Merge branch 'projectdiscovery:master' into git-logs-exposure

patch-1
nullfuzz 2022-07-13 12:27:04 -03:00 committed by GitHub
commit df22c18220
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
697 changed files with 10872 additions and 2899 deletions

18
.github/workflows/cache-purge.yml vendored Normal file
View File

@ -0,0 +1,18 @@
name: Cache Purge
on:
push:
tags:
- '*'
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Purge cache
uses: jakejarvis/cloudflare-purge-action@master
env:
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
PURGE_URLS: '["https://version-check.nuclei.sh/versions"]'

View File

@ -25,5 +25,5 @@ jobs:
- name: Template Validation - name: Template Validation
run: | run: |
cp -r ${{ github.workspace }} $HOME cp -r ${{ github.workspace }} $HOME
nuclei -validate -t . nuclei -validate -t . -et .git/
nuclei -validate -w ./workflows nuclei -validate -w ./workflows

View File

@ -1,29 +1,51 @@
cves/2018/CVE-2018-10230.yaml cves/2015/CVE-2015-4666.yaml
cves/2018/CVE-2018-14474.yaml cves/2018/CVE-2018-1000856.yaml
cves/2018/CVE-2018-16761.yaml cves/2018/CVE-2018-19137.yaml
cves/2020/CVE-2020-22208.yaml cves/2018/CVE-2018-19751.yaml
cves/2020/CVE-2020-22209.yaml cves/2018/CVE-2018-19752.yaml
cves/2020/CVE-2020-22211.yaml cves/2018/CVE-2018-19892.yaml
cves/2020/CVE-2020-29597.yaml cves/2019/CVE-2019-9922.yaml
cves/2021/CVE-2021-27748.yaml cves/2022/CVE-2022-0656.yaml
cves/2021/CVE-2021-37589.yaml exposed-panels/claris-filemaker-webdirect.yaml
cves/2021/CVE-2021-39211.yaml exposed-panels/honeywell-xl-web-controller.yaml
cves/2021/CVE-2021-40149.yaml exposed-panels/icewarp-panel-detect.yaml
cves/2021/CVE-2021-40150.yaml exposed-panels/noescape-login.yaml
cves/2022/CVE-2022-29383.yaml exposed-panels/smartping-dashboard.yaml
cves/2022/CVE-2022-31268.yaml exposed-panels/sonicwall-analyzer-login.yaml
exposed-panels/eventum-panel.yaml exposed-panels/tembosocial-panel.yaml
exposed-panels/flip-cms-panel.yaml exposed-panels/tenda-web-master.yaml
exposed-panels/virtua-software-panel.yaml exposed-panels/tiny-file-manager.yaml
exposures/files/appsettings-file-disclosure.yaml exposed-panels/veeam-backup-gcp.yaml
exposures/files/azure-pipelines-exposed.yaml exposed-panels/vmware-carbon-black-edr.yaml
exposures/files/django-secret-key.yaml exposed-panels/vmware-cloud-availability.yaml
exposures/files/ftpconfig.yaml exposed-panels/vmware-cloud-director.yaml
exposures/files/git-mailmap.yaml exposed-panels/vmware-ftp-server.yaml
exposures/files/php-ini.yaml exposed-panels/vmware-horizon-daas.yaml
exposures/tokens/azure/azure-apim-secretkey.yaml exposed-panels/vmware-vcenter-converter-standalone.yaml
exposures/tokens/nextjs/cipher-secret-key.yaml exposed-panels/vmware-vcloud-director.yaml
misconfiguration/jupyter-notebooks-exposed.yaml exposed-panels/web-file-manager.yaml
vulnerabilities/other/74cms-sqli.yaml exposures/configs/config-rb.yaml
vulnerabilities/other/orbiteam-bscw-server-lfi.yaml exposures/configs/gcloud-config-default.yaml
vulnerabilities/other/phpok-sqli.yaml exposures/configs/phpstan-config.yaml
exposures/configs/wgetrc-config.yaml
exposures/files/composer-auth-json.yaml
exposures/files/credentials-json.yaml
exposures/files/environment-rb.yaml
exposures/files/gcloud-access-token.yaml
exposures/files/gcloud-credentials.yaml
exposures/files/get-access-token-json.yaml
exposures/files/google-api-private-key.yaml
exposures/files/google-services-json.yaml
exposures/files/jsapi-ticket-json.yaml
exposures/files/npm-cli-metrics-json.yaml
exposures/files/oauth-credentials-json.yaml
exposures/files/secret-token-rb.yaml
exposures/files/symfony-properties-ini.yaml
exposures/files/token-info-json.yaml
exposures/files/token-json.yaml
exposures/files/wget-hsts-list-exposure.yaml
exposures/files/ws-ftp-ini.yaml
technologies/default-page-azure-container.yaml
technologies/default-parallels-plesk.yaml
technologies/json-server.yaml
technologies/samsung-smarttv-debug.yaml

View File

@ -3,6 +3,11 @@
# #
# This is default list of tags and files to excluded from default nuclei scan. # This is default list of tags and files to excluded from default nuclei scan.
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion # More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
#
# ============ DO NOT EDIT ============
# Automatically updated by nuclei on execution from nuclei-templates
# User changes should be in nuclei config file
# ============ DO NOT EDIT ============
# tags is a list of tags to ignore execution for # tags is a list of tags to ignore execution for
# unless asked for by the user. # unless asked for by the user.

