Geeknik Labs
e428dc6454
Create production-logs.yaml
2021-07-24 14:28:33 -05:00
Geeknik Labs
a26ded0a06
Create pagespeed-global-admin.yaml
2021-07-24 14:26:30 -05:00
Geeknik Labs
2893fefd28
Create lutron-iot-default-login.yaml
2021-07-24 14:22:54 -05:00
Philippe Delteil
697b7cf01f
Create redcap-detector.yaml
...
Tests:
https://redcap.inca.gov.br/
https://redcap.icb.udec.cl/
https://redcap.cens.cl
https://redcap.ufro.cl
2021-07-24 15:17:07 -04:00
Muhammad Daffa
3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
Prince Chaddha
2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
...
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
GwanYeong Kim
d151d60ced
Update favicon-detection.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:38:03 +09:00
GwanYeong Kim
aae443949f
Create targa-camera-ssrf.yaml
...
Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:02:58 +09:00
GwanYeong Kim
5778ee8eda
Create targa-camera-lfi.yaml
...
The ANPR camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the Download Archive in Storage page using get_file.php script is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks and aid the attacker to disclose clear-text credentials resulting in authentication bypass.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 15:54:02 +09:00
Prince Chaddha
f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
...
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
Prince Chaddha
af4081d0ec
Update CVE-2020-29227.yaml
2021-07-24 12:17:56 +05:30
Prince Chaddha
956eb6691f
Update CVE-2020-29227.yaml
2021-07-24 12:16:30 +05:30
Prince Chaddha
f40aca136b
Update CVE-2020-29227.yaml
2021-07-24 12:15:24 +05:30
Prince Chaddha
bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
...
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
Prince Chaddha
ac45802ef5
Update kevinlab-bems-sqli.yaml
2021-07-24 12:10:46 +05:30
Prince Chaddha
2631f55550
Update kevinlab-bems-backdoor.yaml
2021-07-24 12:07:27 +05:30
Prince Chaddha
9a46592f71
Update kevinlab-bems-sqli.yaml
2021-07-24 11:59:35 +05:30
Prince Chaddha
87b4c2e98b
Update kevinlab-bems-sqli.yaml
2021-07-24 11:47:05 +05:30
Prince Chaddha
406dee74e8
Update kevinlab-device-detect.yaml
2021-07-24 11:42:39 +05:30
Prince Chaddha
677c8b97dd
Merge pull request #2156 from gy741/rule-add-v36
...
Create CVE-2020-13117.yaml
2021-07-24 11:40:54 +05:30
Prince Chaddha
31f62d59ce
Update CVE-2020-13117.yaml
2021-07-24 11:39:47 +05:30
Prince Chaddha
63c48c7712
Merge pull request #2152 from daffainfo/patch-100
...
Create CVE-2011-3315.yaml
2021-07-24 11:36:58 +05:30
Prince Chaddha
b4c25f41cb
Merge pull request #2153 from daffainfo/patch-101
...
Create CVE-2013-5528.yaml
2021-07-24 11:36:34 +05:30
Prince Chaddha
a2787a379d
Update CVE-2011-3315.yaml
2021-07-24 11:35:35 +05:30
Prince Chaddha
d3a6f527c8
Merge pull request #2159 from andysvints/glpi-default-creds
...
Add GLPI default credentials check template
2021-07-24 11:34:00 +05:30
Prince Chaddha
aa1be682a7
Update glpi-default-credential.yaml
2021-07-24 11:32:06 +05:30
Prince Chaddha
07ed2eec19
Update glpi-default-credential.yaml
2021-07-24 10:54:35 +05:30
Prince Chaddha
3bca104ff6
Merge pull request #2163 from daffainfo/patch-102
...
Create CVE-2012-4889.yaml
2021-07-24 10:30:21 +05:30
Prince Chaddha
62ba69390c
Update CVE-2012-4889.yaml
2021-07-24 10:00:22 +05:30
sandeep
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
Muhammad Daffa
dddd079706
Update CVE-2012-4889.yaml
2021-07-24 07:20:53 +07:00
Muhammad Daffa
f8033758a1
Create CVE-2012-4889.yaml
2021-07-24 07:18:30 +07:00
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
9617bc5815
matcher update
2021-07-24 03:25:22 +05:30
sandeep
47ea40bc55
Update kevinlab-bems-backdoor.yaml
2021-07-24 03:17:53 +05:30
sandeep
b1d8ab1193
more matchers update
2021-07-24 03:13:09 +05:30
sandeep
1ea3b8a8bf
matcher updates
2021-07-24 03:03:31 +05:30
sandeep
9788ebbf27
more matcher updates
2021-07-24 02:54:09 +05:30
sandeep
19533bcc08
removed content type check to avoid valid matches
2021-07-24 02:53:11 +05:30
sandeep
15b6a9eac4
Added CSRF handling
2021-07-24 02:49:55 +05:30
Sandeep Singh
f0ae660728
Merge pull request #2149 from MaKyOtOx/patch-1
...
Create mantis-detect.yaml
2021-07-24 02:17:18 +05:30
sandeep
ef0d5da7ce
Update mantis-detect.yaml
2021-07-24 02:16:22 +05:30
Sandeep Singh
ebab9b8ae2
Update exposed-panels/mantis-detect.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 02:15:43 +05:30
Sandeep Singh
2b4002f0f0
Merge pull request #2162 from geeknik/patch-9
...
Update nginx-config.yaml
2021-07-24 02:08:01 +05:30
Geeknik Labs
4795c084e1
Update nginx-config.yaml
...
fixes a false positive
2021-07-23 15:18:51 -05:00
sandeep
2788c9429f
matchers update
2021-07-24 01:03:06 +05:30
Sandeep Singh
327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
Sandeep Singh
f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
Sandeep Singh
a957dc230c
Update exposures/files/snyk-ignore-file-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:51:05 +05:30
sandeep
96c78d8695
additional negative matcher
2021-07-24 00:39:30 +05:30