daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Tue May 17 20:46:49 UTC 2022] 🤖

patch-1
GitHub Action 2022-05-17 20:46:49 +00:00
parent 03a6dec18f
commit d0832c679e
35 changed files with 47 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves/2006/CVE-2006-1681.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.securityfocus.com/bid/17408
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
- http://secunia.com/advisories/19587
- http://www.securityfocus.com/bid/17408
classification:
cve-id: CVE-2006-1681
tags: cherokee,httpd,xss,cve,cve2006

2
cves/2009/CVE-2009-1872.yaml
View File

@ -14,7 +14,7 @@ info:
cve-id: CVE-2009-1872
metadata:
shodan-query: http.component:"Adobe ColdFusion"
verified: true
verified: "true"
tags: cve,cve2009,adobe,xss,coldfusion
requests:

1
cves/2009/CVE-2009-4223.yaml
View File

@ -9,6 +9,7 @@ info:
- https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
- http://www.exploit-db.com/exploits/10216
classification:
cve-id: CVE-2009-4223
tags: cve,cve2009,krweb,rfi

1
cves/2010/CVE-2010-0944.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11088
- https://www.cvedetails.com/cve/CVE-2010-0944
- http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
- http://www.exploit-db.com/exploits/11088
remediation: Apply all relevant security patches and product upgrades.
classification:
cve-id: CVE-2010-0944

1
cves/2010/CVE-2010-1469.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12146
- https://www.cvedetails.com/cve/CVE-2010-1469
- http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt
- http://www.exploit-db.com/exploits/12146
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1469

1
cves/2010/CVE-2010-1472.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12167
- https://www.cvedetails.com/cve/CVE-2010-1472
- http://secunia.com/advisories/39406
- http://www.exploit-db.com/exploits/12167
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1472

1
cves/2010/CVE-2010-1494.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12113
- https://www.cvedetails.com/cve/CVE-2010-1494
- http://www.osvdb.org/63943
- http://www.exploit-db.com/exploits/12113
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1494

1
cves/2010/CVE-2010-1659.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12426
- https://nvd.nist.gov/vuln/detail/CVE-2010-1659
- http://www.securityfocus.com/bid/39739
- http://www.exploit-db.com/exploits/12426
classification:
cve-id: CVE-2010-1659
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1719.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12233
- https://www.cvedetails.com/cve/CVE-2010-1719
- http://osvdb.org/63806
- http://www.exploit-db.com/exploits/12233
classification:
cve-id: CVE-2010-1719
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1722.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12177
- https://www.cvedetails.com/cve/CVE-2010-1722
- http://secunia.com/advisories/39409
- http://www.exploit-db.com/exploits/12177
classification:
cve-id: CVE-2010-1722
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1952.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12239
- https://www.cvedetails.com/cve/CVE-2010-1952
- http://secunia.com/advisories/39475
- http://www.exploit-db.com/exploits/12239
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1952

1
cves/2010/CVE-2010-1953.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12288
- https://www.cvedetails.com/cve/CVE-2010-1953
- http://www.vupen.com/english/advisories/2010/0927
- http://www.exploit-db.com/exploits/12288
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1953

1
cves/2010/CVE-2010-1954.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12287
- https://www.cvedetails.com/cve/CVE-2010-1954
- http://www.securityfocus.com/bid/39552
- http://www.exploit-db.com/exploits/12287
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1954

1
cves/2010/CVE-2010-1980.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12085
- https://www.cvedetails.com/cve/CVE-2010-1980
- http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt
- http://www.exploit-db.com/exploits/12085
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1980

1
cves/2010/CVE-2010-1981.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12087
- https://www.cvedetails.com/cve/CVE-2010-1981
- http://packetstormsecurity.org/1004-exploits/joomlafabrik-lfi.txt
- http://www.exploit-db.com/exploits/12087
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1981

1
cves/2010/CVE-2010-1983.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12055
- https://www.cvedetails.com/cve/CVE-2010-1983
- http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txt
- http://www.exploit-db.com/exploits/12055
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1983

1
cves/2010/CVE-2010-2128.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12607
- https://www.cvedetails.com/cve/CVE-2010-2128
- http://secunia.com/advisories/39832
- http://www.exploit-db.com/exploits/12607
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2128

1
cves/2010/CVE-2010-2259.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/10946
- https://www.cvedetails.com/cve/CVE-2010-2259
- http://secunia.com/advisories/37866
- http://www.exploit-db.com/exploits/10946
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2259

1
cves/2010/CVE-2010-2682.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/14017
- https://www.cvedetails.com/cve/CVE-2010-2682
- http://packetstormsecurity.org/1004-exploits/joomlarealtyna-lfi.txt
- http://www.exploit-db.com/exploits/14017
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2682

1
cves/2010/CVE-2010-2857.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/14274
- https://www.cvedetails.com/cve/CVE-2010-2857
- http://www.securityfocus.com/bid/41485
- http://www.exploit-db.com/exploits/14274
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2857

1
cves/2010/CVE-2010-3203.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/14845
- https://www.cvedetails.com/cve/CVE-2010-3203
- http://secunia.com/advisories/41187
- http://www.exploit-db.com/exploits/14845
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-3203

