Commit Graph

7582 Commits (07f2647e1f7cfb10a66d36ee1eee3149da10dfd4)

Author SHA1 Message Date
Geeknik Labs e428dc6454
Create production-logs.yaml 2021-07-24 14:28:33 -05:00
Geeknik Labs a26ded0a06
Create pagespeed-global-admin.yaml 2021-07-24 14:26:30 -05:00
Geeknik Labs 2893fefd28
Create lutron-iot-default-login.yaml 2021-07-24 14:22:54 -05:00
Philippe Delteil 697b7cf01f
Create redcap-detector.yaml
Tests:

https://redcap.inca.gov.br/
https://redcap.icb.udec.cl/
https://redcap.cens.cl
https://redcap.ufro.cl
2021-07-24 15:17:07 -04:00
Muhammad Daffa 3d90fd1047
Fix wrong regex matcher 2021-07-24 17:10:02 +07:00
Prince Chaddha 2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
GwanYeong Kim d151d60ced Update favicon-detection.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:38:03 +09:00
GwanYeong Kim aae443949f Create targa-camera-ssrf.yaml
Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:02:58 +09:00
GwanYeong Kim 5778ee8eda Create targa-camera-lfi.yaml
The ANPR camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the Download Archive in Storage page using get_file.php script is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks and aid the attacker to disclose clear-text credentials resulting in authentication bypass.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 15:54:02 +09:00
Prince Chaddha f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
Prince Chaddha af4081d0ec
Update CVE-2020-29227.yaml 2021-07-24 12:17:56 +05:30
Prince Chaddha 956eb6691f
Update CVE-2020-29227.yaml 2021-07-24 12:16:30 +05:30
Prince Chaddha f40aca136b
Update CVE-2020-29227.yaml 2021-07-24 12:15:24 +05:30
Prince Chaddha bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
Prince Chaddha ac45802ef5
Update kevinlab-bems-sqli.yaml 2021-07-24 12:10:46 +05:30
Prince Chaddha 2631f55550
Update kevinlab-bems-backdoor.yaml 2021-07-24 12:07:27 +05:30
Prince Chaddha 9a46592f71
Update kevinlab-bems-sqli.yaml 2021-07-24 11:59:35 +05:30
Prince Chaddha 87b4c2e98b
Update kevinlab-bems-sqli.yaml 2021-07-24 11:47:05 +05:30
Prince Chaddha 406dee74e8
Update kevinlab-device-detect.yaml 2021-07-24 11:42:39 +05:30
Prince Chaddha 677c8b97dd
Merge pull request #2156 from gy741/rule-add-v36
Create CVE-2020-13117.yaml
2021-07-24 11:40:54 +05:30
Prince Chaddha 31f62d59ce
Update CVE-2020-13117.yaml 2021-07-24 11:39:47 +05:30
Prince Chaddha 63c48c7712
Merge pull request #2152 from daffainfo/patch-100
Create CVE-2011-3315.yaml
2021-07-24 11:36:58 +05:30
Prince Chaddha b4c25f41cb
Merge pull request #2153 from daffainfo/patch-101
Create CVE-2013-5528.yaml
2021-07-24 11:36:34 +05:30
Prince Chaddha a2787a379d
Update CVE-2011-3315.yaml 2021-07-24 11:35:35 +05:30
Prince Chaddha d3a6f527c8
Merge pull request #2159 from andysvints/glpi-default-creds
Add GLPI default credentials check template
2021-07-24 11:34:00 +05:30
Prince Chaddha aa1be682a7
Update glpi-default-credential.yaml 2021-07-24 11:32:06 +05:30
Prince Chaddha 07ed2eec19
Update glpi-default-credential.yaml 2021-07-24 10:54:35 +05:30
Prince Chaddha 3bca104ff6
Merge pull request #2163 from daffainfo/patch-102
Create CVE-2012-4889.yaml
2021-07-24 10:30:21 +05:30
Prince Chaddha 62ba69390c
Update CVE-2012-4889.yaml 2021-07-24 10:00:22 +05:30
sandeep e97e2a4f2a Template update 2021-07-24 06:22:48 +05:30
Muhammad Daffa dddd079706
Update CVE-2012-4889.yaml 2021-07-24 07:20:53 +07:00
Muhammad Daffa f8033758a1
Create CVE-2012-4889.yaml 2021-07-24 07:18:30 +07:00
Sandeep Singh 4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep 9617bc5815 matcher update 2021-07-24 03:25:22 +05:30
sandeep 47ea40bc55 Update kevinlab-bems-backdoor.yaml 2021-07-24 03:17:53 +05:30
sandeep b1d8ab1193 more matchers update 2021-07-24 03:13:09 +05:30
sandeep 1ea3b8a8bf matcher updates 2021-07-24 03:03:31 +05:30
sandeep 9788ebbf27 more matcher updates 2021-07-24 02:54:09 +05:30
sandeep 19533bcc08 removed content type check to avoid valid matches 2021-07-24 02:53:11 +05:30
sandeep 15b6a9eac4 Added CSRF handling 2021-07-24 02:49:55 +05:30
Sandeep Singh f0ae660728
Merge pull request #2149 from MaKyOtOx/patch-1
Create mantis-detect.yaml
2021-07-24 02:17:18 +05:30
sandeep ef0d5da7ce Update mantis-detect.yaml 2021-07-24 02:16:22 +05:30
Sandeep Singh ebab9b8ae2
Update exposed-panels/mantis-detect.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 02:15:43 +05:30
Sandeep Singh 2b4002f0f0
Merge pull request #2162 from geeknik/patch-9
Update nginx-config.yaml
2021-07-24 02:08:01 +05:30
Geeknik Labs 4795c084e1
Update nginx-config.yaml
fixes a false positive
2021-07-23 15:18:51 -05:00
sandeep 2788c9429f matchers update 2021-07-24 01:03:06 +05:30
Sandeep Singh 327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
Sandeep Singh f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
Sandeep Singh a957dc230c
Update exposures/files/snyk-ignore-file-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:51:05 +05:30
sandeep 96c78d8695 additional negative matcher 2021-07-24 00:39:30 +05:30