cve-id: CVE-2009-4202
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2009-4223
|
||||
|
||||
info:
|
||||
name: KR-Web <= 1.1b2 RFI
|
||||
name: KR-Web <=1.1b2 - Remote File Inclusion
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
|
||||
description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/krw/
|
||||
- https://www.exploit-db.com/exploits/10216
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
|
||||
- http://www.exploit-db.com/exploits/10216
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4223
|
||||
classification:
|
||||
cve-id: CVE-2009-4223
|
||||
tags: cve,cve2009,krweb,rfi
|
||||
|
@ -28,3 +29,5 @@ requests:
|
|||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/06/06
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2009-4679
|
||||
|
||||
info:
|
||||
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
|
||||
name: Joomla! Portfolio Nexus - Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: |
|
||||
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
- http://secunia.com/advisories/37760
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
|
||||
classification:
|
||||
cve-id: CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi,nexus
|
||||
|
@ -28,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2015-0554
|
||||
|
||||
info:
|
||||
name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
|
||||
name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
|
||||
description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35721
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
|
||||
- http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html
|
||||
- http://www.exploit-db.com/exploits/35721
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
|
||||
classification:
|
||||
cve-id: CVE-2015-0554
|
||||
tags: cve,cve2015,pirelli,router,disclosure
|
||||
|
@ -32,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2015-1000012
|
||||
|
||||
info:
|
||||
name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
|
||||
name: WordPress MyPixs <=0.3 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
|
||||
description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
|
||||
- http://www.vapidlabs.com/advisory.php?v=154
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-1000012
|
||||
- http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/06
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2015-1503
|
||||
|
||||
info:
|
||||
name: IceWarp Mail Server Directory Traversal
|
||||
name: IceWarp Mail Server <11.1.1 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
|
||||
|
@ -33,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/06
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-2067
|
||||
|
||||
info:
|
||||
name: Magento Server Magmi Plugin - Directory Traversal
|
||||
name: Magento Server MAGMI - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35996
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
|
||||
|
@ -28,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-2166
|
||||
|
||||
info:
|
||||
name: Ericsson Drutt MSDP (Instance Monitor) Directory Traversal
|
||||
name: Ericsson Drutt MSDP - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
|
||||
description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36619
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2166
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2015-3306
|
||||
|
||||
info:
|
||||
name: ProFTPd RCE
|
||||
name: ProFTPd - Remote Code Execution
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
|
||||
description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
|
||||
reference:
|
||||
- https://github.com/t0kx/exploit-CVE-2015-3306
|
||||
- https://www.exploit-db.com/exploits/36803/
|
||||
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
|
||||
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
|
||||
classification:
|
||||
cve-id: CVE-2015-3306
|
||||
tags: cve,cve2015,ftp,rce,network,proftpd
|
||||
|
@ -34,3 +35,5 @@ network:
|
|||
part: raw
|
||||
words:
|
||||
- "Copy successful"
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2015-3337
|
||||
|
||||
info:
|
||||
name: Elasticsearch Head plugin LFI
|
||||
name: Elasticsearch - Local File Inclusion
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
|
||||
description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37054/
|
||||
- http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385
|
||||
- https://www.elastic.co/community/security
|
||||
- http://www.debian.org/security/2015/dsa-3241
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-3337
|
||||
classification:
|
||||
cve-id: CVE-2015-3337
|
||||
tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -4,12 +4,13 @@ info:
|
|||
name: ResourceSpace - Local File inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
reference:
|
||||
- https://vulners.com/cve/CVE-2015-3648/
|
||||
- http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/
|
||||
- http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738
|
||||
- http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-3648
|
||||
classification:
|
||||
cve-id: CVE-2015-3648
|
||||
tags: cve,cve2015,lfi,resourcespace
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-3897
|
||||
|
||||
info:
|
||||
name: Bonita BPM 6.5.1 - Unauthenticated Directory Traversal
|
||||
name: Bonita BPM Portal <6.5.3 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
|
||||
description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html
|
||||
- https://www.bonitasoft.com/
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2015-4050
|
||||
|
||||
info:
|
||||
name: ESI unauthorized access
|
||||
name: Symfony - Authentication Bypass
|
||||
author: ELSFA7110,meme-lord
|
||||
severity: high
|
||||
description: FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
|
||||
description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.
