Merge branch 'projectdiscovery:master' into git-logs-exposure
commit
df22c18220
|
@ -0,0 +1,18 @@
|
||||||
|
name: Cache Purge
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Purge cache
|
||||||
|
uses: jakejarvis/cloudflare-purge-action@master
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
|
||||||
|
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
|
||||||
|
PURGE_URLS: '["https://version-check.nuclei.sh/versions"]'
|
|
@ -25,5 +25,5 @@ jobs:
|
||||||
- name: Template Validation
|
- name: Template Validation
|
||||||
run: |
|
run: |
|
||||||
cp -r ${{ github.workspace }} $HOME
|
cp -r ${{ github.workspace }} $HOME
|
||||||
nuclei -validate -t .
|
nuclei -validate -t . -et .git/
|
||||||
nuclei -validate -w ./workflows
|
nuclei -validate -w ./workflows
|
|
@ -1,29 +1,51 @@
|
||||||
cves/2018/CVE-2018-10230.yaml
|
cves/2015/CVE-2015-4666.yaml
|
||||||
cves/2018/CVE-2018-14474.yaml
|
cves/2018/CVE-2018-1000856.yaml
|
||||||
cves/2018/CVE-2018-16761.yaml
|
cves/2018/CVE-2018-19137.yaml
|
||||||
cves/2020/CVE-2020-22208.yaml
|
cves/2018/CVE-2018-19751.yaml
|
||||||
cves/2020/CVE-2020-22209.yaml
|
cves/2018/CVE-2018-19752.yaml
|
||||||
cves/2020/CVE-2020-22211.yaml
|
cves/2018/CVE-2018-19892.yaml
|
||||||
cves/2020/CVE-2020-29597.yaml
|
cves/2019/CVE-2019-9922.yaml
|
||||||
cves/2021/CVE-2021-27748.yaml
|
cves/2022/CVE-2022-0656.yaml
|
||||||
cves/2021/CVE-2021-37589.yaml
|
exposed-panels/claris-filemaker-webdirect.yaml
|
||||||
cves/2021/CVE-2021-39211.yaml
|
exposed-panels/honeywell-xl-web-controller.yaml
|
||||||
cves/2021/CVE-2021-40149.yaml
|
exposed-panels/icewarp-panel-detect.yaml
|
||||||
cves/2021/CVE-2021-40150.yaml
|
exposed-panels/noescape-login.yaml
|
||||||
cves/2022/CVE-2022-29383.yaml
|
exposed-panels/smartping-dashboard.yaml
|
||||||
cves/2022/CVE-2022-31268.yaml
|
exposed-panels/sonicwall-analyzer-login.yaml
|
||||||
exposed-panels/eventum-panel.yaml
|
exposed-panels/tembosocial-panel.yaml
|
||||||
exposed-panels/flip-cms-panel.yaml
|
exposed-panels/tenda-web-master.yaml
|
||||||
exposed-panels/virtua-software-panel.yaml
|
exposed-panels/tiny-file-manager.yaml
|
||||||
exposures/files/appsettings-file-disclosure.yaml
|
exposed-panels/veeam-backup-gcp.yaml
|
||||||
exposures/files/azure-pipelines-exposed.yaml
|
exposed-panels/vmware-carbon-black-edr.yaml
|
||||||
exposures/files/django-secret-key.yaml
|
exposed-panels/vmware-cloud-availability.yaml
|
||||||
exposures/files/ftpconfig.yaml
|
exposed-panels/vmware-cloud-director.yaml
|
||||||
exposures/files/git-mailmap.yaml
|
exposed-panels/vmware-ftp-server.yaml
|
||||||
exposures/files/php-ini.yaml
|
exposed-panels/vmware-horizon-daas.yaml
|
||||||
exposures/tokens/azure/azure-apim-secretkey.yaml
|
exposed-panels/vmware-vcenter-converter-standalone.yaml
|
||||||
exposures/tokens/nextjs/cipher-secret-key.yaml
|
exposed-panels/vmware-vcloud-director.yaml
|
||||||
misconfiguration/jupyter-notebooks-exposed.yaml
|
exposed-panels/web-file-manager.yaml
|
||||||
vulnerabilities/other/74cms-sqli.yaml
|
exposures/configs/config-rb.yaml
|
||||||
vulnerabilities/other/orbiteam-bscw-server-lfi.yaml
|
exposures/configs/gcloud-config-default.yaml
|
||||||
vulnerabilities/other/phpok-sqli.yaml
|
exposures/configs/phpstan-config.yaml
|
||||||
|
exposures/configs/wgetrc-config.yaml
|
||||||
|
exposures/files/composer-auth-json.yaml
|
||||||
|
exposures/files/credentials-json.yaml
|
||||||
|
exposures/files/environment-rb.yaml
|
||||||
|
exposures/files/gcloud-access-token.yaml
|
||||||
|
exposures/files/gcloud-credentials.yaml
|
||||||
|
exposures/files/get-access-token-json.yaml
|
||||||
|
exposures/files/google-api-private-key.yaml
|
||||||
|
exposures/files/google-services-json.yaml
|
||||||
|
exposures/files/jsapi-ticket-json.yaml
|
||||||
|
exposures/files/npm-cli-metrics-json.yaml
|
||||||
|
exposures/files/oauth-credentials-json.yaml
|
||||||
|
exposures/files/secret-token-rb.yaml
|
||||||
|
exposures/files/symfony-properties-ini.yaml
|
||||||
|
exposures/files/token-info-json.yaml
|
||||||
|
exposures/files/token-json.yaml
|
||||||
|
exposures/files/wget-hsts-list-exposure.yaml
|
||||||
|
exposures/files/ws-ftp-ini.yaml
|
||||||
|
technologies/default-page-azure-container.yaml
|
||||||
|
technologies/default-parallels-plesk.yaml
|
||||||
|
technologies/json-server.yaml
|
||||||
|
technologies/samsung-smarttv-debug.yaml
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
#
|
#
|
||||||
# This is default list of tags and files to excluded from default nuclei scan.
|
# This is default list of tags and files to excluded from default nuclei scan.
|
||||||
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
||||||
|
#
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
# Automatically updated by nuclei on execution from nuclei-templates
|
||||||
|
# User changes should be in nuclei config file
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
|
||||||
# tags is a list of tags to ignore execution for
|
# tags is a list of tags to ignore execution for
|
||||||
# unless asked for by the user.
|
# unless asked for by the user.
|
||||||
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
|
| cve | 1240 | daffainfo | 601 | cves | 1236 | info | 1306 | http | 3408 |
|
||||||
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
|
| panel | 556 | dhiyaneshdk | 451 | exposed-panels | 564 | high | 920 | file | 76 |
|
||||||
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
|
| lfi | 475 | pikpikcu | 316 | vulnerabilities | 468 | medium | 716 | network | 50 |
|
||||||
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
|
| xss | 402 | pdteam | 268 | technologies | 260 | critical | 422 | dns | 17 |
|
||||||
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
|
| wordpress | 388 | geeknik | 187 | exposures | 222 | low | 194 | | |
|
||||||
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
| exposure | 322 | dwisiswant0 | 169 | misconfiguration | 206 | unknown | 6 | | |
|
||||||
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
|
| cve2021 | 307 | 0x_akoko | 148 | token-spray | 206 | | | | |
|
||||||
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
|
| rce | 305 | princechaddha | 146 | workflows | 187 | | | | |
|
||||||
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
|
| wp-plugin | 283 | pussycat0x | 125 | default-logins | 98 | | | | |
|
||||||
| tech | 274 | gy741 | 122 | file | 76 | | | | |
|
| tech | 276 | gy741 | 124 | file | 76 | | | | |
|
||||||
|
|
||||||
**265 directories, 3636 files**.
|
**279 directories, 3823 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
File diff suppressed because one or more lines are too long
3262
TEMPLATES-STATS.md
3262
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 1195 | daffainfo | 565 | cves | 1200 | info | 1230 | http | 3269 |
|
| cve | 1240 | daffainfo | 601 | cves | 1236 | info | 1306 | http | 3408 |
|
||||||
| panel | 525 | dhiyaneshdk | 424 | exposed-panels | 535 | high | 899 | file | 76 |
|
| panel | 556 | dhiyaneshdk | 451 | exposed-panels | 564 | high | 920 | file | 76 |
|
||||||
| lfi | 467 | pikpikcu | 316 | vulnerabilities | 458 | medium | 687 | network | 50 |
|
| lfi | 475 | pikpikcu | 316 | vulnerabilities | 468 | medium | 716 | network | 50 |
|
||||||
| xss | 382 | pdteam | 268 | technologies | 258 | critical | 415 | dns | 17 |
|
| xss | 402 | pdteam | 268 | technologies | 260 | critical | 422 | dns | 17 |
|
||||||
| wordpress | 376 | geeknik | 181 | exposures | 205 | low | 186 | | |
|
| wordpress | 388 | geeknik | 187 | exposures | 222 | low | 194 | | |
|
||||||
| rce | 304 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
| exposure | 322 | dwisiswant0 | 169 | misconfiguration | 206 | unknown | 6 | | |
|
||||||
| exposure | 298 | 0x_akoko | 139 | workflows | 187 | | | | |
|
| cve2021 | 307 | 0x_akoko | 148 | token-spray | 206 | | | | |
|
||||||
| cve2021 | 294 | princechaddha | 139 | token-spray | 169 | | | | |
|
| rce | 305 | princechaddha | 146 | workflows | 187 | | | | |
|
||||||
| wp-plugin | 275 | pussycat0x | 124 | default-logins | 96 | | | | |
|
| wp-plugin | 283 | pussycat0x | 125 | default-logins | 98 | | | | |
|
||||||
| tech | 274 | gy741 | 122 | file | 76 | | | | |
|
| tech | 276 | gy741 | 124 | file | 76 | | | | |
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: CNVD-2018-13393
|
id: CNVD-2018-13393
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Metinfo LFI
|
name: Metinfo - Local File Inclusion
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Metinfo is susceptible to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://paper.seebug.org/676/
|
- https://paper.seebug.org/676/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: metinfo,cnvd,cvnd2018,lfi
|
tags: metinfo,cnvd,cvnd2018,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +28,5 @@ requests:
|
||||||
- "<?php"
|
- "<?php"
|
||||||
- "login_met_cookie($metinfo_admin_name);"
|
- "login_met_cookie($metinfo_admin_name);"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/05
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
id: CNVD-2020-67113
|
id: CNVD-2020-67113
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113)
|
name: H5S CONSOLE - Unauthorized Access
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: medium
|
||||||
description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability
|
description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://vul.wangan.com/a/CNVD-2020-67113
|
- https://vul.wangan.com/a/CNVD-2020-67113
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 5.3
|
||||||
|
cwe-id: CWE-425
|
||||||
metadata:
|
metadata:
|
||||||
|
verified: true
|
||||||
shodan-query: http.title:"H5S CONSOLE"
|
shodan-query: http.title:"H5S CONSOLE"
|
||||||
tags: h5s,unauth,h5sconsole,cnvd,cnvd2020
|
tags: cnvd,cnvd2020,h5s,unauth,h5sconsole
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -42,3 +47,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: CNVD-2021-10543
|
id: CNVD-2021-10543
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: EEA Information Disclosure
|
name: EEA - Information Disclosure
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
|
description: EEA is susceptible to information disclosure.