1
cves/2010/CVE-2010-3426.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/14964
- https://www.cvedetails.com/cve/CVE-2010-3426
- http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt
- http://www.exploit-db.com/exploits/14964
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-3426

1
cves/2010/CVE-2010-4231.yaml
View File

@ -9,6 +9,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
- http://www.exploit-db.com/exploits/15505/
remediation: Upgrade to a supported product version.
classification:
cve-id: CVE-2010-4231

1
cves/2010/CVE-2010-4282.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/15643
- https://www.cvedetails.com/cve/CVE-2010-4282
- http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
- http://www.exploit-db.com/exploits/15643
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-4282

1
cves/2010/CVE-2010-4719.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/15749
- https://www.cvedetails.com/cve/CVE-2010-4719
- http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt
- http://www.exploit-db.com/exploits/15749
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-4719

1
cves/2012/CVE-2012-0981.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/18435
- https://www.cvedetails.com/cve/CVE-2012-0981
- http://secunia.com/advisories/47802
- http://www.exploit-db.com/exploits/18435
classification:
cve-id: CVE-2012-0981
tags: cve,cve2012,lfi,phpshowtime

1
cves/2015/CVE-2015-0554.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/35721
- https://nvd.nist.gov/vuln/detail/CVE-2015-0554
- http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html
- http://www.exploit-db.com/exploits/35721
classification:
cve-id: CVE-2015-0554
tags: cve,cve2015,pirelli,router,disclosure

4
cves/2018/CVE-2018-17422.yaml
View File

@ -10,13 +10,13 @@ info:
- https://github.com/dotCMS/core/issues/15286
- https://www.cvedetails.com/cve/CVE-2018-17422
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-17422
cwe-id: CWE-601
metadata:
verified: true
shodan-query: http.title:"dotCMS"
verified: "true"
tags: cve,cve2018,redirect,dotcms
requests:

2
cves/2020/CVE-2020-11978.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-77
metadata:
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
verified: true
verified: "true"
tags: cve,cve2020,apache,airflow,rce
requests:

2
cves/2020/CVE-2020-13942.yaml
View File

@ -9,13 +9,13 @@ info:
offers the possibility to call static Java classes from the JDK
that could execute code with the permission level of the running Java process.
This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
reference:
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
- https://twitter.com/chybeta/status/1328912309440311297
- http://unomi.apache.org./security/cve-2020-13942.txt
- https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-13942
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

5
cves/2021/CVE-2021-26295.yaml
View File

@ -10,15 +10,16 @@ info:
- https://github.com/yumusb/CVE-2021-26295-POC
- https://packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html
- https://github.com/zhzyker/exphub/tree/master/ofbiz
- https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-26295
cwe-id: CWE-502
metadata:
ysoserial-payload: java -jar ysoserial.jar URLDNS https://oob-url-to-request.tld | hex
shodan-query: OFBiz.Visitor=
verified: true
verified: "true"
ysoserial-payload: java -jar ysoserial.jar URLDNS https://oob-url-to-request.tld | hex
tags: cve,cve2021,apache,ofbiz,deserialization,rce
requests:

8
cves/2021/CVE-2021-27330.yaml
View File

@ -9,14 +9,16 @@ info:
reference:
- https://www.exploit-db.com/exploits/49597
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
metadata:
verified: true
google-dork: intitle:TriConsole.com - PHP Calendar Date Picker
- http://www.triconsole.com/
- http://www.triconsole.com/php/calendar_datepicker.php
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-27330
cwe-id: CWE-79
metadata:
google-dork: intitle:TriConsole.com - PHP Calendar Date Picker
verified: "true"
tags: cve,cve2021,triconsole,xss
requests:

6
cves/2021/CVE-2021-46424.yaml
View File

@ -8,14 +8,16 @@ info:
reference:
- https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt
- https://nvd.nist.gov/vuln/detail/CVE-2021-46424
- https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing
- http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
cve-id: CVE-2021-46424
cwe-id: CWE-306
metadata:
verified: true
shodan-query: http.html:"TLR-2005KSH"
verified: "true"
tags: cve,cve2021,telesquare,intrusive
requests:

2
cves/2022/CVE-2022-1388.yaml
View File

@ -20,7 +20,7 @@ info:
cwe-id: CWE-306
metadata:
shodan-query: http.title:"BIG-IP®-+Redirect" +"Server"
verified: true
verified: "true"
tags: f5,bigip,cve,cve2022,rce,mirai
variables:

5
cves/2022/CVE-2022-30489.yaml
View File

@ -4,14 +4,15 @@ info:
name: Wavlink Wn535g3 - POST XSS
author: For3stCo1d
severity: high
description: WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
reference:
- https://github.com/badboycxcc/XSS-CVE-2022-30489
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
- https://github.com/badboycxcc/XSS
metadata:
verified: true
shodan-query: http.title:"Wi-Fi APP Login"
verified: "true"
tags: xss,cve2022,wavlink,cve,router,iot
description: "WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi."
requests:
- raw: