Merge branch 'main' into master

.github/auto_assign.yml

@@ -0,0 +1,30 @@
+# Set to true to add reviewers to pull requests
+addReviewers: true
+
+# Set to true to add assignees to pull requests
+addAssignees: true
+
+# A list of reviewers to be added to pull requests (GitHub user name)
+reviewers:
+  - ritikchaddha
+  - DhiyaneshGeek
+  - pussycat0x
+
+# A number of reviewers added to the pull request
+# Set 0 to add all the reviewers (default: 0)
+numberOfReviewers: 1
+
+ # A list of assignees, overrides reviewers if set
+assignees:
+  - DhiyaneshGeek
+  - pussycat0x
+  - ritikchaddha
+
+# A number of assignees to add to the pull request
+# Set to 0 to add all of the assignees.
+# Uses numberOfReviewers if unset.
+numberOfAssignees: 1
+
+# A list of keywords to be skipped the process that add reviewers if pull requests include it
+# skipKeywords:
+#   - wip

.github/dependabot.yml

@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "main"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "Type: Maintenance"

.github/scripts/yaml2json.go

@@ -0,0 +1,93 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+)
+
+type Classification struct {
+	CVSSScore string `yaml:"cvss-score,omitempty"`
+}
+
+type Info struct {
+	Name        string         `yaml:"name"`
+	Severity    string         `yaml:"severity"`
+	Description string         `yaml:"description"`
+	Classification Classification `yaml:"classification,omitempty"`
+}
+
+type Data struct {
+	ID          string `yaml:"id"`
+	Info        Info   `yaml:"info"`
+	FilePath    string `json:"file_path"`
+}
+
+func main() {
+	if len(os.Args) != 3 {
+		fmt.Println("Usage: go run main.go <directory> <output_file>")
+		os.Exit(1)
+	}
+
+	directory := os.Args[1]
+	outputFile := os.Args[2]
+
+	var data []Data
+
+	err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error {
+		if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
+			yamlFile, err := ioutil.ReadFile(path)
+                if err != nil {
+                    fmt.Printf("Error reading YAML file %s: %v\n", path, err)
+                    return err
+                }
+    
+                var d Data
+                err = yaml.Unmarshal(yamlFile, &d)
+                if err != nil {
+                    fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err)
+                    return err
+                }
+                if d.Info.Classification.CVSSScore == "" {
+                    d.Info.Classification.CVSSScore = "N/A"
+                }
+                if d.Info.Classification == (Classification{}) {
+                    d.Info.Classification.CVSSScore = "N/A"
+                }
+		fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1)
+                d.FilePath = fpath
+    
+                data = append(data, d)
+            }
+            return nil
+        })
+    
+        if err != nil {
+            fmt.Printf("Error reading directory: %v\n", err)
+            os.Exit(1)
+        }
+    
+        var jsonData []byte
+        for _, d := range data {
+            temp, err := json.Marshal(d)
+            if err != nil {
+                fmt.Printf("Error marshalling JSON: %v\n", err)
+                os.Exit(1)
+            }
+            jsonData = append(jsonData, temp...)
+            jsonData = append(jsonData, byte('\n'))
+        }
+        err = ioutil.WriteFile(outputFile, jsonData, 0644)
+        if err != nil {
+            fmt.Printf("Error writing JSON data to file: %v\n", err)
+            os.Exit(1)
+        }
+    
+        fmt.Println("JSON data written to", outputFile)
+    }
+    

.github/workflows/cache-purge.yml

@@ -10,6 +10,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
+      # Wait for 5 minutes
+      - name: Wait for 2 minutes
+        run: sleep 120
+
       - name: Purge cache
         uses: jakejarvis/cloudflare-purge-action@master
         env:

.github/workflows/cve-annotate.yml

@@ -3,28 +3,26 @@ name: ✍🏻 CVE Annotate
 on:
   push:
     branches:
-      - master
+      - main
+    paths:
+      - 'cves/**.yaml'
   workflow_dispatch:
 
 jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
+        with: 
+          fetch-depth: 0
 
-      - name: Get Github tag
+      - name: Set up Go
-        id: meta
+        uses: actions/setup-go@v4
-        run: |
+        with:
-          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
+          go-version: 1.19
 