|
||||||
reference:
|
reference:
|
||||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 5.3
|
||||||
|
cwe-id: CWE-200
|
||||||
tags: config,exposure,cnvd,cnvd2021
|
tags: config,exposure,cnvd,cnvd2021
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/05
|
||||||
|
|
|
@ -1,14 +1,19 @@
|
||||||
id: CNVD-2021-28277
|
id: CNVD-2021-28277
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Landray-OA Arbitrary - Arbitrary File Retrieval
|
name: Landray-OA - Local File Inclusion
|
||||||
author: pikpikcu,daffainfo
|
author: pikpikcu,daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Landray-OA is susceptible to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.aisoutu.com/a/1432457
|
- https://www.aisoutu.com/a/1432457
|
||||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: app="Landray OA system"
|
fofa-query: app="Landray OA system"
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: landray,lfi,cnvd,cnvd2021
|
tags: landray,lfi,cnvd,cnvd2021
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -42,3 +47,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,13 +1,19 @@
|
||||||
id: CNVD-2021-30167
|
id: CNVD-2021-30167
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: UFIDA NC BeanShell Remote Code Execution
|
name: UFIDA NC BeanShell Remote Command Execution
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
|
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
|
||||||
reference:
|
reference:
|
||||||
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
|
||||||
- https://www.cnvd.org.cn/webinfo/show/6491
|
- https://www.cnvd.org.cn/webinfo/show/6491
|
||||||
tags: beanshell,rce,cnvd,cnvd2021,yonyou
|
- https://chowdera.com/2022/03/202203110138271510.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 10.0
|
||||||
|
cwe-id: CWE-77
|
||||||
|
tags: cnvd,cnvd2021,beanshell,rce,yonyou
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -40,3 +46,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by cs on 2022/07/05
|
||||||
|
|
|
@ -6,10 +6,12 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||||
reference:
|
reference:
|
||||||
|
- http://www.redhat.com/support/errata/RHSA-2002-204.html
|
||||||
|
- http://www.debian.org/security/2002/dsa-191
|
||||||
|
- http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
|
||||||
- https://www.exploit-db.com/exploits/21811
|
- https://www.exploit-db.com/exploits/21811
|
||||||
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
|
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
|
||||||
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
|
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
|
||||||
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
|
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2002-1131
|
cve-id: CVE-2002-1131
|
||||||
tags: xss,squirrelmail,cve,cve2002
|
tags: xss,squirrelmail,cve,cve2002
|
||||||
|
|
|
@ -12,13 +12,14 @@ info:
|
||||||
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
|
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2005-3344
|
cve-id: CVE-2005-3344
|
||||||
tags: horde,unauth
|
tags: cve,cve2005,horde,unauth
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/horde/admin/user.php"
|
- "{{BaseURL}}/horde/admin/user.php"
|
||||||
- "{{BaseURL}}/admin/user.php"
|
- "{{BaseURL}}/admin/user.php"
|
||||||
|
|
||||||
headers:
|
headers:
|
||||||
Content-Type: text/html
|
Content-Type: text/html
|
||||||
|
|
||||||
|
@ -28,7 +29,6 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<title>Horde :: User Administration</title>"
|
- "<title>Horde :: User Administration</title>"
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
|
||||||
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
|
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
|
||||||
- http://www.securityfocus.com/bid/15940
|
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2005-4385
|
cve-id: CVE-2005-4385
|
||||||
tags: cofax,xss,cve,cve2005
|
tags: cofax,xss,cve,cve2005
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
|
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
|
||||||
- http://secunia.com/advisories/19587
|
- http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
|
||||||
- http://www.securityfocus.com/bid/17408
|
- http://www.vupen.com/english/advisories/2006/1292
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2006-1681
|
cve-id: CVE-2006-1681
|
||||||
tags: cherokee,httpd,xss,cve,cve2006
|
tags: cherokee,httpd,xss,cve,cve2006
|
||||||
|
|
|
@ -1,18 +1,22 @@
|
||||||
id: CVE-2006-2842
|
id: CVE-2006-2842
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
|
name: Squirrelmail <=1.4.6 - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
description: 'PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.'
|
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/27948
|
- https://www.exploit-db.com/exploits/27948
|
||||||
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
|
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
|
||||||
- http://www.squirrelmail.org/security/issue/2006-06-01
|
- http://www.squirrelmail.org/security/issue/2006-06-01
|
||||||
- http://secunia.com/advisories/20406
|
- http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2006-2842
|
cve-id: CVE-2006-2842
|
||||||
tags: cve2006,lfi,squirrelmail,cve
|
cwe-id: CWE-22
|
||||||
|
tags: cve,cve2006,lfi,squirrelmail
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
|
||||||
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
|
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
|
||||||
- http://www.securityfocus.com/bid/22503
|
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2007-0885
|
cve-id: CVE-2007-0885
|
||||||
tags: cve,cve2007,jira,xss
|
tags: cve,cve2007,jira,xss
|
||||||
|
|
|
@ -1,16 +1,20 @@
|
||||||
id: CVE-2007-4504
|
id: CVE-2007-4504
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval
|
name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
|
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/4307
|
- https://www.exploit-db.com/exploits/4307
|
||||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2007-4504
|
cve-id: CVE-2007-4504
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2007,joomla,lfi
|
tags: cve,cve2007,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -28,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/30090
|
- https://www.exploit-db.com/exploits/30090
|
||||||
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
|
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
|
||||||
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
|
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
|
||||||
- http://secunia.com/advisories/25446
|
- http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2007-5728
|
cve-id: CVE-2007-5728
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
|
||||||
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
|
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
|
||||||
- http://secunia.com/advisories/30333
|
- http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
|
||||||
- http://securityreason.com/securityalert/3896
|
- http://securityreason.com/securityalert/3896
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2008-2398
|
cve-id: CVE-2008-2398
|
||||||
|
|
|
@ -5,14 +5,18 @@ info:
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
|
||||||
reference:
|
reference:
|
||||||
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
|
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
|
||||||
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
|
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
|
||||||
- http://secunia.com/advisories/30463
|
- http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2008-2650
|
cve-id: CVE-2008-2650
|
||||||
tags: cve,cve2008,lfi
|
cwe-id: CWE-22
|
||||||
|
tags: cve,cve2008,lfi,cmsimple
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -23,10 +27,14 @@ requests:
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
- type: regex
|
|
||||||
regex:
|