|
||||
reference:
|
||||
- https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
|
||||
- http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
|
||||
- http://www.debian.org/security/2015/dsa-3276
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4050
|
||||
classification:
|
||||
cve-id: CVE-2015-4050
|
||||
tags: cve,cve2015,symfony,rce
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2015-4414
|
||||
|
||||
info:
|
||||
name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
|
||||
name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37274
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4414
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4414
|
||||
- https://www.exploit-db.com/exploits/37274/
|
||||
- http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
|
||||
classification:
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -4,12 +4,11 @@ info:
|
|||
name: Koha 3.20.1 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
|
||||
description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37388
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4632
|
||||
- https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
|
||||
- https://www.exploit-db.com/exploits/37388/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-5531
|
||||
|
||||
info:
|
||||
name: ElasticSearch directory traversal vulnerability (CVE-2015-5531)
|
||||
name: ElasticSearch <1.6.1 - Local File Inclusion
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
|
||||
description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531
|
||||
|
@ -55,3 +55,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 400
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2015-5688
|
||||
|
||||
info:
|
||||
name: Geddy before v13.0.8 LFI
|
||||
name: Geddy <13.0.8 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
|
||||
description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
|
||||
reference:
|
||||
- https://nodesecurity.io/advisories/geddy-directory-traversal
|
||||
- https://github.com/geddy/geddy/issues/697
|
||||
- https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-5688
|
||||
classification:
|
||||
cve-id: CVE-2015-5688
|
||||
tags: cve,cve2015,geddy,lfi
|
||||
|
@ -28,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-7297
|
||||
|
||||
info:
|
||||
name: Joomla Core SQL Injection
|
||||
name: Joomla! Core SQL Injection
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: A SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
|
||||
description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7297
|
||||
- http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2015-8813
|
||||
|
||||
info:
|
||||
name: Umbraco SSRF Vulnerability in Feedproxy.aspx
|
||||
name: Umbraco <7.4.0- Server-Side Request Forgery
|
||||
author: emadshanab
|
||||
severity: high
|
||||
description: A Server Side Request Forgery (SSRF) vulnerability in Umbraco in Feedproxy.aspx allows attackers to send arbitrary HTTP GET requests.Once you change the URL to the http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, you able to access the localhost application of the server
|
||||
description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
|
||||
reference:
|
||||
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
|
||||
|
@ -27,3 +27,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2016-0957
|
||||
|
||||
info:
|
||||
name: Adobe AEM Console Disclosure
|
||||
name: Adobe AEM Dispatcher <4.15 - Rules Bypass
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
|
||||
reference:
|
||||
- https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
|
||||
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-0957
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- "java.lang"
|
||||
- "(Runtime)"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2016-10924
|
||||
|
||||
info:
|
||||
name: Wordpress eBook Download < 1.2 - Directory Traversal
|
||||
name: Wordpress Zedna eBook download <1.2 - Local File Inclusion
|
||||
author: idealphase
|
||||
severity: high
|
||||
description: The Wordpress eBook Download plugin was affected by a filedownload.php Local File Inclusion security vulnerability.
|
||||
description: Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
|
||||
- https://www.exploit-db.com/exploits/39575
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2016-10956
|
||||
|
||||
info:
|
||||
name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
|
||||
name: WordPress Mail Masta 1.0 - Local File Inclusion
|
||||
author: daffainfo,0x240x23elu
|
||||
severity: high
|
||||
description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
||||
description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
|
||||
reference:
|
||||
- https://cxsecurity.com/issue/WLB-2016080220
|
||||
- https://wpvulndb.com/vulnerabilities/8609
|
||||
- https://wordpress.org/plugins/mail-masta/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10956
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
- 500
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2016-2389
|
||||
|
||||
info:
|
||||
name: SAP xMII 15.0 - Directory Traversal
|
||||
name: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||
reference:
|
||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/39837/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2016-3081
|
||||
|
||||
info:
|
||||
name: Apache S2-032 Struts RCE
|
||||
name: Apache S2-032 Struts - Remote Code Execution
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
|
||||
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).