-      - name: Setup CVE annotate
+      - name: cve-annotate install
-        if: steps.meta.outputs.TAG != ''
+        run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
-        env:
-          VERSION: ${{ steps.meta.outputs.TAG }}
-        run: |
-          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
-          sudo unzip cve-annotate.zip -d /usr/local/bin
-        working-directory: /tmp
 
       - name: Generate CVE Annotations
         id: cve-annotate

.github/workflows/cve2json.yml

@@ -0,0 +1,40 @@
+name: Generate JSON Metadata of CVE Templates 
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'cves/**'
+  workflow_dispatch: # allows manual triggering of the workflow
+
+jobs:
+  cve2json:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
+          check-latest: true
+          
+      - name: Run yaml2json.go to generate cves.json
+        run: |
+           go env -w GO111MODULE=off
+           go get gopkg.in/yaml.v3
+           go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/cves/ cves.json
+           md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
+          
+      - name: Commit files
+        run: |
+          git pull
+          git add cves.json cves.json-checksum.txt
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/new-templates.yml

@@ -3,7 +3,9 @@ name: 🥳 New Template List
 on:
   push:
     branches:
-      - master
+      - main
+    paths:
+      - '**.yaml'
   workflow_dispatch:
 
 jobs:

.github/workflows/readme-update.yml

@@ -22,7 +22,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: "3.8"
 

.github/workflows/syntax-checking.yml

@@ -1,6 +1,10 @@
 name: ❄️ YAML Lint
 
-on: [push, pull_request]
+on:
+  pull_request:
+    paths:
+      - '**.yaml'
+  workflow_dispatch:
 
 jobs:
   build:
@@ -8,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Yamllint
-        uses: karancode/yamllint-github-action@master
+        uses: karancode/yamllint-github-action@v2.1.1
         with:
           yamllint_config_filepath: .yamllint
           yamllint_strict: false

.github/workflows/template-checksum.yml

@@ -2,18 +2,21 @@ name: 📝 Template Checksum
 
 on:
   push:
-    tags:
+    branches:
-      - '*'
+      - main
-  workflow_dispatch:
+    paths:
+      - '**.yaml'
+  workflow_dispatch: # allows manual triggering of the workflow
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - uses: actions/setup-go@v2
+      - name: Set up Go
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: 1.19
 
       - name: install checksum generator
         run: |
@@ -35,4 +38,3 @@ jobs:
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: master

.github/workflows/template-db-indexer.yml

@@ -3,16 +3,19 @@ name: 📑 Template-DB Indexer
 on:
   push:
     branches:
-      - master
+      - main
+    paths:
+      - '**.yaml'
   workflow_dispatch:
 
 jobs:
   index:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v2
+      - name: Set up Go
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.17
+          go-version: 1.19
 
       - name: Installing Indexer
         run: |

.github/workflows/template-validate.yml

@@ -1,26 +1,26 @@
 name: 🛠 Template Validate
 
-on: [ push, pull_request ]
+on:
+  pull_request:
+    paths:
+      - '**.yaml'
+  workflow_dispatch:
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
+        with: 
+          fetch-depth: 0
 
-      - name: Get Github tag
+      - name: Set up Go
-        id: meta
+        uses: actions/setup-go@v4
-        run: |
+        with:
-          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
+          go-version: 1.19
 
-      - name: Setup Nuclei
+      - name: nuclei install
-        if: steps.meta.outputs.TAG != ''
+        run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
-        env:
-          VERSION: ${{ steps.meta.outputs.TAG }}
-        run: |
-          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
-          sudo unzip nuclei*.zip -d /usr/local/bin
-        working-directory: /tmp
 
       - name: Template Validation
         run: |

.github/workflows/templates-stats.yml

@@ -10,10 +10,14 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v2
         with: 
-          go-version: 1.18
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
 
       - name: Installing Template Stats
         run: |
@@ -52,4 +56,3 @@ jobs:
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: master

.github/workflows/wordpress-plugins-update.yml

@@ -1,8 +1,10 @@
 name: ✨ WordPress Plugins - Update
+
 on:
   schedule:
     - cron: "0 4 * * *" # every day at 4am UTC
   workflow_dispatch:
+
 jobs:
   Update:
     runs-on: ubuntu-latest

.new-additions

@@ -0,0 +1,3 @@
+exposed-panels/aspect-control-panel.yaml
+misconfiguration/default-spx-key.yaml
+network/enumeration/beanstalk-service.yaml

.nuclei-ignore

@@ -33,6 +33,5 @@ files:
   - cves/2020/CVE-2020-2036.yaml
   - cves/2020/CVE-2020-28351.yaml
   - cves/2021/CVE-2021-35265.yaml
-  - vulnerabilities/generic/basic-xss-prober.yaml
   - vulnerabilities/oracle/oracle-ebs-xss.yaml
   - vulnerabilities/other/nginx-module-vts-xss.yaml

.yamllint

@@ -3,7 +3,9 @@ extends: default
 
 ignore: |
   .pre-commit-config.yml
-  .github/workflows/*.yml
+  .github/
+  .git/
+  *.yml
 
 rules:
   document-start: disable
@@ -15,3 +17,5 @@ rules:
     require-starting-space: true
     ignore-shebangs: true
     min-spaces-from-content: 1
+  empty-lines:
+    max: 5

README.md

@@ -41,19 +41,19 @@ An overview of the nuclei template project, including statistics on unique tags,
 ## Nuclei Templates Top 10 statistics
 
 |    TAG    | COUNT |    AUTHOR    | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
-|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
+|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1552 | dhiyaneshdk   |   701 | cves             |  1529 | info     |  1671 | http    |  4330 |
+| cve       |  1734 | dhiyaneshdk  |   799 | cves             |  1713 | info     |  2807 | http    |  5646 |
-| panel     |   780 | daffainfo     |   662 | exposed-panels   |   782 | high     |  1152 | file    |    78 |
+| panel     |   870 | dwisiswant0  |   793 | exposed-panels   |   862 | high     |  1216 | file    |   117 |
-| edb       |   582 | pikpikcu      |   344 | vulnerabilities  |   520 | medium   |   837 | network |    77 |
+| wordpress |   756 | daffainfo    |   662 | osint            |   630 | medium   |   984 | network |    88 |
-| exposure  |   551 | pdteam        |   274 | misconfiguration |   361 | critical |   552 | dns     |    17 |
+| exposure  |   652 | pikpikcu     |   353 | technologies     |   561 | critical |   645 | dns     |    18 |
-| xss       |   543 | geeknik       |   206 | technologies     |   322 | low      |   281 |         |       |
+| wp-plugin |   647 | pdteam       |   276 | vulnerabilities  |   550 | low      |   215 |         |       |
-| lfi       |   519 | pussycat0x    |   172 | exposures        |   308 | unknown  |    25 |         |       |
+| osint     |   635 | pussycat0x   |   234 | misconfiguration |   428 | unknown  |    24 |         |       |
-| wordpress |   471 | dwisiswant0   |   171 | token-spray      |   236 |          |       |         |       |
+| xss       |   608 | geeknik      |   219 | exposures        |   374 |          |       |         |       |
-| cve2021   |   370 | 0x_akoko      |   170 | workflows        |   190 |          |       |         |       |
+| tech      |   598 | ricardomaia  |   214 | token-spray      |   240 |          |       |         |       |
-| wp-plugin |   366 | ritikchaddha  |   164 | default-logins   |   116 |          |       |         |       |
+| edb       |   595 | ritikchaddha |   195 | workflows        |   190 |          |       |         |       |
-| tech      |   360 | princechaddha |   153 | file             |    78 |          |       |         |       |
+| lfi       |   533 | 0x_akoko     |   179 | default-logins   |   127 |          |       |         |       |
 
-**335 directories, 5229 files**.
+**380 directories, 6318 files**.
 