# Enhanced by mp on 2022/07/06
|
||||||
- "root:.*:0:0:"
|
|
||||||
part: body
|
|
||||||
|
|
|
@ -1,15 +1,16 @@
|
||||||
id: CVE-2008-4668
|
id: CVE-2008-4668
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
|
name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
|
description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/6618
|
- https://www.exploit-db.com/exploits/6618
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-4668
|
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||||
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
|
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
|
||||||
- http://securityreason.com/securityalert/4464
|
- http://securityreason.com/securityalert/4464
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-4668
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2008-4668
|
cve-id: CVE-2008-4668
|
||||||
tags: cve,cve2008,joomla,lfi
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
@ -29,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2008-4764
|
id: CVE-2008-4764
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal
|
name: Joomla! <=2.0.0 RC2 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/5435
|
- https://www.exploit-db.com/exploits/5435
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||||
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
|
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2008-4764
|
cve-id: CVE-2008-4764
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2008,joomla,lfi
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -8,13 +8,13 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/7363
|
- https://www.exploit-db.com/exploits/7363
|
||||||
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
|
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
|
||||||
- http://secunia.com/advisories/33014
|
- http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
|
||||||
- http://secunia.com/advisories/33263
|
- http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2008-5587
|
cve-id: CVE-2008-5587
|
||||||
metadata:
|
metadata:
|
||||||
shodan-query: http.title:"phpPgAdmin"
|
shodan-query: http.title:"phpPgAdmin"
|
||||||
tags: cve2008,lfi,phppgadmin
|
tags: cve,cve2008,lfi,phppgadmin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2008-6080
|
id: CVE-2008-6080
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component ionFiles 4.4.2 - File Disclosure
|
name: Joomla! ionFiles 4.4.2 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/6809
|
- https://www.exploit-db.com/exploits/6809
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||||
- http://secunia.com/advisories/32377
|
- http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
|
||||||
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
|
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2008-6080
|
cve-id: CVE-2008-6080
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2008,joomla,lfi
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/6817
|
- https://www.exploit-db.com/exploits/6817
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-6172
|
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||||
- http://secunia.com/advisories/32367
|
- http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
|
||||||
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
|
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2008-6172
|
cve-id: CVE-2008-6172
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2008-6222
|
id: CVE-2008-6222
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
|
name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/6980
|
- https://www.exploit-db.com/exploits/6980
|
||||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||||
- http://secunia.com/advisories/32523
|
- http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
|
||||||
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
|
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2008-6222
|
cve-id: CVE-2008-6222
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2008,joomla,lfi
|
tags: cve,cve2008,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,18 +1,21 @@
|
||||||
id: CVE-2008-6668
|
id: CVE-2008-6668
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: nweb2fax <= 0.2.7 Directory Traversal
|
name: nweb2fax <=0.2.7 - Local File Inclusion
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: high
|
severity: high
|
||||||
description: Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via .. in the id parameter to comm.php and var_filename parameter to viewrq.php.
|
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/5856
|
- https://www.exploit-db.com/exploits/5856
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
|
||||||
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
|
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2008-6668
|
cve-id: CVE-2008-6668
|
||||||
tags: nweb2fax,lfi,cve,cve2008,traversal
|
cwe-id: CWE-22
|
||||||
|
tags: cve,cve2008,nweb2fax,lfi,traversal
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -22,10 +25,14 @@ requests:
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
- type: regex
|
- type: regex
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- "root:.*:0:0:"
|
- "root:.*:0:0:"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,20 @@
|
||||||
id: CVE-2009-0932
|
id: CVE-2009-0932
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Horde - Horde_Image::factory driver Argument LFI
|
name: Horde/Horde Groupware - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/16154
|
- https://www.exploit-db.com/exploits/16154
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
|
||||||
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
|
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
|
||||||
- http://secunia.com/advisories/33695
|
- http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-0932
|
cve-id: CVE-2009-0932
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,horde,lfi,traversal
|
tags: cve,cve2009,horde,lfi,traversal
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2009-1151
|
id: CVE-2009-1151
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
name: PhpMyAdmin Scripts - Remote Code Execution
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||||
reference:
|
reference:
|
||||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||||
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
|
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
|
||||||
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 10
|
||||||
cve-id: CVE-2009-1151
|
cve-id: CVE-2009-1151
|
||||||
|
cwe-id: CWE-77
|
||||||
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
|
tags: cve,cve2009,phpmyadmin,rce,deserialization,cisa
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -34,3 +38,5 @@ requests:
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- "root:.*:0:0:"
|
- "root:.*:0:0:"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,20 @@
|
||||||
id: CVE-2009-1496
|
id: CVE-2009-1496
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
|
name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
description: |
|
||||||
|
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/8367
|
- https://www.exploit-db.com/exploits/8367
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-1496
|
|
||||||
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
|
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
|
||||||
- http://www.securityfocus.com/bid/34431
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-1496
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-1496
|
cve-id: CVE-2009-1496
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,joomla,lfi
|
tags: cve,cve2009,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2009-1558
|
id: CVE-2009-1558
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal
|
name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/32954
|
- https://www.exploit-db.com/exploits/32954
|
||||||
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
|