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 | | cve | 1240 | daffainfo | 601 | cves | 1236 | info | 1306 | http | 3408 |
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 | | panel | 556 | dhiyaneshdk | 451 | exposed-panels | 564 | high | 920 | file | 76 |
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 | | lfi | 475 | pikpikcu | 316 | vulnerabilities | 468 | medium | 716 | network | 50 |
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 | | xss | 402 | pdteam | 268 | technologies | 260 | critical | 422 | dns | 17 |
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | | | wordpress | 388 | geeknik | 187 | exposures | 222 | low | 194 | | |
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | | | exposure | 322 | dwisiswant0 | 169 | misconfiguration | 206 | unknown | 6 | | |
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | | | cve2021 | 307 | 0x_akoko | 148 | token-spray | 206 | | | | |
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | | | rce | 305 | princechaddha | 146 | workflows | 187 | | | | |
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | | | wp-plugin | 283 | pussycat0x | 125 | default-logins | 98 | | | | |
| tech | 274 | gy741 | 122 | file | 76 | | | | | | tech | 276 | gy741 | 124 | file | 76 | | | | |
**265 directories, 3636 files**. **279 directories, 3823 files**.
</td> </td>
</tr> </tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 | | cve | 1240 | daffainfo | 601 | cves | 1236 | info | 1306 | http | 3408 |
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 | | panel | 556 | dhiyaneshdk | 451 | exposed-panels | 564 | high | 920 | file | 76 |
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 | | lfi | 475 | pikpikcu | 316 | vulnerabilities | 468 | medium | 716 | network | 50 |
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 | | xss | 402 | pdteam | 268 | technologies | 260 | critical | 422 | dns | 17 |
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | | | wordpress | 388 | geeknik | 187 | exposures | 222 | low | 194 | | |
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | | | exposure | 322 | dwisiswant0 | 169 | misconfiguration | 206 | unknown | 6 | | |
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | | | cve2021 | 307 | 0x_akoko | 148 | token-spray | 206 | | | | |
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | | | rce | 305 | princechaddha | 146 | workflows | 187 | | | | |
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | | | wp-plugin | 283 | pussycat0x | 125 | default-logins | 98 | | | | |
| tech | 274 | gy741 | 122 | file | 76 | | | | | | tech | 276 | gy741 | 124 | file | 76 | | | | |

View File

@ -1,11 +1,16 @@
id: CNVD-2018-13393 id: CNVD-2018-13393
info: info:
name: Metinfo LFI name: Metinfo - Local File Inclusion
author: ritikchaddha author: ritikchaddha
severity: high severity: high
description: Metinfo is susceptible to local file inclusion.
reference: reference:
- https://paper.seebug.org/676/ - https://paper.seebug.org/676/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
tags: metinfo,cnvd,cvnd2018,lfi tags: metinfo,cnvd,cvnd2018,lfi
requests: requests:
@ -23,3 +28,5 @@ requests:
- "<?php" - "<?php"
- "login_met_cookie($metinfo_admin_name);" - "login_met_cookie($metinfo_admin_name);"
condition: and condition: and
# Enhanced by mp on 2022/07/05

View File

@ -1,15 +1,20 @@
id: CNVD-2020-67113 id: CNVD-2020-67113
info: info:
name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113) name: H5S CONSOLE - Unauthorized Access
author: ritikchaddha author: ritikchaddha
severity: high severity: medium
description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
reference: reference:
- https://vul.wangan.com/a/CNVD-2020-67113 - https://vul.wangan.com/a/CNVD-2020-67113
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-425
metadata: metadata:
verified: true
shodan-query: http.title:"H5S CONSOLE" shodan-query: http.title:"H5S CONSOLE"
tags: h5s,unauth,h5sconsole,cnvd,cnvd2020 tags: cnvd,cnvd2020,h5s,unauth,h5sconsole
requests: requests:
- method: GET - method: GET
@ -42,3 +47,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,11 +1,16 @@
id: CNVD-2021-10543 id: CNVD-2021-10543
info: info:
name: EEA Information Disclosure name: EEA - Information Disclosure
author: pikpikcu author: pikpikcu
severity: high severity: high
description: EEA is susceptible to information disclosure.
reference: reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543 - https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: config,exposure,cnvd,cnvd2021 tags: config,exposure,cnvd,cnvd2021
requests: requests:
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/05

View File

@ -1,14 +1,19 @@
id: CNVD-2021-28277 id: CNVD-2021-28277
info: info:
name: Landray-OA Arbitrary - Arbitrary File Retrieval name: Landray-OA - Local File Inclusion
author: pikpikcu,daffainfo author: pikpikcu,daffainfo
severity: high severity: high
description: Landray-OA is susceptible to local file inclusion.
reference: reference:
- https://www.aisoutu.com/a/1432457 - https://www.aisoutu.com/a/1432457
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw - https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
metadata: metadata:
fofa-query: app="Landray OA system" fofa-query: app="Landray OA system"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
tags: landray,lfi,cnvd,cnvd2021 tags: landray,lfi,cnvd,cnvd2021
requests: requests:
@ -42,3 +47,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,13 +1,19 @@
id: CNVD-2021-30167 id: CNVD-2021-30167
info: info:
name: UFIDA NC BeanShell Remote Code Execution name: UFIDA NC BeanShell Remote Command Execution
author: pikpikcu author: pikpikcu
severity: high severity: high
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
reference: reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491 - https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd,cnvd2021,yonyou - https://chowdera.com/2022/03/202203110138271510.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: cnvd,cnvd2021,beanshell,rce,yonyou
requests: requests:
- raw: - raw:
@ -40,3 +46,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by cs on 2022/07/05

View File

@ -6,10 +6,12 @@ info:
severity: medium severity: medium
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference: reference:
- http://www.redhat.com/support/errata/RHSA-2002-204.html
- http://www.debian.org/security/2002/dsa-191
- http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
- https://www.exploit-db.com/exploits/21811 - https://www.exploit-db.com/exploits/21811
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html - https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/ - http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
classification: classification:
cve-id: CVE-2002-1131 cve-id: CVE-2002-1131
tags: xss,squirrelmail,cve,cve2002 tags: xss,squirrelmail,cve,cve2002

