daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add some descr

patch-1
chajer 2020-08-25 23:51:04 +02:00
parent 7fd89d3550
commit f20cdfcb69
5 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/CVE-2017-10075.yaml
View File

@ -4,16 +4,10 @@ info:
name: Oracle Content Server XSS
author: madrobot
severity: medium
<<<<<<< HEAD
description: >
description:
The vulnerability can be used to include
HTML- or JavaScript code to the affected web page. The code is executed
in the browser of users if they visit the manipulated site.
=======
description: The vulnerability can be used to include
HTML- or JavaScript code to the affected web page. The code is executed
in the browser of users if they visit the manipulated site.
>>>>>>> github/master
requests:
- method: GET

1
cves/CVE-2017-5638.yaml
View File

@ -3,6 +3,7 @@ info:
author: "Random Robbie"
name: "Struts2 RCE "
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
# This template supports the detection part only.
# Do not test any website without permission

1
cves/CVE-2017-7529.yaml
View File

@ -3,6 +3,7 @@ info:
author: "Harsh Bothra"
name: "Nginx Remote Integer Overflow"
severity: medium
description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
# This template supports the detection part only.
# Do not test any website without permission

1
cves/CVE-2017-9506.yaml
View File

@ -4,6 +4,7 @@ info:
name: Jira IconURIServlet SSRF
author: Ice3man
severity: high
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
requests:
- method: GET

2
cves/CVE-2017-9841.yaml
View File

@ -4,7 +4,7 @@ info:
name: CVE-2017-9841
author: Random-Robbie
severity: High
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
# Reference to exploit
# https://github.com/cyberharsh/Php-unit-CVE-2017-9841
# https://github.com/RandomRobbieBF/phpunit-brute