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
|
||||||
- http://www.vupen.com/english/advisories/2009/1173
|
- http://www.vupen.com/english/advisories/2009/1173
|
||||||
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
|
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-1558
|
cve-id: CVE-2009-1558
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
|
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -28,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2009-2015
|
id: CVE-2009-2015
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
|
name: Joomla! MooFAQ 1.0 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/8898
|
- https://www.exploit-db.com/exploits/8898
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||||
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
|
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
|
||||||
- http://www.vupen.com/english/advisories/2009/1530
|
- http://www.vupen.com/english/advisories/2009/1530
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-2015
|
cve-id: CVE-2009-2015
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,joomla,lfi
|
tags: cve,cve2009,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2009-2100
|
id: CVE-2009-2100
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
|
name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
|
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/8946
|
- https://www.exploit-db.com/exploits/8946
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||||
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
|
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
|
||||||
- http://www.securityfocus.com/bid/35378
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-2100
|
||||||
|
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-2100
|
cve-id: CVE-2009-2100
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,joomla,lfi
|
tags: cve,cve2009,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
id: CVE-2009-3053
|
id: CVE-2009-3053
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
|
name: Joomla! Agora 3.0.0b - Local File Inclusion
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
|
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/9564
|
- https://www.exploit-db.com/exploits/9564
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||||
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
|
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
|
||||||
classification:
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2009-3053
|
cve-id: CVE-2009-3053
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: cve,cve2009,joomla,lfi
|
tags: cve,cve2009,joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/06
|
||||||
|
|
|
@ -10,7 +10,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/33440
|
- https://www.exploit-db.com/exploits/33440
|
||||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
|
||||||
- http://secunia.com/advisories/37760
|
- http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2009-4679
|
cve-id: CVE-2009-4679
|
||||||
tags: cve,cve2009,joomla,lfi,nexus
|
tags: cve,cve2009,joomla,lfi,nexus
|
||||||
|
|
|
@ -14,7 +14,7 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2009-5020
|
cve-id: CVE-2009-5020
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
tags: cve,cve2020,redirect,awstats
|
tags: cve,cve2009,redirect,awstats
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/10943
|
- https://www.exploit-db.com/exploits/10943
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||||
- http://secunia.com/advisories/37896
|
- http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/
|
||||||
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
|
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11447
|
- https://www.exploit-db.com/exploits/11447
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0696
|
- https://www.cvedetails.com/cve/CVE-2010-0696
|
||||||
- http://secunia.com/advisories/38587
|
- http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/
|
||||||
- http://www.joomlaworks.gr/content/view/77/34/
|
- http://www.joomlaworks.gr/content/view/77/34/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11498
|
- https://www.exploit-db.com/exploits/11498
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0759
|
- https://www.cvedetails.com/cve/CVE-2010-0759
|
||||||
- http://secunia.com/advisories/38637
|
- http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/
|
||||||
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
|
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11090
|
- https://www.exploit-db.com/exploits/11090
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0943
|
- https://www.cvedetails.com/cve/CVE-2010-0943
|
||||||
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
|
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
|
||||||
- http://secunia.com/advisories/33486
|
- http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-0943
|
cve-id: CVE-2010-0943
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11738
|
- https://www.exploit-db.com/exploits/11738
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0972
|
- https://www.cvedetails.com/cve/CVE-2010-0972
|
||||||
- http://secunia.com/advisories/38925
|
- http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/
|
||||||
|
- http://www.exploit-db.com/exploits/11738
|
||||||
remediation: Apply all relevant security patches and product upgrades.
|
remediation: Apply all relevant security patches and product upgrades.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-0972
|
cve-id: CVE-2010-0972
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/10942
|
- https://www.exploit-db.com/exploits/10942
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0982
|
- https://www.cvedetails.com/cve/CVE-2010-0982
|
||||||
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
|
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
|
||||||
- http://secunia.com/advisories/37917
|
- http://web.archive.org/web/20151104182451/http://secunia.com/advisories/37917/
|
||||||
remediation: Apply all relevant security patches and product upgrades.
|
remediation: Apply all relevant security patches and product upgrades.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-0982
|
cve-id: CVE-2010-0982
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/10948
|
- https://www.exploit-db.com/exploits/10948
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-0985
|
- https://www.cvedetails.com/cve/CVE-2010-0985
|
||||||
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
|
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
|
||||||
- http://www.securityfocus.com/bid/37560
|
- http://www.exploit-db.com/exploits/10948
|
||||||
remediation: Apply all relevant security patches and product upgrades.
|
remediation: Apply all relevant security patches and product upgrades.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-0985
|
cve-id: CVE-2010-0985
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11760
|
- https://www.exploit-db.com/exploits/11760
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1056
|
- https://www.cvedetails.com/cve/CVE-2010-1056
|
||||||
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
|
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
|
||||||
- http://secunia.com/advisories/38982
|
- http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/
|
||||||
remediation: Apply all relevant security patches and product upgrades.
|
remediation: Apply all relevant security patches and product upgrades.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1056
|
cve-id: CVE-2010-1056
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11511
|
- https://www.exploit-db.com/exploits/11511
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1081
|
- https://www.cvedetails.com/cve/CVE-2010-1081
|
||||||
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
||||||
- http://osvdb.org/62506
|
|
||||||
remediation: Apply all relevant security patches and product upgrades.