View File

@ -12,13 +12,14 @@ info:
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337 - http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
classification: classification:
cve-id: CVE-2005-3344 cve-id: CVE-2005-3344
tags: horde,unauth tags: cve,cve2005,horde,unauth
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/horde/admin/user.php" - "{{BaseURL}}/horde/admin/user.php"
- "{{BaseURL}}/admin/user.php" - "{{BaseURL}}/admin/user.php"
headers: headers:
Content-Type: text/html Content-Type: text/html
@ -28,7 +29,6 @@ requests:
- type: word - type: word
words: words:
- "<title>Horde :: User Administration</title>" - "<title>Horde :: User Administration</title>"
condition: and
- type: status - type: status
status: status:

View File

@ -9,7 +9,6 @@ info:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385 - https://nvd.nist.gov/vuln/detail/CVE-2005-4385
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/ - http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
- http://www.securityfocus.com/bid/15940
classification: classification:
cve-id: CVE-2005-4385 cve-id: CVE-2005-4385
tags: cofax,xss,cve,cve2005 tags: cofax,xss,cve,cve2005

View File

@ -8,8 +8,8 @@ info:
reference: reference:
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681 - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
- http://secunia.com/advisories/19587 - http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
- http://www.securityfocus.com/bid/17408 - http://www.vupen.com/english/advisories/2006/1292
classification: classification:
cve-id: CVE-2006-1681 cve-id: CVE-2006-1681
tags: cherokee,httpd,xss,cve,cve2006 tags: cherokee,httpd,xss,cve,cve2006

View File

@ -1,18 +1,22 @@
id: CVE-2006-2842 id: CVE-2006-2842
info: info:
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion name: Squirrelmail <=1.4.6 - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: 'PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.' description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
reference: reference:
- https://www.exploit-db.com/exploits/27948 - https://www.exploit-db.com/exploits/27948
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
- http://www.squirrelmail.org/security/issue/2006-06-01 - http://www.squirrelmail.org/security/issue/2006-06-01
- http://secunia.com/advisories/20406 - http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2006-2842 cve-id: CVE-2006-2842
tags: cve2006,lfi,squirrelmail,cve cwe-id: CWE-22
tags: cve,cve2006,lfi,squirrelmail
requests: requests:
- method: GET - method: GET
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -9,7 +9,6 @@ info:
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503 - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418 - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
- http://www.securityfocus.com/bid/22503
classification: classification:
cve-id: CVE-2007-0885 cve-id: CVE-2007-0885
tags: cve,cve2007,jira,xss tags: cve,cve2007,jira,xss

View File

@ -1,16 +1,20 @@
id: CVE-2007-4504 id: CVE-2007-4504
info: info:
name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
reference: reference:
- https://www.exploit-db.com/exploits/4307 - https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504 - https://www.cvedetails.com/cve/CVE-2007-4504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2007-4504 cve-id: CVE-2007-4504
cwe-id: CWE-22
tags: cve,cve2007,joomla,lfi tags: cve,cve2007,joomla,lfi
requests: requests:
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/30090 - https://www.exploit-db.com/exploits/30090
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html - http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/ - http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
- http://secunia.com/advisories/25446 - http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
classification: classification:
cve-id: CVE-2007-5728 cve-id: CVE-2007-5728
metadata: metadata:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/ - http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
- http://secunia.com/advisories/30333 - http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
- http://securityreason.com/securityalert/3896 - http://securityreason.com/securityalert/3896
classification: classification:
cve-id: CVE-2008-2398 cve-id: CVE-2008-2398

View File

@ -5,14 +5,18 @@ info:
author: pussycat0x author: pussycat0x
severity: high severity: high
description: | description: |
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference: reference:
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/ - http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
- http://secunia.com/advisories/30463 - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-2650 cve-id: CVE-2008-2650
tags: cve,cve2008,lfi cwe-id: CWE-22
tags: cve,cve2008,lfi,cmsimple
requests: requests:
- raw: - raw:
@ -23,10 +27,14 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status - type: status
status: status:
- 200 - 200
- type: regex
regex: # Enhanced by mp on 2022/07/06
- "root:.*:0:0:"
part: body

View File

@ -1,15 +1,16 @@
id: CVE-2008-4668 id: CVE-2008-4668
info: info:
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/6618 - https://www.exploit-db.com/exploits/6618
- https://www.cvedetails.com/cve/CVE-2008-4668 - https://www.cvedetails.com/cve/CVE-2008-4668
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/ - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
- http://securityreason.com/securityalert/4464 - http://securityreason.com/securityalert/4464
- https://nvd.nist.gov/vuln/detail/CVE-2008-4668
classification: classification:
cve-id: CVE-2008-4668 cve-id: CVE-2008-4668
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
@ -29,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2008-4764 id: CVE-2008-4764
info: info:
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal name: Joomla! <=2.0.0 RC2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference: reference:
- https://www.exploit-db.com/exploits/5435 - https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764 - https://www.cvedetails.com/cve/CVE-2008-4764
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/ - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-4764 cve-id: CVE-2008-4764
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -8,13 +8,13 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/7363 - https://www.exploit-db.com/exploits/7363
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/ - http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
- http://secunia.com/advisories/33014 - http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
- http://secunia.com/advisories/33263 - http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
classification: classification:
cve-id: CVE-2008-5587 cve-id: CVE-2008-5587
metadata: metadata:
shodan-query: http.title:"phpPgAdmin" shodan-query: http.title:"phpPgAdmin"
tags: cve2008,lfi,phppgadmin tags: cve,cve2008,lfi,phppgadmin
requests: requests:
- method: GET - method: GET