|
||||
reference:
|
||||
- https://cwiki.apache.org/confluence/display/WW/S2-032
|
||||
- https://struts.apache.org/docs/s2-032.html
|
||||
- http://www.securitytracker.com/id/1035665
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-3081
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
|
@ -31,3 +31,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2016-6277
|
||||
|
||||
info:
|
||||
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
|
||||
name: NETGEAR Routers - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
||||
description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
||||
reference:
|
||||
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2017-0929
|
||||
|
||||
info:
|
||||
name: DotNetNuke ImageHandler SSRF
|
||||
name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
|
||||
author: charanrayudu,meme-lord
|
||||
severity: high
|
||||
description: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
|
||||
description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
|
||||
reference:
|
||||
- https://hackerone.com/reports/482634
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-0929
|
||||
|
@ -31,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2017-1000028
|
||||
|
||||
info:
|
||||
name: GlassFish LFI
|
||||
name: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
|
||||
author: pikpikcu,daffainfo
|
||||
severity: high
|
||||
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
|
||||
description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45196
|
||||
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
|
||||
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
|
||||
- https://www.exploit-db.com/exploits/45196/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000028
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -39,3 +40,5 @@ requests:
|
|||
- "contains(body, 'extensions')"
|
||||
- "status_code == 200"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2017-1000029
|
||||
|
||||
info:
|
||||
name: GlassFish Server Open Source Edition 3.0.1 - LFI
|
||||
name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
|
||||
description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.
|
||||
reference:
|
||||
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784
|
||||
- https://www.cvedetails.com/cve/CVE-2017-1000029
|
||||
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000029
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2017-1000170
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal
|
||||
name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: jqueryFileTree 2.1.5 and older Directory Traversal
|
||||
description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49693
|
||||
- https://github.com/jqueryfiletree/jqueryfiletree/issues/66
|
||||
- http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000170
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -5,12 +5,12 @@ info:
|
|||
author: dr_set,ImNightmaree
|
||||
severity: high
|
||||
description: |
|
||||
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
|
||||
- http://www.securitytracker.com/id/1039608
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-10271
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
|
@ -94,3 +94,5 @@ requests:
|
|||
- body == "{{randstr}}"
|
||||
- status_code == 200
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
id: CVE-2017-10974
|
||||
|
||||
info:
|
||||
name: Yaws 1.91 - Remote File Disclosure
|
||||
name: Yaws 1.91 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080
|
||||
description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/42303
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-10974
|
||||
- https://www.exploit-db.com/exploits/42303/
|
||||
- http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -35,3 +34,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(tolower(body), "<html")'
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2017-11512
|
||||
|
||||
info:
|
||||
name: ManageEngine ServiceDesk - Arbitrary File Retrieval
|
||||
name: ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: |
|
||||
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
|
||||
ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
|
||||
reference:
|
||||
- https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html
|
||||
- https://www.cvedetails.com/cve/CVE-2017-11512
|
||||
- https://www.tenable.com/security/research/tra-2017-31
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11512
|
||||
- https://web.archive.org/web/20210116180015/https://www.securityfocus.com/bid/101789/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2017-11610
|
||||
|
||||
info:
|
||||
name: Supervisor XMLRPC Exec
|
||||
name: XML-RPC Server - Remote Code Execution
|
||||
author: notnotnotveg
|
||||
severity: high
|
||||
description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
|
||||
description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.
|
||||
reference:
|
||||
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11610
|
||||
|
@ -54,3 +54,5 @@ requests:
|
|||
- "<methodResponse>"
|
||||
- "<int>"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,18 +1,16 @@
|
|||
id: CVE-2017-12615
|
||||
|
||||
info:
|
||||
name: Apache Tomcat RCE
|
||||
name: Apache Tomcat Servers - Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
|
||||
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
|
||||
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
|
||||
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
|
||||
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
|
||||
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
|
||||
- http://www.securitytracker.com/id/1039392
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12615
|
||||
- http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
|
@ -57,3 +55,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2017-12637
|
||||
|
||||
info:
|
||||
name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
|
||||
name: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
|
||||
author: apt-mirror
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
|
||||
description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2017-12637/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
|
||||
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
|
||||
- http://www.sh0w.top/index.php/archives/7/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +31,5 @@ requests:
|
|||
- "META-INF"
|
||||
condition: and
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2017-14849
|
||||
|
||||
info:
|
||||
name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal
|
||||
name: Node.js <8.6.0 - Directory Traversal
|
||||
author: Random_Robbie
|
||||
severity: high
|
||||
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
|
||||
description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
|
||||
reference:
|
||||
- https://twitter.com/nodejs/status/913131152868876288
|
||||
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14849
|
||||
- http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2017-15363
|
||||
|
||||
info:
|
||||
name: TYPO3 Restler - Arbitrary File Retrieval
|
||||
name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.