|
remediation: Apply all relevant security patches and product upgrades.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1081
|
cve-id: CVE-2010-1081
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11757
|
- https://www.exploit-db.com/exploits/11757
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1219
|
- https://www.cvedetails.com/cve/CVE-2010-1219
|
||||||
- http://secunia.com/advisories/38952
|
- http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952
|
||||||
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
|
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11978
|
- https://www.exploit-db.com/exploits/11978
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1302
|
- https://www.cvedetails.com/cve/CVE-2010-1302
|
||||||
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
|
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
|
||||||
- http://secunia.com/advisories/39200
|
- http://web.archive.org/web/20140805062036/http://secunia.com/advisories/39200/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1302
|
cve-id: CVE-2010-1302
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11998
|
- https://www.exploit-db.com/exploits/11998
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1304
|
- https://www.cvedetails.com/cve/CVE-2010-1304
|
||||||
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
|
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
|
||||||
- http://www.securityfocus.com/bid/39174
|
- http://www.exploit-db.com/exploits/11998
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1304
|
cve-id: CVE-2010-1304
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12065
|
- https://www.exploit-db.com/exploits/12065
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1305
|
- https://www.cvedetails.com/cve/CVE-2010-1305
|
||||||
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
|
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
|
||||||
- http://secunia.com/advisories/39351
|
- http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1305
|
cve-id: CVE-2010-1305
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12058
|
- https://www.exploit-db.com/exploits/12058
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1306
|
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||||
- http://secunia.com/advisories/39338
|
- http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/
|
||||||
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
|
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12070
|
- https://www.exploit-db.com/exploits/12070
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1307
|
- https://www.cvedetails.com/cve/CVE-2010-1307
|
||||||
- http://secunia.com/advisories/39348
|
- http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/
|
||||||
- http://www.vupen.com/english/advisories/2010/0806
|
- http://www.vupen.com/english/advisories/2010/0806
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12077
|
- https://www.exploit-db.com/exploits/12077
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1312
|
- https://www.cvedetails.com/cve/CVE-2010-1312
|
||||||
- http://secunia.com/advisories/39289
|
- http://web.archive.org/web/20140724200344/http://secunia.com/advisories/39289/
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12082
|
- https://www.exploit-db.com/exploits/12082
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1313
|
- https://www.cvedetails.com/cve/CVE-2010-1313
|
||||||
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
|
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
|
||||||
- http://www.securityfocus.com/bid/39237
|
- http://www.exploit-db.com/exploits/12082
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1313
|
cve-id: CVE-2010-1313
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12086
|
- https://www.exploit-db.com/exploits/12086
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1314
|
- https://www.cvedetails.com/cve/CVE-2010-1314
|
||||||
- http://secunia.com/advisories/39359
|
- http://web.archive.org/web/20140724203458/http://secunia.com/advisories/39359/
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11999
|
- https://www.exploit-db.com/exploits/11999
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1315
|
- https://www.cvedetails.com/cve/CVE-2010-1315
|
||||||
- http://secunia.com/advisories/39209
|
- http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12084
|
- https://www.exploit-db.com/exploits/12084
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1352
|
- https://www.cvedetails.com/cve/CVE-2010-1352
|
||||||
- http://secunia.com/advisories/39357
|
- http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12102
|
- https://www.exploit-db.com/exploits/12102
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1354
|
- https://www.cvedetails.com/cve/CVE-2010-1354
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt
|
||||||
- http://secunia.com/advisories/39296
|
- http://web.archive.org/web/20140724190841/http://secunia.com/advisories/39296/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1354
|
cve-id: CVE-2010-1354
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12232
|
- https://www.exploit-db.com/exploits/12232
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1461
|
- https://www.cvedetails.com/cve/CVE-2010-1461
|
||||||
- http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
|
- http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
|
||||||
- http://www.securityfocus.com/bid/39504
|
- http://www.exploit-db.com/exploits/12232
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1461
|
cve-id: CVE-2010-1461
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12166
|
- https://www.exploit-db.com/exploits/12166
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1470
|
- https://www.cvedetails.com/cve/CVE-2010-1470
|
||||||
- http://secunia.com/advisories/39405
|
- http://web.archive.org/web/20140723205548/http://secunia.com/advisories/39405/
|
||||||
|
- http://www.exploit-db.com/exploits/12166
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1470
|
cve-id: CVE-2010-1470
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12167
|
- https://www.exploit-db.com/exploits/12167
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1472
|
- https://www.cvedetails.com/cve/CVE-2010-1472
|
||||||
- http://secunia.com/advisories/39406
|
- http://web.archive.org/web/20140723200143/http://secunia.com/advisories/39406/
|
||||||
- http://www.exploit-db.com/exploits/12167
|
- http://www.exploit-db.com/exploits/12167
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12171
|
- https://www.exploit-db.com/exploits/12171
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1473
|
- https://www.cvedetails.com/cve/CVE-2010-1473
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt
|
||||||
- http://secunia.com/advisories/39410
|
- http://web.archive.org/web/20140723213338/http://secunia.com/advisories/39410/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1473
|
cve-id: CVE-2010-1473
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12182
|
- https://www.exploit-db.com/exploits/12182
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1474
|
- https://www.cvedetails.com/cve/CVE-2010-1474
|
||||||
- http://secunia.com/advisories/39388
|
- http://web.archive.org/web/20140723205926/http://secunia.com/advisories/39388/
|
||||||
|
- http://www.exploit-db.com/exploits/12182
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1474
|
cve-id: CVE-2010-1474
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12147
|
- https://www.exploit-db.com/exploits/12147
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1475
|
- https://www.cvedetails.com/cve/CVE-2010-1475
|
||||||
- http://secunia.com/advisories/39285
|
- http://web.archive.org/web/20140723203010/http://secunia.com/advisories/39285/
|
||||||
|
- http://www.exploit-db.com/exploits/12147
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1475
|
cve-id: CVE-2010-1475
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12145
|
- https://www.exploit-db.com/exploits/12145
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1478
|
- https://www.cvedetails.com/cve/CVE-2010-1478
|
||||||
- http://secunia.com/advisories/39262
|
- http://web.archive.org/web/20140723205157/http://secunia.com/advisories/39262/