View File

@ -1,17 +1,21 @@
id: CVE-2008-6080 id: CVE-2008-6080
info: info:
name: Joomla! Component ionFiles 4.4.2 - File Disclosure name: Joomla! ionFiles 4.4.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/6809 - https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080 - https://www.cvedetails.com/cve/CVE-2008-6080
- http://secunia.com/advisories/32377 - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6080 cve-id: CVE-2008-6080
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/6817 - https://www.exploit-db.com/exploits/6817
- https://www.cvedetails.com/cve/CVE-2008-6172 - https://www.cvedetails.com/cve/CVE-2008-6172
- http://secunia.com/advisories/32367 - http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/ - http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
classification: classification:
cve-id: CVE-2008-6172 cve-id: CVE-2008-6172

View File

@ -1,17 +1,21 @@
id: CVE-2008-6222 id: CVE-2008-6222
info: info:
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/6980 - https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222 - https://www.cvedetails.com/cve/CVE-2008-6222
- http://secunia.com/advisories/32523 - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6222 cve-id: CVE-2008-6222
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi tags: cve,cve2008,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,18 +1,21 @@
id: CVE-2008-6668 id: CVE-2008-6668
info: info:
name: nweb2fax <= 0.2.7 Directory Traversal name: nweb2fax <=0.2.7 - Local File Inclusion
author: geeknik author: geeknik
severity: high severity: high
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php. description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
reference: reference:
- https://www.exploit-db.com/exploits/5856 - https://www.exploit-db.com/exploits/5856
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804 - http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173 - https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6668 cve-id: CVE-2008-6668
tags: nweb2fax,lfi,cve,cve2008,traversal cwe-id: CWE-22
tags: cve,cve2008,nweb2fax,lfi,traversal
requests: requests:
- method: GET - method: GET
@ -22,10 +25,14 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: regex - type: regex
part: body part: body
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,20 @@
id: CVE-2009-0932 id: CVE-2009-0932
info: info:
name: Horde - Horde_Image::factory driver Argument LFI name: Horde/Horde Groupware - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference: reference:
- https://www.exploit-db.com/exploits/16154 - https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
- http://secunia.com/advisories/33695 - http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-0932 cve-id: CVE-2009-0932
cwe-id: CWE-22
tags: cve,cve2009,horde,lfi,traversal tags: cve,cve2009,horde,lfi,traversal
requests: requests:
@ -29,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-1151 id: CVE-2009-1151
info: info:
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability name: PhpMyAdmin Scripts - Remote Code Execution
author: princechaddha author: princechaddha
severity: high severity: critical
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference: reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2009-1151 cve-id: CVE-2009-1151
cwe-id: CWE-77
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
requests: requests:
@ -34,3 +38,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,20 @@
id: CVE-2009-1496 id: CVE-2009-1496
info: info:
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/8367 - https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
- http://www.securityfocus.com/bid/34431 - https://nvd.nist.gov/vuln/detail/CVE-2009-1496
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1496 cve-id: CVE-2009-1496
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-1558 id: CVE-2009-1558
info: info:
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: reference:
- https://www.exploit-db.com/exploits/32954 - https://www.exploit-db.com/exploits/32954
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
- http://www.vupen.com/english/advisories/2009/1173 - http://www.vupen.com/english/advisories/2009/1173
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1558 cve-id: CVE-2009-1558
cwe-id: CWE-22
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
requests: requests:
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-2015 id: CVE-2009-2015
info: info:
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion name: Joomla! MooFAQ 1.0 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
reference: reference:
- https://www.exploit-db.com/exploits/8898 - https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015 - https://www.cvedetails.com/cve/CVE-2009-2015
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
- http://www.vupen.com/english/advisories/2009/1530 - http://www.vupen.com/english/advisories/2009/1530
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2015 cve-id: CVE-2009-2015
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-2100 id: CVE-2009-2100
info: info:
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
reference: reference:
- https://www.exploit-db.com/exploits/8946 - https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100 - https://www.cvedetails.com/cve/CVE-2009-2100
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
- http://www.securityfocus.com/bid/35378 - https://nvd.nist.gov/vuln/detail/CVE-2009-2100
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2100 cve-id: CVE-2009-2100
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -1,17 +1,21 @@
id: CVE-2009-3053 id: CVE-2009-3053
info: info:
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion name: Joomla! Agora 3.0.0b - Local File Inclusion
author: daffainfo author: daffainfo
severity: high severity: high
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
reference: reference:
- https://www.exploit-db.com/exploits/9564 - https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053 - https://www.cvedetails.com/cve/CVE-2009-3053
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-3053 cve-id: CVE-2009-3053
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi tags: cve,cve2009,joomla,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/07/06

View File

@ -10,7 +10,7 @@ info:
- https://www.exploit-db.com/exploits/33440 - https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679 - https://www.cvedetails.com/cve/CVE-2009-4679
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679 - https://nvd.nist.gov/vuln/detail/CVE-2009-4679
- http://secunia.com/advisories/37760 - http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/
classification: classification:
cve-id: CVE-2009-4679 cve-id: CVE-2009-4679
tags: cve,cve2009,joomla,lfi,nexus tags: cve,cve2009,joomla,lfi,nexus

View File

@ -14,7 +14,7 @@ info:
cvss-score: 6.1 cvss-score: 6.1
cve-id: CVE-2009-5020 cve-id: CVE-2009-5020
cwe-id: CWE-601 cwe-id: CWE-601
tags: cve,cve2020,redirect,awstats tags: cve,cve2009,redirect,awstats
requests: requests:
- method: GET - method: GET

