daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,315 Commits
18 Branches
0 Tags
171 MiB
Commit Graph

557 Commits (0c87175275a00c505d07f4ec2e8ddf251ab98b5d)

Author SHA1 Message Date
PikPikcU 4340807fb6
Create CVE-2020-19282.yaml 2021-09-15 09:56:03 +07:00
sandeep 29a944ea73 payload update 2021-09-12 20:22:03 +05:30
sandeep e6d97e26c5 additional matcher 2021-09-12 18:31:46 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 90eba9d883
Update CVE-2020-7961.yaml 2021-09-09 11:46:54 +05:30
Prince Chaddha 43b45a7b63
Update CVE-2020-12720.yaml 2021-09-09 11:42:52 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Sandeep Singh f6c72769ce
temporary moving to another branch 2021-09-03 22:29:55 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c41a498505 added tags 2021-09-03 12:52:27 +05:30
Prince Chaddha 58a886ad6e
Update CVE-2020-28976.yaml 2021-09-03 09:24:21 +05:30
Borna Nematzadeh 6e7c3ab0a2
Update CVE-2020-28976.yaml 2021-09-02 12:26:10 -07:00
LogicalHunter f0197ae9ac Added CVE-2020-28976.yaml Template 2021-09-02 12:13:21 -07:00
Prince Chaddha 3b32de60be
Update CVE-2020-11547.yaml 2021-09-02 18:25:16 +05:30
betul.kiral 5c94814e00 Adding CVE-2020-11547 2021-09-02 14:43:37 +03:00
sandeep c81725e991 Removed duplicate template 2021-09-01 12:36:20 +05:30
Noam Rathaus 51eb639de8 Updated 2021-08-30 12:49:23 +03:00
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
Noam Rathaus 67fa97aed1 Add vendor KB 2021-08-29 09:36:59 +03:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
socketz f290b9f60d Deleted duplicate and in wrong directory 2021-08-25 07:55:46 +02:00
sandeep d705fbd84b Update CVE-2020-11420.yaml 2021-08-25 00:33:54 +05:30
sandeep 3c95101f5a Update CVE-2020-11420.yaml 2021-08-25 00:31:27 +05:30
sandeep 65d9d8acb2 lint fix 2021-08-24 23:13:00 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
socketz 7d6a6c137a Added CVE-2020-11420 2021-08-24 14:43:45 +02:00
sandeep 85f8cf2c41 Update CVE-2020-12800.yaml 2021-08-24 05:00:04 +05:30
sandeep fba4461932 Added CVE-2020-12800 2021-08-24 04:57:51 +05:30
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update 
Payloads positional update to keep the request format uniform
 2021-08-23 15:26:35 +05:30
sandeep 451e938d46 misc changes 2021-08-23 14:54:04 +05:30
Dwi Siswanto be3d5c9d08 Add CVE-2020-29453 2021-08-23 11:30:16 +07:00
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings) 
* whitespace modifications only
 2021-08-19 17:44:46 +03:00
forgedhallpass 2a320412bf Misc (minor) 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 17:25:01 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields") 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:15:35 +03:00
Prince Chaddha 3a8b5df438
Update CVE-2020-25223.yaml 2021-08-19 16:35:50 +05:30
GwanYeong Kim 673fe80660 Create CVE-2020-25223.yaml 
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-19 18:37:59 +09:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-18 14:44:27 +03:00
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-18 14:29:20 +03:00
sandeep 63431349aa minor update 2021-08-10 20:13:14 +05:30
Geeknik Labs d6bd06a878
Update CVE-2020-24312.yaml 
Fixes a false positive.
 2021-08-09 20:43:58 -05:00
Prince Chaddha bc236580ee
Merge pull request #1856 from Akokonunes/patch-15 
Create CVE-2019-9618.yaml
 2021-08-07 19:55:08 +05:30
Prince Chaddha 3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49 
Create CVE-2020-7796.yaml
 2021-08-03 19:57:45 +05:30
Prince Chaddha 23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208 
Add OpenSIS POC
 2021-08-03 19:53:32 +05:30
Prince Chaddha b927288f30
Update CVE-2020-6637.yaml 2021-08-03 19:25:06 +05:30
Prince Chaddha 107c3594bf
Update CVE-2020-6637.yaml 2021-08-03 13:24:31 +05:30
sandeep 3c03e28e55 Update CVE-2020-7796.yaml 2021-08-03 12:50:22 +05:30
sandeep d8007437ae Update CVE-2020-7796.yaml 2021-08-03 12:50:10 +05:30
Prince Chaddha b02ea3266b
Update CVE-2020-7796.yaml 2021-08-03 12:47:55 +05:30
Prince Chaddha 9620f4616e
Update CVE-2020-7796.yaml 2021-08-03 12:42:56 +05:30
GwanYeong Kim 9c16967fa5 Create CVE-2020-7796.yaml 
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-03 09:31:23 +09:00
GwanYeong Kim 8627aadce0 Create CVE-2020-27361.yaml 
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-03 01:17:48 +09:00
Prince Chaddha a3cba3b1e1
Merge pull request #2280 from daffainfo/patch-120 
Create CVE-2020-35598.yaml
 2021-08-02 17:14:38 +05:30
sandeep a24977aab9 Update CVE-2020-6637.yaml 2021-08-02 01:42:01 +05:30
Noam Rathaus 734dde35cc Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217 2021-08-01 08:52:30 +03:00
Muhammad Daffa b826d82268
Create CVE-2020-35598.yaml 2021-08-01 06:40:11 +07:00
Toufik Airane 1cce455f1c
Update CVE-2020-13927.yaml 
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477.