|
||||||
- http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
|
- http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12318
|
- https://www.exploit-db.com/exploits/12318
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1491
|
- https://www.cvedetails.com/cve/CVE-2010-1491
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt
|
||||||
- http://secunia.com/advisories/39533
|
- http://web.archive.org/web/20140724060325/http://secunia.com/advisories/39533/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1491
|
cve-id: CVE-2010-1491
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12142
|
- https://www.exploit-db.com/exploits/12142
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1533
|
- https://www.cvedetails.com/cve/CVE-2010-1533
|
||||||
- http://secunia.com/advisories/39258
|
- http://web.archive.org/web/20140723212810/http://secunia.com/advisories/39258/
|
||||||
|
- http://www.exploit-db.com/exploits/12142
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1533
|
cve-id: CVE-2010-1533
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12067
|
- https://www.exploit-db.com/exploits/12067
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1534
|
- https://www.cvedetails.com/cve/CVE-2010-1534
|
||||||
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
|
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
|
||||||
- http://secunia.com/advisories/39352
|
- http://web.archive.org/web/20140724182459/http://secunia.com/advisories/39352/
|
||||||
remediation: Upgrade to a supported version
|
remediation: Upgrade to a supported version
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1534
|
cve-id: CVE-2010-1534
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12151
|
- https://www.exploit-db.com/exploits/12151
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1535
|
- https://www.cvedetails.com/cve/CVE-2010-1535
|
||||||
- http://secunia.com/advisories/39254
|
- http://web.archive.org/web/20140725030342/http://secunia.com/advisories/39254/
|
||||||
|
- http://www.exploit-db.com/exploits/12151
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1535
|
cve-id: CVE-2010-1535
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11625
|
- https://www.exploit-db.com/exploits/11625
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1540
|
- https://www.cvedetails.com/cve/CVE-2010-1540
|
||||||
- http://secunia.com/advisories/38777
|
- http://web.archive.org/web/20140721042709/http://secunia.com/advisories/38777/
|
||||||
- http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
|
- http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1540
|
cve-id: CVE-2010-1540
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12236
|
- https://www.exploit-db.com/exploits/12236
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1601
|
- https://www.cvedetails.com/cve/CVE-2010-1601
|
||||||
- http://secunia.com/advisories/39472
|
- http://web.archive.org/web/20140803084823/http://secunia.com/advisories/39472/
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1601
|
cve-id: CVE-2010-1601
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12316
|
- https://www.exploit-db.com/exploits/12316
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1607
|
- https://www.cvedetails.com/cve/CVE-2010-1607
|
||||||
- http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
|
- http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
|
||||||
- http://secunia.com/advisories/39539
|
- http://web.archive.org/web/20111227231442/http://secunia.com/advisories/39539/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1607
|
cve-id: CVE-2010-1607
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12427
|
- https://www.exploit-db.com/exploits/12427
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1658
|
- https://www.cvedetails.com/cve/CVE-2010-1658
|
||||||
- http://www.vupen.com/english/advisories/2010/1007
|
- http://www.vupen.com/english/advisories/2010/1007
|
||||||
- http://secunia.com/advisories/39600
|
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1658
|
cve-id: CVE-2010-1658
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12168
|
- https://www.exploit-db.com/exploits/12168
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1714
|
- https://www.cvedetails.com/cve/CVE-2010-1714
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt
|
||||||
- http://secunia.com/advisories/39413
|
- http://web.archive.org/web/20140723192327/http://secunia.com/advisories/39413/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1714
|
cve-id: CVE-2010-1714
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12174
|
- https://www.exploit-db.com/exploits/12174
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1715
|
- https://www.cvedetails.com/cve/CVE-2010-1715
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
|
||||||
- http://www.osvdb.org/63659
|
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1715
|
cve-id: CVE-2010-1715
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12291
|
- https://www.exploit-db.com/exploits/12291
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1717
|
- https://www.cvedetails.com/cve/CVE-2010-1717
|
||||||
- http://secunia.com/advisories/39526
|
- http://web.archive.org/web/20140805095004/http://secunia.com/advisories/39526/
|
||||||
- http://www.vupen.com/english/advisories/2010/0924
|
- http://www.vupen.com/english/advisories/2010/0924
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1717
|
cve-id: CVE-2010-1717
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12282
|
- https://www.exploit-db.com/exploits/12282
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1718
|
- https://www.cvedetails.com/cve/CVE-2010-1718
|
||||||
- http://secunia.com/advisories/39521
|
- http://web.archive.org/web/20140805094212/http://secunia.com/advisories/39521/
|
||||||
- http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
|
- http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1718
|
cve-id: CVE-2010-1718
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12177
|
- https://www.exploit-db.com/exploits/12177
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1722
|
- https://www.cvedetails.com/cve/CVE-2010-1722
|
||||||
- http://secunia.com/advisories/39409
|
- http://web.archive.org/web/20140723201810/http://secunia.com/advisories/39409/
|
||||||
- http://www.exploit-db.com/exploits/12177
|
- http://www.exploit-db.com/exploits/12177
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1722
|
cve-id: CVE-2010-1722
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12289
|
- https://www.exploit-db.com/exploits/12289
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1723
|
- https://www.cvedetails.com/cve/CVE-2010-1723
|
||||||
- http://secunia.com/advisories/39524
|
- http://web.archive.org/web/20140805101847/http://secunia.com/advisories/39524/
|
||||||
|
- http://www.exploit-db.com/exploits/12289
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1723
|
cve-id: CVE-2010-1723
|
||||||
tags: cve,cve2010,joomla,lfi
|
tags: cve,cve2010,joomla,lfi
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11851
|
- https://www.exploit-db.com/exploits/11851
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1875
|
- https://www.cvedetails.com/cve/CVE-2010-1875
|
||||||
- http://secunia.com/advisories/39074
|
- http://web.archive.org/web/20140802140355/http://secunia.com/advisories/39074/
|
||||||
- http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/
|
- http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1875
|
cve-id: CVE-2010-1875
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12239
|
- https://www.exploit-db.com/exploits/12239
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1952
|
- https://www.cvedetails.com/cve/CVE-2010-1952
|
||||||
- http://secunia.com/advisories/39475
|
- http://web.archive.org/web/20151016194238/http://secunia.com/advisories/39475/
|
||||||
- http://www.exploit-db.com/exploits/12239
|
- http://www.exploit-db.com/exploits/12239
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12238
|
- https://www.exploit-db.com/exploits/12238
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1955
|
- https://www.cvedetails.com/cve/CVE-2010-1955
|
||||||