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/10943 - https://www.exploit-db.com/exploits/10943
- https://www.cvedetails.com/cve/CVE-2010-0157 - https://www.cvedetails.com/cve/CVE-2010-0157
- http://secunia.com/advisories/37896 - http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt - http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11447 - https://www.exploit-db.com/exploits/11447
- https://www.cvedetails.com/cve/CVE-2010-0696 - https://www.cvedetails.com/cve/CVE-2010-0696
- http://secunia.com/advisories/38587 - http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/
- http://www.joomlaworks.gr/content/view/77/34/ - http://www.joomlaworks.gr/content/view/77/34/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11498 - https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759 - https://www.cvedetails.com/cve/CVE-2010-0759
- http://secunia.com/advisories/38637 - http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/ - http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11090 - https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943 - https://www.cvedetails.com/cve/CVE-2010-0943
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/ - http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
- http://secunia.com/advisories/33486 - http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/
classification: classification:
cve-id: CVE-2010-0943 cve-id: CVE-2010-0943
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11738 - https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972 - https://www.cvedetails.com/cve/CVE-2010-0972
- http://secunia.com/advisories/38925 - http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/
- http://www.exploit-db.com/exploits/11738
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
classification: classification:
cve-id: CVE-2010-0972 cve-id: CVE-2010-0972

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/10942 - https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982 - https://www.cvedetails.com/cve/CVE-2010-0982
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/ - http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
- http://secunia.com/advisories/37917 - http://web.archive.org/web/20151104182451/http://secunia.com/advisories/37917/
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
classification: classification:
cve-id: CVE-2010-0982 cve-id: CVE-2010-0982

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/10948 - https://www.exploit-db.com/exploits/10948
- https://www.cvedetails.com/cve/CVE-2010-0985 - https://www.cvedetails.com/cve/CVE-2010-0985
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560 - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
- http://www.securityfocus.com/bid/37560 - http://www.exploit-db.com/exploits/10948
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
classification: classification:
cve-id: CVE-2010-0985 cve-id: CVE-2010-0985

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11760 - https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056 - https://www.cvedetails.com/cve/CVE-2010-1056
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/ - http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
- http://secunia.com/advisories/38982 - http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
classification: classification:
cve-id: CVE-2010-1056 cve-id: CVE-2010-1056

View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/11511 - https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081 - https://www.cvedetails.com/cve/CVE-2010-1081
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html - http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
- http://osvdb.org/62506
remediation: Apply all relevant security patches and product upgrades. remediation: Apply all relevant security patches and product upgrades.
classification: classification:
cve-id: CVE-2010-1081 cve-id: CVE-2010-1081

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11757 - https://www.exploit-db.com/exploits/11757
- https://www.cvedetails.com/cve/CVE-2010-1219 - https://www.cvedetails.com/cve/CVE-2010-1219
- http://secunia.com/advisories/38952 - http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746 - http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11978 - https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302 - https://www.cvedetails.com/cve/CVE-2010-1302
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/ - http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
- http://secunia.com/advisories/39200 - http://web.archive.org/web/20140805062036/http://secunia.com/advisories/39200/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1302 cve-id: CVE-2010-1302

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11998 - https://www.exploit-db.com/exploits/11998
- https://www.cvedetails.com/cve/CVE-2010-1304 - https://www.cvedetails.com/cve/CVE-2010-1304
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174 - http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
- http://www.securityfocus.com/bid/39174 - http://www.exploit-db.com/exploits/11998
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1304 cve-id: CVE-2010-1304

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12065 - https://www.exploit-db.com/exploits/12065
- https://www.cvedetails.com/cve/CVE-2010-1305 - https://www.cvedetails.com/cve/CVE-2010-1305
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951 - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
- http://secunia.com/advisories/39351 - http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1305 cve-id: CVE-2010-1305

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12058 - https://www.exploit-db.com/exploits/12058
- https://www.cvedetails.com/cve/CVE-2010-1306 - https://www.cvedetails.com/cve/CVE-2010-1306
- http://secunia.com/advisories/39338 - http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/ - http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12070 - https://www.exploit-db.com/exploits/12070
- https://www.cvedetails.com/cve/CVE-2010-1307 - https://www.cvedetails.com/cve/CVE-2010-1307
- http://secunia.com/advisories/39348 - http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/
- http://www.vupen.com/english/advisories/2010/0806 - http://www.vupen.com/english/advisories/2010/0806
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12077 - https://www.exploit-db.com/exploits/12077
- https://www.cvedetails.com/cve/CVE-2010-1312 - https://www.cvedetails.com/cve/CVE-2010-1312
- http://secunia.com/advisories/39289 - http://web.archive.org/web/20140724200344/http://secunia.com/advisories/39289/
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12082 - https://www.exploit-db.com/exploits/12082
- https://www.cvedetails.com/cve/CVE-2010-1313 - https://www.cvedetails.com/cve/CVE-2010-1313
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/ - http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
- http://www.securityfocus.com/bid/39237 - http://www.exploit-db.com/exploits/12082
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1313 cve-id: CVE-2010-1313