 </td>
 </tr>

TOP-10.md

@@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR    | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
-|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
+|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1552 | dhiyaneshdk   |   701 | cves             |  1529 | info     |  1671 | http    |  4330 |
+| cve       |  1734 | dhiyaneshdk  |   799 | cves             |  1713 | info     |  2807 | http    |  5646 |
-| panel     |   780 | daffainfo     |   662 | exposed-panels   |   782 | high     |  1152 | file    |    78 |
+| panel     |   870 | dwisiswant0  |   793 | exposed-panels   |   862 | high     |  1216 | file    |   117 |
-| edb       |   582 | pikpikcu      |   344 | vulnerabilities  |   520 | medium   |   837 | network |    77 |
+| wordpress |   756 | daffainfo    |   662 | osint            |   630 | medium   |   984 | network |    88 |
-| exposure  |   551 | pdteam        |   274 | misconfiguration |   361 | critical |   552 | dns     |    17 |
+| exposure  |   652 | pikpikcu     |   353 | technologies     |   561 | critical |   645 | dns     |    18 |
-| xss       |   543 | geeknik       |   206 | technologies     |   322 | low      |   281 |         |       |
+| wp-plugin |   647 | pdteam       |   276 | vulnerabilities  |   550 | low      |   215 |         |       |
-| lfi       |   519 | pussycat0x    |   172 | exposures        |   308 | unknown  |    25 |         |       |
+| osint     |   635 | pussycat0x   |   234 | misconfiguration |   428 | unknown  |    24 |         |       |
-| wordpress |   471 | dwisiswant0   |   171 | token-spray      |   236 |          |       |         |       |
+| xss       |   608 | geeknik      |   219 | exposures        |   374 |          |       |         |       |
-| cve2021   |   370 | 0x_akoko      |   170 | workflows        |   190 |          |       |         |       |
+| tech      |   598 | ricardomaia  |   214 | token-spray      |   240 |          |       |         |       |
-| wp-plugin |   366 | ritikchaddha  |   164 | default-logins   |   116 |          |       |         |       |
+| edb       |   595 | ritikchaddha |   195 | workflows        |   190 |          |       |         |       |
-| tech      |   360 | princechaddha |   153 | file             |    78 |          |       |         |       |
+| lfi       |   533 | 0x_akoko     |   179 | default-logins   |   127 |          |       |         |       |

cnvd/2020/CNVD-2020-26585.yaml

@@ -0,0 +1,68 @@
+id: CNVD-2020-26585
+
+info:
+  name: Showdoc <2.8.6 - File Uploads
+  author: pikpikcu,Co5mos
+  severity: critical
+  description: |
+    ShowDoc is an online API and technical documentation tool that is very suitable for IT teams. Showdoc has a file upload vulnerability, which attackers can exploit to gain server permissions.
+  reference:
+    - https://vul.wangan.com/a/CNVD-2020-26585
+    - https://blog.csdn.net/qq_48985780/article/details/122211136
+    - https://github.com/star7th/showdoc/pull/1059
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
+    cvss-score: 9.9
+    cwe-id: CWE-434
+  metadata:
+    verified: true
+    fofa-query: app="ShowDoc"
+  tags: cnvd,cnvd2020,showdoc,fileupload
+
+requests:
+  - raw:
+      - |
+        POST /index.php?s=/home/page/uploadImg HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
+
+        ----------------------------835846770881083140190633
+        Content-Disposition: form-data; name="editormd-image-file"; filename="{{randstr}}.<>txt"
+        Content-Type: text/plain
+
+        test{{randstr}}
+        ----------------------------835846770881083140190633--
+
+      - |
+        GET /Public//Uploads//{{date}}//{{file}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "test{{randstr}}"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: date
+        part: body
+        group: 1
+        regex:
+          - '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)'
+        internal: true
+
+      - type: regex
+        name: file
+        part: body
+        group: 2
+        regex:
+          - '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)'
+        internal: true
+
+# Enhanced by mp on 2022/05/30

cnvd/2021/CNVD-2021-10543.yaml

@@ -4,12 +4,12 @@ info:
   name: EEA - Information Disclosure
   author: pikpikcu
   severity: high
-  description: EEA is susceptible to information disclosure.
+  description: EEA is susceptible to information disclosure including the username and password.
   reference:
     - https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
   classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
     cwe-id: CWE-200
   tags: config,exposure,cnvd,cnvd2021
 

cnvd/2022/CNVD-2022-03672.yaml

@@ -34,7 +34,7 @@ requests:
         internal: true
         group: 1
         regex:
-          - '"verify_string":"(.*)"'
+          - '"verify_string":"(.*?)"'
 