|
||||
description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/42985
|
||||
- https://www.cvedetails.com/cve/CVE-2017-15363
|
||||
- https://extensions.typo3.org/extension/restler/
|
||||
- https://extensions.typo3.org/extension/download/restler/1.7.1/zip/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-15363
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2017-15647
|
||||
|
||||
info:
|
||||
name: FiberHome - Directory Traversal
|
||||
name: FiberHome Routers - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
||||
description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44054
|
||||
- https://www.cvedetails.com/cve/CVE-2017-15647
|
||||
- https://blogs.securiteam.com/index.php/archives/3472
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-15647
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2017-15715
|
||||
|
||||
info:
|
||||
name: Apache Arbitrary File Upload
|
||||
name: Apache httpd <=2.4.29 - Arbitrary File Upload
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
|
||||
description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
|
||||
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||
- http://www.openwall.com/lists/oss-security/2018/03/24/6
|
||||
- http://www.securitytracker.com/id/1040570
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-15715
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body_2, "{{randstr_1}}")'
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2017-16877
|
||||
|
||||
info:
|
||||
name: Nextjs v2.4.1 LFI
|
||||
name: Nextjs <2.4.1 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
||||
description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
||||
reference:
|
||||
- https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
|
||||
- https://github.com/zeit/next.js/releases/tag/2.4.1
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-16877
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2020-29597
|
||||
info:
|
||||
name: IncomCMS 2.0 - Arbitary files upload
|
||||
name: IncomCMS 2.0 - Arbitrary File Upload
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: |
|
||||
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
|
||||
IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
|
||||
reference:
|
||||
- https://github.com/Trhackno/CVE-2020-29597
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-29597
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- contains(body_1, '\"name\":\"{{randstr}}.png\"')
|
||||
- status_code_2 == 200
|
||||
condition: and
|
||||
|
||||
# Enhanced by CS 06/06/2022
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: ChronoForums 2.0.11 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, like for instance Joomla's configuration file containing secret credentials.
|
||||
description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, for example the Joomla! configuration file which contains credentials.
|
||||
reference:
|
||||
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: joomla-config-dist-file
|
||||
|
||||
info:
|
||||
name: Joomla Config Dist File
|
||||
name: Joomla! Config Dist File
|
||||
author: oppsec
|
||||
severity: low
|
||||
description: configuration.php-dist is a file created by Joomla to save Joomla settings.
|
||||
description: configuration.php-dist is a file created by Joomla! to save Joomla settings.
|
||||
tags: config,exposure,joomla
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: joomla-htaccess-file
|
||||
|
||||
info:
|
||||
name: Joomla htaccess file disclosure
|
||||
name: Joomla! htaccess file disclosure
|
||||
author: oppsec
|
||||
severity: info
|
||||
description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc.
|
||||
description: Joomla! has an htaccess file to store configurations about HTTP config, directory listing, etc.
|
||||
tags: misc,joomla
|
||||
|
||||
requests:
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: joomla-manifest-file
|
||||
|
||||
info:
|
||||
name: Joomla Manifest File Disclosure
|
||||
name: Joomla! Manifest File Disclosure
|
||||
author: oppsec
|
||||
severity: info
|
||||
description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
|
||||
description: A Joomla! Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla!, such as version, files, and paths.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: rusty-joomla
|
||||
|
||||
info:
|
||||
name: Joomla CMS <=3.4.6 - Remote Code Execution
|
||||
name: Joomla! CMS <=3.4.6 - Remote Code Execution
|
||||
author: leovalcante,kiks7
|
||||
severity: critical
|
||||
description: |
|
||||
Joomla CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
|
||||
Joomla! CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution.
|
||||
reference:
|
||||
- https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/
|
||||
- https://github.com/kiks7/rusty_joomla_rce
|
||||
|
|
|
@ -25,5 +25,4 @@ requests:
|
|||
- "e807f1fcf82d132f9bb018ca6738a19f"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/03/02
|
||||
# Enhanced by ritikchaddha on 2022/05/05
|
||||
|
|
|
@ -3,7 +3,7 @@ id: joomla-workflow
|
|||
info:
|
||||
name: Joomla! Security Checks
|
||||
author: daffainfo
|
||||
description: A simple workflow that runs all Joomla related nuclei templates on a given target.
|
||||
description: A simple workflow that runs all Joomla! related nuclei templates on a given target.
|
||||
|
||||
workflows:
|
||||
- template: technologies/tech-detect.yaml
|
||||
|
|
Loading…
Reference in New Issue