Merge branch 'dashboard' of https://github.com/MostInterestingBotInTheWorld/nuclei-templates into dashboard

cves/2010/CVE-2010-1602.yaml

@@ -5,7 +5,6 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12283
     - https://www.cvedetails.com/cve/CVE-2010-1602
@@ -26,4 +25,4 @@ requests:
         status:
           - 200
 
-# Enhanced by mp on 2022/02/15
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41293.yaml

@@ -1,11 +1,12 @@
 id: CVE-2021-41293
 
 info:
-  name: ECOA Building Automation System - LFD
+  name: ECOA Building Automation System - Local File Disclosure
   author: 0x_Akoko
   severity: high
-  description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
+  description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
   reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-41293
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
     - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
   tags: cve,cve2021,ecoa,lfi,disclosure
@@ -33,3 +34,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41349.yaml

@@ -1,12 +1,13 @@
 id: CVE-2021-41349
 
 info:
-  name: Pre-Auth POST Based Reflected XSS in Microsoft Exchange
+  name: Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
   author: rootxharsh,iamnoooob
   severity: medium
   tags: cve,cve2021,xss,microsoft,exchange
-  description: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
+  description: Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.
   reference:
+    - https://www.microsoft.com/en-us/download/details.aspx?id=103643
     - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-41349
     - https://nvd.nist.gov/vuln/detail/CVE-2021-41349
     - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41349
@@ -39,4 +40,6 @@ requests:
 
       - type: status
         status:
-          - 500
+          - 500
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41381.yaml

@@ -4,7 +4,7 @@ info:
   name: Payara Micro Community 5.2021.6 Directory Traversal
   author: pikpikcu
   severity: medium
-  description: Payara Micro Community 5.2021.6 and below allows Directory Traversal
+  description: Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.
   reference:
     - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt
     - https://nvd.nist.gov/vuln/detail/CVE-2021-41381
@@ -28,3 +28,5 @@ requests:
           - "payara.security.openid.sessionScopedConfiguration=true"
         condition: and
         part: body
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41467.yaml

@@ -1,13 +1,13 @@
 id: CVE-2021-41467
 
 info:
-  name: JustWriting  -  Reflected XSS
+  name: JustWriting  -  Reflected Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
+  description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
   reference:
     - https://github.com/hjue/JustWriting/issues/106
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41467
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-41467
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -36,3 +36,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41648.yaml

@@ -1,11 +1,14 @@
 id: CVE-2021-41648
 
 info:
-  name: PuneethReddyHC online-shopping-system-advanced SQL Injection action.php
+  name: PuneethReddyHC action.php SQL Injection
   author: daffainfo
   severity: high
-  description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
-  reference: https://github.com/MobiusBinary/CVE-2021-41648
+  description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.
+  reference:
+    - https://github.com/MobiusBinary/CVE-2021-41648
+    - https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-41649
   tags: cve,cve2021,sqli,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@@ -38,3 +41,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-41649.yaml

@@ -1,11 +1,14 @@
 id: CVE-2021-41649
 
 info:
-  name: PuneethReddyHC online-shopping-system-advanced SQL Injection homeaction.php
+  name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection
   author: daffainfo
   severity: critical
-  description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
-  reference: https://github.com/MobiusBinary/CVE-2021-41649
+  description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
+  reference:
+    - https://github.com/MobiusBinary/CVE-2021-41649
+    - https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-41649
   tags: cve,cve2021,sqli,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@@ -37,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/07

cves/2021/CVE-2021-4191.yaml

@@ -4,10 +4,11 @@ info:
   name: GitLab GraphQL API User Enumeration
   author: zsusac
   severity: medium
-  description: A remote, unauthenticated attacker can use this vulnerability to collect registered GitLab usernames, names, and email addresses.
+  description: An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. 
   reference:
     - https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
     - https://thehackernews.com/2022/03/new-security-vulnerability-affects.html
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4191
   classification:
     cvss-metrics: CVSS:5.3/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
@@ -47,3 +48,5 @@ requests:
       - type: json
         json:
           - '.data.users.nodes[].username'
+
+# Enhanced by mp on 2022/03/07