     req-condition: true
     matchers:

cves.json-checksum.txt

@@ -0,0 +1 @@
+0b8c136254be187cf0afeb350ba4ff03

cves/2007/CVE-2007-4504.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
   reference:
     - https://www.exploit-db.com/exploits/4307
-    - https://www.cvedetails.com/cve/CVE-2007-4504
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
     - https://nvd.nist.gov/vuln/detail/CVE-2007-4504
   classification:

cves/2008/CVE-2008-4668.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/6618
-    - https://www.cvedetails.com/cve/CVE-2008-4668
     - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
     - http://securityreason.com/securityalert/4464
     - https://nvd.nist.gov/vuln/detail/CVE-2008-4668

cves/2008/CVE-2008-4764.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
   reference:
     - https://www.exploit-db.com/exploits/5435
-    - https://www.cvedetails.com/cve/CVE-2008-4764
     - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
     - https://nvd.nist.gov/vuln/detail/CVE-2008-4764

cves/2008/CVE-2008-6080.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
   reference:
     - https://www.exploit-db.com/exploits/6809
-    - https://www.cvedetails.com/cve/CVE-2008-6080
     - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
     - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6080

cves/2008/CVE-2008-6172.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
   reference:
     - https://www.exploit-db.com/exploits/6817
-    - https://www.cvedetails.com/cve/CVE-2008-6172
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-6172
     - http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
     - http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
   classification:

cves/2008/CVE-2008-6222.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/6980
-    - https://www.cvedetails.com/cve/CVE-2008-6222
     - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
     - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6222

cves/2009/CVE-2009-2015.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
   reference:
     - https://www.exploit-db.com/exploits/8898
-    - https://www.cvedetails.com/cve/CVE-2009-2015
     - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
     - http://www.vupen.com/english/advisories/2009/1530
     - https://nvd.nist.gov/vuln/detail/CVE-2009-2015

cves/2009/CVE-2009-2100.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/8946
-    - https://www.cvedetails.com/cve/CVE-2009-2100
     - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
     - https://nvd.nist.gov/vuln/detail/CVE-2009-2100
 

cves/2009/CVE-2009-3053.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
   reference:
     - https://www.exploit-db.com/exploits/9564
-    - https://www.cvedetails.com/cve/CVE-2009-3053
     - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
     - https://nvd.nist.gov/vuln/detail/CVE-2009-3053

cves/2009/CVE-2009-3318.yaml

@@ -7,9 +7,9 @@ info:
   description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/9706
-    - https://www.cvedetails.com/cve/CVE-2009-3318
     - https://nvd.nist.gov/vuln/detail/CVE-2009-3318
     - https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
+    - http://www.exploit-db.com/exploits/9706
   classification:
     cve-id: CVE-2009-3318
   tags: joomla,lfi,edb,cve,cve2009

cves/2009/CVE-2009-4679.yaml

@@ -8,9 +8,9 @@ info:
     Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/33440
-    - https://www.cvedetails.com/cve/CVE-2009-4679
     - https://nvd.nist.gov/vuln/detail/CVE-2009-4679
     - http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/
+    - http://www.exploit-db.com/exploits/10754
   classification:
     cve-id: CVE-2009-4679
   tags: cve,cve2009,joomla,lfi,nexus,edb

cves/2009/CVE-2009-5020.yaml

@@ -26,6 +26,6 @@ requests:
       - type: regex
         part: header
         regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'  # https://regex101.com/r/ZDYhFh/1
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
 
 # Enhanced by mp on 2022/02/13

cves/2009/CVE-2009-5114.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
   reference:
     - https://www.exploit-db.com/exploits/36994
-    - https://www.cvedetails.com/cve/CVE-2009-5114
+    - https://nvd.nist.gov/vuln/detail/CVE-2009-5114
     - http://websecurity.com.ua/2628/
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/74321
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-0157.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
   reference:
     - https://www.exploit-db.com/exploits/10943
-    - https://www.cvedetails.com/cve/CVE-2010-0157
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0157
     - http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/
     - http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-0467.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11282
-    - https://www.cvedetails.com/cve/CVE-2010-0467
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0467
     - http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/
     - http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
   remediation: Apply all relevant security patches and upgrades.

cves/2010/CVE-2010-0696.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
   reference:
     - https://www.exploit-db.com/exploits/11447
-    - https://www.cvedetails.com/cve/CVE-2010-0696
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0696
     - http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/
     - http://www.joomlaworks.gr/content/view/77/34/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-0759.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
   reference:
     - https://www.exploit-db.com/exploits/11498
-    - https://www.cvedetails.com/cve/CVE-2010-0759
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0759
     - http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/
     - http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-0942.yaml

@@ -7,7 +7,7 @@ info:
   description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11089
-    - https://www.cvedetails.com/cve/CVE-2010-0942
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0942
     - http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt
   remediation: Apply all relevant security patches and product upgrades.
   classification:

cves/2010/CVE-2010-0943.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11090
-    - https://www.cvedetails.com/cve/CVE-2010-0943
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0943
     - http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
     - http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/
   classification:

cves/2010/CVE-2010-0944.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11088
-    - https://www.cvedetails.com/cve/CVE-2010-0944
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0944
     - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
     - http://www.exploit-db.com/exploits/11088
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-0972.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11738
-    - https://www.cvedetails.com/cve/CVE-2010-0972
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0972
     - http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/
     - http://www.exploit-db.com/exploits/11738
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-0982.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/10942
-    - https://www.cvedetails.com/cve/CVE-2010-0982
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0982
     - http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
     - http://web.archive.org/web/20151104182451/http://secunia.com/advisories/37917/
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-0985.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/10948
-    - https://www.cvedetails.com/cve/CVE-2010-0985
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0985
     - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
     - http://www.exploit-db.com/exploits/10948
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-1056.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11760
-    - https://www.cvedetails.com/cve/CVE-2010-1056
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1056
     - http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
     - http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-1081.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11511
-    - https://www.cvedetails.com/cve/CVE-2010-1081
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1081
     - http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
   remediation: Apply all relevant security patches and product upgrades.
   classification:

cves/2010/CVE-2010-1217.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
   reference:
     - https://www.exploit-db.com/exploits/11814
-    - https://www.cvedetails.com/cve/CVE-2010-1217
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1217
     - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt
     - http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866
   remediation: Apply all relevant security patches and product upgrades.

cves/2010/CVE-2010-1219.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11757
-    - https://www.cvedetails.com/cve/CVE-2010-1219
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1219
     - http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952
     - http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1302.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11978
-    - https://www.cvedetails.com/cve/CVE-2010-1302
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1302
     - http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
     - http://web.archive.org/web/20140805062036/http://secunia.com/advisories/39200/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1304.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11998
-    - https://www.cvedetails.com/cve/CVE-2010-1304
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1304
     - http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
     - http://www.exploit-db.com/exploits/11998
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1305.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12065
-    - https://www.cvedetails.com/cve/CVE-2010-1305
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1305
     - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
     - http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1306.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12058
-    - https://www.cvedetails.com/cve/CVE-2010-1306
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1306
     - http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/
     - http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1307.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12070
-    - https://www.cvedetails.com/cve/CVE-2010-1307
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1307
     - http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/
     - http://www.vupen.com/english/advisories/2010/0806
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1308.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12066
-    - https://www.cvedetails.com/cve/CVE-2010-1308
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1308
     - http://www.vupen.com/english/advisories/2010/0809
   remediation: Upgrade to a supported version.
   classification:

cves/2010/CVE-2010-1312.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12077
-    - https://www.cvedetails.com/cve/CVE-2010-1312
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1312
     - http://web.archive.org/web/20140724200344/http://secunia.com/advisories/39289/
     - http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1313.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12082
-    - https://www.cvedetails.com/cve/CVE-2010-1313
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1313
     - http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
     - http://www.exploit-db.com/exploits/12082
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1314.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12086
-    - https://www.cvedetails.com/cve/CVE-2010-1314
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1314
     - http://web.archive.org/web/20140724203458/http://secunia.com/advisories/39359/
     - http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1315.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/11999
-    - https://www.cvedetails.com/cve/CVE-2010-1315
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1315
     - http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/
     - http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1340.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/33797
-    - https://www.cvedetails.com/cve/CVE-2010-1340
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1340
     - http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/
     - http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1345.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/15453
-    - https://www.cvedetails.com/cve/CVE-2010-1345
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1345
     - http://www.exploit-db.com/exploits/11785
   remediation: Upgrade to a supported version.
   classification:

cves/2010/CVE-2010-1352.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12084
-    - https://www.cvedetails.com/cve/CVE-2010-1352
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1352
     - http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/
     - http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1353.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12068
-    - https://www.cvedetails.com/cve/CVE-2010-1353
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1353
     - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/
     - http://www.vupen.com/english/advisories/2010/0808
   classification:

cves/2010/CVE-2010-1354.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12102
-    - https://www.cvedetails.com/cve/CVE-2010-1354
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1354
     - http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt
     - http://web.archive.org/web/20140724190841/http://secunia.com/advisories/39296/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1429.yaml