- http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/
|
- http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/
|
||||||
- http://secunia.com/advisories/39473
|
- http://web.archive.org/web/20140803091440/http://secunia.com/advisories/39473/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1955
|
cve-id: CVE-2010-1955
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12285
|
- https://www.exploit-db.com/exploits/12285
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1956
|
- https://www.cvedetails.com/cve/CVE-2010-1956
|
||||||
- http://secunia.com/advisories/39522
|
- http://web.archive.org/web/20140805105431/http://secunia.com/advisories/39522/
|
||||||
|
- http://www.exploit-db.com/exploits/12285
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1956
|
cve-id: CVE-2010-1956
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/12083
|
- https://www.exploit-db.com/exploits/12083
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1977
|
- https://www.cvedetails.com/cve/CVE-2010-1977
|
||||||
- http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/
|
- http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/
|
||||||
- http://secunia.com/advisories/39356
|
- http://web.archive.org/web/20140724201603/http://secunia.com/advisories/39356/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1977
|
cve-id: CVE-2010-1977
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12088
|
- https://www.exploit-db.com/exploits/12088
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1979
|
- https://www.cvedetails.com/cve/CVE-2010-1979
|
||||||
- http://secunia.com/advisories/39360
|
- http://web.archive.org/web/20140724185517/http://secunia.com/advisories/39360/
|
||||||
|
- http://www.exploit-db.com/exploits/12088
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-1979
|
cve-id: CVE-2010-1979
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12121
|
- https://www.exploit-db.com/exploits/12121
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-1982
|
- https://www.cvedetails.com/cve/CVE-2010-1982
|
||||||
- http://secunia.com/advisories/39202
|
- http://web.archive.org/web/20140723233933/http://secunia.com/advisories/39202/
|
||||||
- http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/
|
- http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
|
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2033
|
- https://www.cvedetails.com/cve/CVE-2010-2033
|
||||||
- http://secunia.com/advisories/39873
|
- http://web.archive.org/web/20140805143014/http://secunia.com/advisories/39873/
|
||||||
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
|
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/12607
|
- https://www.exploit-db.com/exploits/12607
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2128
|
- https://www.cvedetails.com/cve/CVE-2010-2128
|
||||||
- http://secunia.com/advisories/39832
|
- http://web.archive.org/web/20140801195113/http://secunia.com/advisories/39832/
|
||||||
- http://www.exploit-db.com/exploits/12607
|
- http://www.exploit-db.com/exploits/12607
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/10946
|
- https://www.exploit-db.com/exploits/10946
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2259
|
- https://www.cvedetails.com/cve/CVE-2010-2259
|
||||||
- http://secunia.com/advisories/37866
|
- http://web.archive.org/web/20140724121430/http://secunia.com/advisories/37866/
|
||||||
- http://www.exploit-db.com/exploits/10946
|
- http://www.exploit-db.com/exploits/10946
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info
|
- http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
|
||||||
- https://www.exploit-db.com/exploits/12865
|
- https://www.exploit-db.com/exploits/12865
|
||||||
- http://www.osvdb.org/65249
|
- http://www.exploit-db.com/exploits/12865
|
||||||
remediation: Upgrade to a supported product version.
|
remediation: Upgrade to a supported product version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-2307
|
cve-id: CVE-2010-2307
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/13981
|
- https://www.exploit-db.com/exploits/13981
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-2507
|
- https://www.cvedetails.com/cve/CVE-2010-2507
|
||||||
- http://secunia.com/advisories/40297
|
- http://web.archive.org/web/20140805070317/http://secunia.com/advisories/40297/
|
||||||
- http://osvdb.org/65674
|
- http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-2507
|
cve-id: CVE-2010-2507
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/14845
|
- https://www.exploit-db.com/exploits/14845
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-3203
|
- https://www.cvedetails.com/cve/CVE-2010-3203
|
||||||
- http://secunia.com/advisories/41187
|
- http://web.archive.org/web/20150105095919/http://secunia.com:80/advisories/41187/
|
||||||
- http://www.exploit-db.com/exploits/14845
|
- http://www.exploit-db.com/exploits/14845
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -8,7 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/15585
|
- https://www.exploit-db.com/exploits/15585
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-4769
|
- https://www.cvedetails.com/cve/CVE-2010-4769
|
||||||
- http://secunia.com/advisories/42324
|
- http://web.archive.org/web/20140803011658/http://secunia.com/advisories/42324/
|
||||||
- http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/
|
- http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/34788
|
- https://www.exploit-db.com/exploits/34788
|
||||||
- https://www.cvedetails.com/cve/CVE-2010-5278
|
- https://www.cvedetails.com/cve/CVE-2010-5278
|
||||||
- http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt
|
- http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt
|
||||||
- http://secunia.com/advisories/41638
|
- http://web.archive.org/web/20140803154716/http://secunia.com/advisories/41638/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2010-5278
|
cve-id: CVE-2010-5278
|
||||||
tags: cve,cve2010,lfi
|
tags: cve,cve2010,lfi
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
|
||||||
- https://www.exploit-db.com/exploits/17119
|
- https://www.exploit-db.com/exploits/17119
|
||||||
- http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/
|
- http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/
|
||||||
- http://www.securityfocus.com/bid/47146
|
- http://www.exploit-db.com/exploits/17119
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2011-1669
|
cve-id: CVE-2011-1669
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/35945
|
- https://www.exploit-db.com/exploits/35945
|
||||||
- https://www.cvedetails.com/cve/CVE-2011-2744
|
- https://www.cvedetails.com/cve/CVE-2011-2744
|
||||||
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
||||||
- http://secunia.com/advisories/45184
|
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2011-2744
|
cve-id: CVE-2011-2744
|
||||||
tags: cve,cve2011,lfi,chyrp
|
tags: cve,cve2011,lfi,chyrp
|
||||||
|
|
|
@ -11,7 +11,7 @@ info:
|
||||||
- http://www.ocert.org/advisories/ocert-2011-001.html
|
- http://www.ocert.org/advisories/ocert-2011-001.html
|
||||||
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
||||||
- http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/
|
- http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/
|
||||||
- http://secunia.com/advisories/45184
|
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
|
||||||
- http://securityreason.com/securityalert/8312
|
- http://securityreason.com/securityalert/8312
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
|
||||||
- http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded
|
- http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded
|
||||||
|
|
|
@ -9,7 +9,6 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336
|
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336
|
||||||
- http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info
|
- http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info
|
||||||
- https://seclists.org/bugtraq/2011/Nov/140
|
- https://seclists.org/bugtraq/2011/Nov/140
|
||||||
- https://www.securityfocus.com/bid/48806/info
|
|
||||||
remediation: Upgrade to a supported version.
|
remediation: Upgrade to a supported version.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue