Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84patch-1
parent
0b432b341b
commit
ffaff64565
|
@ -5,8 +5,9 @@ info:
|
|||
author: princechaddha
|
||||
severity: high
|
||||
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||||
reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
reference:
|
||||
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||||
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||||
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,9 +4,10 @@ info:
|
|||
name: Geddy before v13.0.8 LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
issues: https://github.com/geddy/geddy/issues/697
|
||||
description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
|
||||
reference: https://nodesecurity.io/advisories/geddy-directory-traversal
|
||||
reference:
|
||||
- https://nodesecurity.io/advisories/geddy-directory-traversal
|
||||
- https://github.com/geddy/geddy/issues/697
|
||||
tags: cve,cve2015,geddy,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: Apache Tika 1.15-1.17 Header Command Injection
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
|
||||
edb: https://www.exploit-db.com/exploits/47208
|
||||
reference:
|
||||
- https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
|
||||
- https://www.exploit-db.com/exploits/47208
|
||||
tags: cve,cve2018,apache,tika,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,11 +4,12 @@ info:
|
|||
name: Timesheet 1.5.3 - Cross Site Scripting
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
|
||||
- http://www.mdh-tz.info/ # demo
|
||||
tags: cve,cve2019,timesheet,xss
|
||||
|
||||
# Google-Dork: inurl:"/timesheet/login.php"
|
||||
# Demo: http://www.mdh-tz.info/
|
||||
additional-fields:
|
||||
google-dork: inurl:"/timesheet/login.php"
|
||||
|
||||
requests:
|
||||
- raw: # Metod POST From login.php
|
||||
|
|
|
@ -6,8 +6,9 @@ info:
|
|||
severity: medium
|
||||
description: Web Port 1.19.1 allows XSS via the /log type parameter.
|
||||
tags: cve,cve2019,xss
|
||||
reference: https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
|
||||
software: https://webport.se/nedladdningar/
|
||||
reference:
|
||||
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
|
||||
- https://webport.se/nedladdningar/
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -6,12 +6,13 @@ info:
|
|||
severity: high
|
||||
description: IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
|
||||
tags: cve,cve2019,lfi
|
||||
reference: https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
|
||||
|
||||
# reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12593
|
||||
# Google Dork:-Powered By IceWarp 10.4.4
|
||||
# Vendor Homepage: http://www.icewarp.com
|
||||
# Software Link: https://www.icewarp.com/downloads/trial/
|
||||
reference:
|
||||
- https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-12593
|
||||
- http://www.icewarp.com # vendor homepage
|
||||
- https://www.icewarp.com/downloads/trial/ # software link
|
||||
additional-fields:
|
||||
google-dork: Powered By IceWarp 10.4.4
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,8 +5,9 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
|
||||
issues: https://github.com/goharbor/harbor/issues/8951
|
||||
reference: https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
|
||||
reference:
|
||||
- https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
|
||||
- https://github.com/goharbor/harbor/issues/8951
|
||||
tags: cve,cve2019,intrusive,harbor
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,12 +3,13 @@ info:
|
|||
name: Oracle Fusion - "getPreviewImage" Directory Traversal/Local File Inclusion
|
||||
description: 'Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - "getPreviewImage" Directory Traversal/Local File Inclusion'
|
||||
author: Ivo Palazzolo (@palaziv)
|
||||
cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'
|
||||
severity: high
|
||||
tags: cve,cve2020,oracle,lfi
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html
|
||||
- https://www.oracle.com/security-alerts/cpuoct2020.html
|
||||
additional-fields:
|
||||
cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: TileServer GL Reflected XSS
|
||||
author: Akash.C
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15500
|
||||
source: https://github.com/maptiler/tileserver-gl/issues/461
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-15500
|
||||
- https://github.com/maptiler/tileserver-gl/issues/461
|
||||
tags: cve,cve2020,xss,tileserver
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,8 +5,9 @@ info:
|
|||
severity: critical
|
||||
tags: bigip,cve,cve2021,rce
|
||||
description: The iControl REST interface has an unauthenticated remote command execution vulnerability.
|
||||
reference: https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986
|
||||
advisory: https://support.f5.com/csp/article/K03009991
|
||||
reference:
|
||||
- https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986
|
||||
- https://support.f5.com/csp/article/K03009991
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -7,7 +7,6 @@ info:
|
|||
description: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
|
||||
reference: https://github.com/linkedin/oncall/issues/341
|
||||
tags: cve,cve2021,linkedin,xss
|
||||
issues: https://github.com/linkedin/oncall/issues/341
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,7 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: low
|
||||
tags: szhe,default-login
|
||||
vendor: https://github.com/Cl0udG0d/SZhe_Scan
|
||||
reference:
|
||||
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -5,7 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: info
|
||||
tags: frp,unauth,panel
|
||||
vendor: https://github.com/fatedier/frp/
|
||||
reference:
|
||||
- https://github.com/fatedier/frp/ # vendor homepage
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: F5 BIGIP Unencrypted Cookie
|
||||
author: PR3R00T
|
||||
severity: info
|
||||
reference: https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values
|
||||
mitigation: https://support.f5.com/csp/article/K23254150
|
||||
reference:
|
||||
- https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values
|
||||
- https://support.f5.com/csp/article/K23254150
|
||||
tags: misc
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Unauthenticated Nacos access v1.x
|
||||
author: taielab,pikpikcu
|
||||
severity: critical
|
||||
issues: https://github.com/alibaba/nacos/issues/4593
|
||||
reference: https://github.com/alibaba/nacos/issues/4593
|
||||
tags: nacos,unauth
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
author: 0xelkomy
|
||||
severity: low
|
||||
description: As per guideline one should protect purges with ACLs from unauthorized hosts.
|
||||
reference: https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
|
||||
hackerone: https://hackerone.com/reports/154278
|
||||
reference:
|
||||
- https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
|
||||
- https://hackerone.com/reports/154278
|
||||
tags: varnish,misconfig,cache
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,7 @@ info:
|
|||
severity: medium
|
||||
description: Searches for reflected XSS in the server response via GET-requests.
|
||||
tags: xss
|
||||
additional-fields:
|
||||
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,13 +5,15 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
tags: bullwark,lfi
|
||||
reference: https://www.exploit-db.com/exploits/47773
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47773
|
||||
- http://www.bullwark.net/ # vendor homepage
|
||||
- http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link
|
||||
|
||||
# Vendor Homepage: http://www.bullwark.net/
|
||||
# Version : Bullwark Momentum Series Web Server JAWS/1.0
|
||||
# Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24
|
||||
# Shodan Dork: https://www.shodan.io/search?query=Bullwark&page=1
|
||||
# fofa dork:-https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D
|
||||
additional-fields:
|
||||
version: Bullwark Momentum Series Web Server JAWS/1.0
|
||||
shodan-dork: https://www.shodan.io/search?query=Bullwark&page=1
|
||||
fofa-dork: https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,8 +4,9 @@ info:
|
|||
name: Ruijie Networks-EWEB Network Management System RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
|
||||
vendor: https://www.ruijienetworks.com
|
||||
reference:
|
||||
- https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
|
||||
- https://www.ruijienetworks.com # vendor homepage
|
||||
tags: ruijie,rce
|
||||
|
||||
requests:
|
||||
|
|
Loading…
Reference in New Issue