According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
 2021-07-30 16:40:41 +02:00
Muhammad Daffa da3ba72db3
Create CVE-2020-11455.yaml 2021-07-29 05:43:07 +07:00
Sandeep Singh 32e18be51a
Merge pull request #2215 from TheConciergeDev/patch-4 
Renamed yaml file
 2021-07-27 17:27:23 +05:30
Prince Chaddha fdfd4232a5
Merge pull request #2225 from pikpikcu/patch-231 
Create CVE-2020-26153.yaml
 2021-07-27 17:22:04 +05:30
Prince Chaddha cdb91d44f3
Update CVE-2020-26153.yaml 2021-07-27 17:20:54 +05:30
Prince Chaddha 4a5d374227
Merge pull request #2212 from pikpikcu/patch-220 
Add Jeedom XSS
 2021-07-27 17:18:07 +05:30
Prince Chaddha 142eb2fe3b
Update CVE-2020-9036.yaml 2021-07-27 17:12:32 +05:30
Prince Chaddha c4e75a7eb5
Merge pull request #2203 from pikpikcu/patch-211 
Add CVE-2020-27735
 2021-07-27 17:08:21 +05:30
PikPikcU d561a8711d
Create CVE-2020-26153.yaml 2021-07-27 18:19:44 +07:00
Prince Chaddha d9f20b63e4
Update CVE-2020-27735.yaml 2021-07-27 16:32:50 +05:30
Prince Chaddha 6e7aba2fb9
Update CVE-2020-27735.yaml 2021-07-27 13:55:45 +05:30
Prince Chaddha 4a13112125
Update CVE-2020-27735.yaml 2021-07-27 13:33:41 +05:30
TheConciergeDev 62df9585f9
Renamed yaml file 
Added missing "-" in filename
 2021-07-27 09:28:54 +02:00
PikPikcU 6f91b5d052
Create CVE-2020-9036.yaml 2021-07-27 13:45:01 +07:00
Prince Chaddha 76a39c9ef5
Update CVE 2020-6171.yaml 2021-07-27 11:58:42 +05:30
PikPikcU 751626e435
Update CVE 2020-6171.yaml 2021-07-27 12:24:17 +07:00
PikPikcU ddc251861f
Create CVE 2020-6171.yaml 2021-07-27 12:21:52 +07:00
Prince Chaddha caf6bb61c3
Update CVE-2020-27735.yaml 2021-07-27 10:41:08 +05:30
Prince Chaddha b2f1863fd7
Update CVE-2020-35774.yaml 2021-07-27 10:40:55 +05:30
Prince Chaddha b75c2dde67
Update CVE-2020-35774.yaml 2021-07-27 10:38:46 +05:30
PikPikcU 326c8265ef
Create CVE-2020-35774.yaml 2021-07-27 10:31:48 +07:00
PikPikcU f619caf26a
Create CVE-2020-27735.yaml 2021-07-27 10:23:23 +07:00
PikPikcU 96c03d93cc
Update CVE-2020-6637.yaml 2021-07-27 07:38:49 +07:00
PikPikcU b1dfb89f88
Create CVE-2020-6637.yaml 2021-07-27 07:36:48 +07:00
sandeep 9c66387f0f More CVEs Template 2021-07-26 22:48:45 +05:30
Sandeep Singh 79c077ddf7
Merge pull request #1874 from Vladimir-Ivanov-Git/CVE-2020-6207 
CVE-2020-6207 SAP SolMan RCE
 2021-07-26 18:26:55 +05:30
Sandeep Singh 8130cd2c3b
Update CVE-2020-6207.yaml 2021-07-26 18:26:19 +05:30
Prince Chaddha 4ee46bf076
Merge pull request #2112 from daffainfo/patch-91 
Create CVE-2020-35580.yaml
 2021-07-26 14:06:50 +05:30
Prince Chaddha 84161bc33e
Update CVE-2020-8813.yaml 2021-07-26 13:27:19 +05:30
GwanYeong Kim 620ff3f367 Create CVE-2020-8813.yaml 
This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-26 11:32:23 +09:00
Muhammad Daffa fed682443e
Update CVE-2020-35580.yaml 2021-07-26 06:55:48 +07:00
GwanYeong Kim b9fadff659 Create CVE-2020-5307.yaml 
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-25 11:50:53 +09:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha f32521ad9d
Merge pull request #2113 from daffainfo/patch-92 
Create CVE-2020-29227.yaml
 2021-07-24 12:22:54 +05:30
Prince Chaddha af4081d0ec
Update CVE-2020-29227.yaml 2021-07-24 12:17:56 +05:30