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12086 - https://www.exploit-db.com/exploits/12086
- https://www.cvedetails.com/cve/CVE-2010-1314 - https://www.cvedetails.com/cve/CVE-2010-1314
- http://secunia.com/advisories/39359 - http://web.archive.org/web/20140724203458/http://secunia.com/advisories/39359/
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11999 - https://www.exploit-db.com/exploits/11999
- https://www.cvedetails.com/cve/CVE-2010-1315 - https://www.cvedetails.com/cve/CVE-2010-1315
- http://secunia.com/advisories/39209 - http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/
- http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12084 - https://www.exploit-db.com/exploits/12084
- https://www.cvedetails.com/cve/CVE-2010-1352 - https://www.cvedetails.com/cve/CVE-2010-1352
- http://secunia.com/advisories/39357 - http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/
- http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12102 - https://www.exploit-db.com/exploits/12102
- https://www.cvedetails.com/cve/CVE-2010-1354 - https://www.cvedetails.com/cve/CVE-2010-1354
- http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt
- http://secunia.com/advisories/39296 - http://web.archive.org/web/20140724190841/http://secunia.com/advisories/39296/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1354 cve-id: CVE-2010-1354

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12232 - https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461 - https://www.cvedetails.com/cve/CVE-2010-1461
- http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504 - http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
- http://www.securityfocus.com/bid/39504 - http://www.exploit-db.com/exploits/12232
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1461 cve-id: CVE-2010-1461

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12166 - https://www.exploit-db.com/exploits/12166
- https://www.cvedetails.com/cve/CVE-2010-1470 - https://www.cvedetails.com/cve/CVE-2010-1470
- http://secunia.com/advisories/39405 - http://web.archive.org/web/20140723205548/http://secunia.com/advisories/39405/
- http://www.exploit-db.com/exploits/12166
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1470 cve-id: CVE-2010-1470

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12167 - https://www.exploit-db.com/exploits/12167
- https://www.cvedetails.com/cve/CVE-2010-1472 - https://www.cvedetails.com/cve/CVE-2010-1472
- http://secunia.com/advisories/39406 - http://web.archive.org/web/20140723200143/http://secunia.com/advisories/39406/
- http://www.exploit-db.com/exploits/12167 - http://www.exploit-db.com/exploits/12167
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12171 - https://www.exploit-db.com/exploits/12171
- https://www.cvedetails.com/cve/CVE-2010-1473 - https://www.cvedetails.com/cve/CVE-2010-1473
- http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt
- http://secunia.com/advisories/39410 - http://web.archive.org/web/20140723213338/http://secunia.com/advisories/39410/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1473 cve-id: CVE-2010-1473

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12182 - https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474 - https://www.cvedetails.com/cve/CVE-2010-1474
- http://secunia.com/advisories/39388 - http://web.archive.org/web/20140723205926/http://secunia.com/advisories/39388/
- http://www.exploit-db.com/exploits/12182
classification: classification:
cve-id: CVE-2010-1474 cve-id: CVE-2010-1474
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12147 - https://www.exploit-db.com/exploits/12147
- https://www.cvedetails.com/cve/CVE-2010-1475 - https://www.cvedetails.com/cve/CVE-2010-1475
- http://secunia.com/advisories/39285 - http://web.archive.org/web/20140723203010/http://secunia.com/advisories/39285/
- http://www.exploit-db.com/exploits/12147
classification: classification:
cve-id: CVE-2010-1475 cve-id: CVE-2010-1475
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12145 - https://www.exploit-db.com/exploits/12145
- https://www.cvedetails.com/cve/CVE-2010-1478 - https://www.cvedetails.com/cve/CVE-2010-1478
- http://secunia.com/advisories/39262 - http://web.archive.org/web/20140723205157/http://secunia.com/advisories/39262/
- http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/ - http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12318 - https://www.exploit-db.com/exploits/12318
- https://www.cvedetails.com/cve/CVE-2010-1491 - https://www.cvedetails.com/cve/CVE-2010-1491
- http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt
- http://secunia.com/advisories/39533 - http://web.archive.org/web/20140724060325/http://secunia.com/advisories/39533/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1491 cve-id: CVE-2010-1491

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12142 - https://www.exploit-db.com/exploits/12142
- https://www.cvedetails.com/cve/CVE-2010-1533 - https://www.cvedetails.com/cve/CVE-2010-1533
- http://secunia.com/advisories/39258 - http://web.archive.org/web/20140723212810/http://secunia.com/advisories/39258/
- http://www.exploit-db.com/exploits/12142
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1533 cve-id: CVE-2010-1533

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12067 - https://www.exploit-db.com/exploits/12067
- https://www.cvedetails.com/cve/CVE-2010-1534 - https://www.cvedetails.com/cve/CVE-2010-1534
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/ - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
- http://secunia.com/advisories/39352 - http://web.archive.org/web/20140724182459/http://secunia.com/advisories/39352/
remediation: Upgrade to a supported version remediation: Upgrade to a supported version
classification: classification:
cve-id: CVE-2010-1534 cve-id: CVE-2010-1534

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12151 - https://www.exploit-db.com/exploits/12151
- https://www.cvedetails.com/cve/CVE-2010-1535 - https://www.cvedetails.com/cve/CVE-2010-1535
- http://secunia.com/advisories/39254 - http://web.archive.org/web/20140725030342/http://secunia.com/advisories/39254/
- http://www.exploit-db.com/exploits/12151
classification: classification:
cve-id: CVE-2010-1535 cve-id: CVE-2010-1535
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11625 - https://www.exploit-db.com/exploits/11625
- https://www.cvedetails.com/cve/CVE-2010-1540 - https://www.cvedetails.com/cve/CVE-2010-1540
- http://secunia.com/advisories/38777 - http://web.archive.org/web/20140721042709/http://secunia.com/advisories/38777/
- http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/ - http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
classification: classification:
cve-id: CVE-2010-1540 cve-id: CVE-2010-1540

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12236 - https://www.exploit-db.com/exploits/12236
- https://www.cvedetails.com/cve/CVE-2010-1601 - https://www.cvedetails.com/cve/CVE-2010-1601
- http://secunia.com/advisories/39472 - http://web.archive.org/web/20140803084823/http://secunia.com/advisories/39472/
- http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt
classification: classification:
cve-id: CVE-2010-1601 cve-id: CVE-2010-1601

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12316 - https://www.exploit-db.com/exploits/12316
- https://www.cvedetails.com/cve/CVE-2010-1607 - https://www.cvedetails.com/cve/CVE-2010-1607
- http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/ - http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
- http://secunia.com/advisories/39539 - http://web.archive.org/web/20111227231442/http://secunia.com/advisories/39539/
classification: classification:
cve-id: CVE-2010-1607 cve-id: CVE-2010-1607
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/12427 - https://www.exploit-db.com/exploits/12427
- https://www.cvedetails.com/cve/CVE-2010-1658 - https://www.cvedetails.com/cve/CVE-2010-1658
- http://www.vupen.com/english/advisories/2010/1007 - http://www.vupen.com/english/advisories/2010/1007
- http://secunia.com/advisories/39600
classification: classification:
cve-id: CVE-2010-1658 cve-id: CVE-2010-1658
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12168 - https://www.exploit-db.com/exploits/12168
- https://www.cvedetails.com/cve/CVE-2010-1714 - https://www.cvedetails.com/cve/CVE-2010-1714
- http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt
- http://secunia.com/advisories/39413 - http://web.archive.org/web/20140723192327/http://secunia.com/advisories/39413/
classification: classification:
cve-id: CVE-2010-1714 cve-id: CVE-2010-1714
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/12174 - https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715 - https://www.cvedetails.com/cve/CVE-2010-1715
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
- http://www.osvdb.org/63659
classification: classification:
cve-id: CVE-2010-1715 cve-id: CVE-2010-1715
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12291 - https://www.exploit-db.com/exploits/12291
- https://www.cvedetails.com/cve/CVE-2010-1717 - https://www.cvedetails.com/cve/CVE-2010-1717
- http://secunia.com/advisories/39526 - http://web.archive.org/web/20140805095004/http://secunia.com/advisories/39526/
- http://www.vupen.com/english/advisories/2010/0924 - http://www.vupen.com/english/advisories/2010/0924
classification: classification:
cve-id: CVE-2010-1717 cve-id: CVE-2010-1717

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12282 - https://www.exploit-db.com/exploits/12282
- https://www.cvedetails.com/cve/CVE-2010-1718 - https://www.cvedetails.com/cve/CVE-2010-1718
- http://secunia.com/advisories/39521 - http://web.archive.org/web/20140805094212/http://secunia.com/advisories/39521/
- http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/ - http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
classification: classification:
cve-id: CVE-2010-1718 cve-id: CVE-2010-1718

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12177 - https://www.exploit-db.com/exploits/12177
- https://www.cvedetails.com/cve/CVE-2010-1722 - https://www.cvedetails.com/cve/CVE-2010-1722
- http://secunia.com/advisories/39409 - http://web.archive.org/web/20140723201810/http://secunia.com/advisories/39409/
- http://www.exploit-db.com/exploits/12177 - http://www.exploit-db.com/exploits/12177
classification: classification:
cve-id: CVE-2010-1722 cve-id: CVE-2010-1722

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12289 - https://www.exploit-db.com/exploits/12289
- https://www.cvedetails.com/cve/CVE-2010-1723 - https://www.cvedetails.com/cve/CVE-2010-1723
- http://secunia.com/advisories/39524 - http://web.archive.org/web/20140805101847/http://secunia.com/advisories/39524/
- http://www.exploit-db.com/exploits/12289
classification: classification:
cve-id: CVE-2010-1723 cve-id: CVE-2010-1723
tags: cve,cve2010,joomla,lfi tags: cve,cve2010,joomla,lfi

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/11851 - https://www.exploit-db.com/exploits/11851
- https://www.cvedetails.com/cve/CVE-2010-1875 - https://www.cvedetails.com/cve/CVE-2010-1875
- http://secunia.com/advisories/39074 - http://web.archive.org/web/20140802140355/http://secunia.com/advisories/39074/
- http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/ - http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/
classification: classification:
cve-id: CVE-2010-1875 cve-id: CVE-2010-1875

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12239 - https://www.exploit-db.com/exploits/12239
- https://www.cvedetails.com/cve/CVE-2010-1952 - https://www.cvedetails.com/cve/CVE-2010-1952
- http://secunia.com/advisories/39475 - http://web.archive.org/web/20151016194238/http://secunia.com/advisories/39475/
- http://www.exploit-db.com/exploits/12239 - http://www.exploit-db.com/exploits/12239
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12238 - https://www.exploit-db.com/exploits/12238
- https://www.cvedetails.com/cve/CVE-2010-1955 - https://www.cvedetails.com/cve/CVE-2010-1955
- http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/ - http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/
- http://secunia.com/advisories/39473 - http://web.archive.org/web/20140803091440/http://secunia.com/advisories/39473/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1955 cve-id: CVE-2010-1955

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12285 - https://www.exploit-db.com/exploits/12285
- https://www.cvedetails.com/cve/CVE-2010-1956 - https://www.cvedetails.com/cve/CVE-2010-1956
- http://secunia.com/advisories/39522 - http://web.archive.org/web/20140805105431/http://secunia.com/advisories/39522/
- http://www.exploit-db.com/exploits/12285
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1956 cve-id: CVE-2010-1956

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12083 - https://www.exploit-db.com/exploits/12083
- https://www.cvedetails.com/cve/CVE-2010-1977 - https://www.cvedetails.com/cve/CVE-2010-1977
- http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/ - http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/
- http://secunia.com/advisories/39356 - http://web.archive.org/web/20140724201603/http://secunia.com/advisories/39356/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1977 cve-id: CVE-2010-1977

View File

@ -8,7 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12088 - https://www.exploit-db.com/exploits/12088
- https://www.cvedetails.com/cve/CVE-2010-1979 - https://www.cvedetails.com/cve/CVE-2010-1979
- http://secunia.com/advisories/39360 - http://web.archive.org/web/20140724185517/http://secunia.com/advisories/39360/
- http://www.exploit-db.com/exploits/12088
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-1979 cve-id: CVE-2010-1979

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12121 - https://www.exploit-db.com/exploits/12121
- https://www.cvedetails.com/cve/CVE-2010-1982 - https://www.cvedetails.com/cve/CVE-2010-1982
- http://secunia.com/advisories/39202 - http://web.archive.org/web/20140723233933/http://secunia.com/advisories/39202/
- http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/ - http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
- https://www.cvedetails.com/cve/CVE-2010-2033 - https://www.cvedetails.com/cve/CVE-2010-2033
- http://secunia.com/advisories/39873 - http://web.archive.org/web/20140805143014/http://secunia.com/advisories/39873/
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/12607 - https://www.exploit-db.com/exploits/12607
- https://www.cvedetails.com/cve/CVE-2010-2128 - https://www.cvedetails.com/cve/CVE-2010-2128
- http://secunia.com/advisories/39832 - http://web.archive.org/web/20140801195113/http://secunia.com/advisories/39832/
- http://www.exploit-db.com/exploits/12607 - http://www.exploit-db.com/exploits/12607
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/10946 - https://www.exploit-db.com/exploits/10946
- https://www.cvedetails.com/cve/CVE-2010-2259 - https://www.cvedetails.com/cve/CVE-2010-2259
- http://secunia.com/advisories/37866 - http://web.archive.org/web/20140724121430/http://secunia.com/advisories/37866/
- http://www.exploit-db.com/exploits/10946 - http://www.exploit-db.com/exploits/10946
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info - http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - https://nvd.nist.gov/vuln/detail/CVE-2010-2307
- https://www.exploit-db.com/exploits/12865 - https://www.exploit-db.com/exploits/12865
- http://www.osvdb.org/65249 - http://www.exploit-db.com/exploits/12865
remediation: Upgrade to a supported product version. remediation: Upgrade to a supported product version.
classification: classification:
cve-id: CVE-2010-2307 cve-id: CVE-2010-2307

View File

@ -8,8 +8,8 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/13981 - https://www.exploit-db.com/exploits/13981
- https://www.cvedetails.com/cve/CVE-2010-2507 - https://www.cvedetails.com/cve/CVE-2010-2507
- http://secunia.com/advisories/40297 - http://web.archive.org/web/20140805070317/http://secunia.com/advisories/40297/
- http://osvdb.org/65674 - http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2010-2507 cve-id: CVE-2010-2507

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/14845 - https://www.exploit-db.com/exploits/14845
- https://www.cvedetails.com/cve/CVE-2010-3203 - https://www.cvedetails.com/cve/CVE-2010-3203
- http://secunia.com/advisories/41187 - http://web.archive.org/web/20150105095919/http://secunia.com:80/advisories/41187/
- http://www.exploit-db.com/exploits/14845 - http://www.exploit-db.com/exploits/14845
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -8,7 +8,7 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/15585 - https://www.exploit-db.com/exploits/15585
- https://www.cvedetails.com/cve/CVE-2010-4769 - https://www.cvedetails.com/cve/CVE-2010-4769
- http://secunia.com/advisories/42324 - http://web.archive.org/web/20140803011658/http://secunia.com/advisories/42324/
- http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/ - http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/34788 - https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278 - https://www.cvedetails.com/cve/CVE-2010-5278
- http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt - http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt
- http://secunia.com/advisories/41638 - http://web.archive.org/web/20140803154716/http://secunia.com/advisories/41638/
classification: classification:
cve-id: CVE-2010-5278 cve-id: CVE-2010-5278
tags: cve,cve2010,lfi tags: cve,cve2010,lfi

View File

@ -9,7 +9,7 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119 - https://www.exploit-db.com/exploits/17119
- http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/ - http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/
- http://www.securityfocus.com/bid/47146 - http://www.exploit-db.com/exploits/17119
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cve-id: CVE-2011-1669 cve-id: CVE-2011-1669

View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/35945 - https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744 - https://www.cvedetails.com/cve/CVE-2011-2744
- http://www.openwall.com/lists/oss-security/2011/07/13/6 - http://www.openwall.com/lists/oss-security/2011/07/13/6
- http://secunia.com/advisories/45184 - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
classification: classification:
cve-id: CVE-2011-2744 cve-id: CVE-2011-2744
tags: cve,cve2011,lfi,chyrp tags: cve,cve2011,lfi,chyrp

View File

@ -11,7 +11,7 @@ info:
- http://www.ocert.org/advisories/ocert-2011-001.html - http://www.ocert.org/advisories/ocert-2011-001.html
- http://www.openwall.com/lists/oss-security/2011/07/13/6 - http://www.openwall.com/lists/oss-security/2011/07/13/6
- http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/ - http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/
- http://secunia.com/advisories/45184 - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
- http://securityreason.com/securityalert/8312 - http://securityreason.com/securityalert/8312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
- http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded - http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded

View File

@ -9,7 +9,6 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - https://nvd.nist.gov/vuln/detail/CVE-2011-4336
- http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info - http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140 - https://seclists.org/bugtraq/2011/Nov/140
- https://www.securityfocus.com/bid/48806/info
remediation: Upgrade to a supported version. remediation: Upgrade to a supported version.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Some files were not shown because too many files have changed in this diff Show More