@@ -0,0 +1,41 @@
+id: CVE-2010-1429
+
+info:
+  name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
+  author: R12W4N
+  severity: medium
+  description: |
+    Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
+  reference:
+    - https://rhn.redhat.com/errata/RHSA-2010-0377.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1429
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-3273
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2010-1429
+    cwe-id: CWE-200
+  metadata:
+    shodan-query: title:"JBoss"
+    verified: "true"
+  tags: cve,cve2010,jboss,eap,tomcat,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/status?full=true"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "JVM"
+          - "memory"
+          - "localhost/"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by md on 2023/01/30

cves/2010/CVE-2010-1461.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12232
-    - https://www.cvedetails.com/cve/CVE-2010-1461
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1461
     - http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
     - http://www.exploit-db.com/exploits/12232
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1469.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12146
-    - https://www.cvedetails.com/cve/CVE-2010-1469
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1469
     - http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt
     - http://www.exploit-db.com/exploits/12146
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1470.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12166
-    - https://www.cvedetails.com/cve/CVE-2010-1470
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1470
     - http://web.archive.org/web/20140723205548/http://secunia.com/advisories/39405/
     - http://www.exploit-db.com/exploits/12166
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1471.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12170
-    - https://www.cvedetails.com/cve/CVE-2010-1471
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1471
     - http://www.vupen.com/english/advisories/2010/0862
   classification:
     cve-id: CVE-2010-1471

cves/2010/CVE-2010-1472.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12167
-    - https://www.cvedetails.com/cve/CVE-2010-1472
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1472
     - http://web.archive.org/web/20140723200143/http://secunia.com/advisories/39406/
     - http://www.exploit-db.com/exploits/12167
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1473.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12171
-    - https://www.cvedetails.com/cve/CVE-2010-1473
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1473
     - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt
     - http://web.archive.org/web/20140723213338/http://secunia.com/advisories/39410/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1474.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12182
-    - https://www.cvedetails.com/cve/CVE-2010-1474
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1474
     - http://web.archive.org/web/20140723205926/http://secunia.com/advisories/39388/
     - http://www.exploit-db.com/exploits/12182
   classification:

cves/2010/CVE-2010-1475.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12147
-    - https://www.cvedetails.com/cve/CVE-2010-1475
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1475
     - http://web.archive.org/web/20140723203010/http://secunia.com/advisories/39285/
     - http://www.exploit-db.com/exploits/12147
   classification:

cves/2010/CVE-2010-1476.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12150
-    - https://www.cvedetails.com/cve/CVE-2010-1476
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1476
     - http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt
     - http://www.alphaplug.com/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1478.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12145
-    - https://www.cvedetails.com/cve/CVE-2010-1478
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1478
     - http://web.archive.org/web/20140723205157/http://secunia.com/advisories/39262/
     - http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1491.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12318
-    - https://www.cvedetails.com/cve/CVE-2010-1491
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1491
     - http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt
     - http://web.archive.org/web/20140724060325/http://secunia.com/advisories/39533/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1494.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12113
-    - https://www.cvedetails.com/cve/CVE-2010-1494
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1494
     - http://www.exploit-db.com/exploits/12113
   remediation: Upgrade to a supported version.
   classification:

cves/2010/CVE-2010-1495.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12286
-    - https://www.cvedetails.com/cve/CVE-2010-1495
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1495
     - http://www.vupen.com/english/advisories/2010/0929
     - http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1531.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12054
-    - https://www.cvedetails.com/cve/CVE-2010-1531
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1531
     - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt
   remediation: Upgrade to a supported version.
   classification:

cves/2010/CVE-2010-1532.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12118
-    - https://www.cvedetails.com/cve/CVE-2010-1532
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1532
     - http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt
     - http://web.archive.org/web/20210127202836/https://www.securityfocus.com/bid/39348/
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1533.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12142
-    - https://www.cvedetails.com/cve/CVE-2010-1533
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1533
     - http://web.archive.org/web/20140723212810/http://secunia.com/advisories/39258/
     - http://www.exploit-db.com/exploits/12142
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1534.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12067
-    - https://www.cvedetails.com/cve/CVE-2010-1534
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1534
     - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
     - http://web.archive.org/web/20140724182459/http://secunia.com/advisories/39352/
   remediation: Upgrade to a supported version

cves/2010/CVE-2010-1535.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12151
-    - https://www.cvedetails.com/cve/CVE-2010-1535
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1535
     - http://web.archive.org/web/20140725030342/http://secunia.com/advisories/39254/
     - http://www.exploit-db.com/exploits/12151
   classification:

cves/2010/CVE-2010-1540.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
   reference:
     - https://www.exploit-db.com/exploits/11625
-    - https://www.cvedetails.com/cve/CVE-2010-1540
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1540
     - http://web.archive.org/web/20140721042709/http://secunia.com/advisories/38777/
     - http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
   classification:

cves/2010/CVE-2010-1601.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12236
-    - https://www.cvedetails.com/cve/CVE-2010-1601
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1601
     - http://web.archive.org/web/20140803084823/http://secunia.com/advisories/39472/
     - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt
   classification:

cves/2010/CVE-2010-1602.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12283
-    - https://www.cvedetails.com/cve/CVE-2010-1602
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1602
     - http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt
   classification:
     cve-id: CVE-2010-1602

cves/2010/CVE-2010-1603.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12284
-    - https://www.cvedetails.com/cve/CVE-2010-1603
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1603
     - http://web.archive.org/web/20210518112730/https://www.securityfocus.com/bid/39546
     - http://www.vupen.com/english/advisories/2010/0931
   remediation: Upgrade to a supported version.

cves/2010/CVE-2010-1607.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12316
-    - https://www.cvedetails.com/cve/CVE-2010-1607
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1607
     - http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
     - http://web.archive.org/web/20111227231442/http://secunia.com/advisories/39539/
   classification:

cves/2010/CVE-2010-1653.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12430
-    - https://www.cvedetails.com/cve/CVE-2010-1653
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1653
     - http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt
     - http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/
   classification:

cves/2010/CVE-2010-1658.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12427
-    - https://www.cvedetails.com/cve/CVE-2010-1658
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1658
     - http://www.vupen.com/english/advisories/2010/1007
   classification:
     cve-id: CVE-2010-1658

cves/2010/CVE-2010-1714.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12168
-    - https://www.cvedetails.com/cve/CVE-2010-1714
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1714
     - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt
     - http://web.archive.org/web/20140723192327/http://secunia.com/advisories/39413/
   classification:

cves/2010/CVE-2010-1715.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12174
-    - https://www.cvedetails.com/cve/CVE-2010-1715
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1715
     - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
   classification:
     cve-id: CVE-2010-1715

cves/2010/CVE-2010-1717.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12291
-    - https://www.cvedetails.com/cve/CVE-2010-1717
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1717
     - http://web.archive.org/web/20140805095004/http://secunia.com/advisories/39526/
     - http://www.vupen.com/english/advisories/2010/0924
   classification:

cves/2010/CVE-2010-1718.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12282
-    - https://www.cvedetails.com/cve/CVE-2010-1718
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1718
     - http://web.archive.org/web/20140805094212/http://secunia.com/advisories/39521/
     - http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
   classification:

cves/2010/CVE-2010-1719.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12233
-    - https://www.cvedetails.com/cve/CVE-2010-1719
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1719
     - http://www.exploit-db.com/exploits/12233
   classification:
     cve-id: CVE-2010-1719

cves/2010/CVE-2010-1722.yaml

@@ -7,7 +7,7 @@ info:
   description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12177
-    - https://www.cvedetails.com/cve/CVE-2010-1722
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-1722
     - http://web.archive.org/web/20140723201810/http://secunia.com/advisories/39409/
     - http://www.exploit-db.com/exploits/12177
   classification: