Muhammad Daffa
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
sandeep
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
Sandeep Singh
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
Harsh Jaiswal
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
Prince Chaddha
7aa7401f3a
Merge pull request #2278 from gy741/rule-add-v44
...
Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30
sandeep
a1d73379aa
Added CVE-2021-27561
2021-08-02 18:25:13 +05:30
Prince Chaddha
c670df2925
Update CVE-2021-21816.yaml
2021-08-02 17:57:09 +05:30
Prince Chaddha
5c7a745e04
Merge pull request #2298 from gy741/rule-add-v47
...
Create CVE-2021-3297.yaml
2021-08-02 17:18:29 +05:30
Prince Chaddha
27f96f96c4
Update CVE-2021-3297.yaml
2021-08-02 17:12:42 +05:30
Prince Chaddha
2c0ecb01b3
Update CVE-2021-3297.yaml
2021-08-02 17:09:52 +05:30
Prince Chaddha
bae8422cfb
Update CVE-2021-3297.yaml
2021-08-02 17:06:07 +05:30
Noam Rathaus
37608a954c
Description
2021-08-02 12:56:17 +03:00
Noam Rathaus
6950d325e6
Update description
2021-08-02 12:55:21 +03:00
rootxharsh
6f2d74337e
Add CVE-2021-29484.yaml
2021-08-02 13:28:24 +05:30
GwanYeong Kim
bfa043e51f
Create CVE-2021-3297.yaml
...
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 16:35:38 +09:00
Sandeep Singh
81572ce596
Merge pull request #2292 from geeknik/patch-4
...
Update CVE-2021-31581.yaml
2021-08-02 02:09:32 +05:30
Sandeep Singh
b04dc13dcd
Update CVE-2021-31581.yaml
2021-08-02 02:08:28 +05:30
Sandeep Singh
d416aea142
Merge pull request #2279 from gy741/rule-add-v45
...
Create CVE-2021-36380.yaml
2021-08-02 01:36:56 +05:30
sandeep
ebf1653d65
Update CVE-2021-36380.yaml
2021-08-02 01:33:10 +05:30
Sandeep Singh
76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
...
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
sandeep
5c22441bac
Update CVE-2021-3223.yaml
2021-08-02 01:11:43 +05:30
Geeknik Labs
9cbb151600
Update CVE-2021-31581.yaml
...
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285 . 👍🏻
2021-08-01 10:59:39 -05:00
Noam Rathaus
03dfb4bff6
More references
2021-08-01 09:16:33 +03:00
Noam Rathaus
3de7af6018
Better reference
2021-08-01 09:14:14 +03:00
GwanYeong Kim
0678e7d233
Create CVE-2021-36380.yaml
...
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
GwanYeong Kim
5b3529bad5
Create CVE-2021-21816.yaml
...
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
PikPikcU
ae672521d9
Update CVE-2021-3223.yaml
2021-07-31 16:12:48 +07:00
GwanYeong Kim
12b832cc36
Create CVE-2021-32305.yaml
...
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 09:24:35 +09:00
sandeep
9c66387f0f
More CVEs Template
2021-07-26 22:48:45 +05:30
sandeep
b990243906
uniform tags
2021-07-26 14:25:43 +05:30
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Muhammad Daffa
3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
sandeep
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
7d72783090
WIP improvements
2021-07-22 16:32:37 +05:30
sandeep
938fdeec8f
Added CVE-2021-34429 and fixed related templates
2021-07-22 15:23:19 +05:30
Dhiyaneshwaran
8d8f39c26f
Create CVE-2021-32820.yaml
2021-07-21 10:40:13 +05:30
Prince Chaddha
7020d17f13
Merge pull request #2107 from daffainfo/patch-90
...
Create CVE-2021-23241.yaml
2021-07-20 17:26:37 +05:30
sandeep
8f8105bb99
Update CVE-2021-23241.yaml
2021-07-20 16:00:00 +05:30
Prince Chaddha
41c9c3e3f9
Update CVE-2021-23241.yaml
2021-07-20 14:25:37 +05:30
Prince Chaddha
86a7fad73a
Update CVE-2021-23241.yaml
2021-07-20 14:23:39 +05:30
Prince Chaddha
1fc173982d
Update CVE-2021-21479.yaml
2021-07-20 14:22:31 +05:30
Muhammad Daffa
c63bb91bdb
Create CVE-2021-23241.yaml
2021-07-20 15:52:10 +07:00
Prince Chaddha
94511129f6
Merge pull request #2076 from dwisiswant0/GHSL-2020-227
...
Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479
2021-07-20 14:20:31 +05:30
Prince Chaddha
d738d2c9a3
Update CVE-2021-21479.yaml
2021-07-20 14:18:21 +05:30
Prince Chaddha
b10b8a61b8
Update CVE-2021-21479.yaml
2021-07-20 14:16:30 +05:30
Prince Chaddha
0af69ac0fd
Update CVE-2021-21479.yaml
2021-07-20 14:15:45 +05:30
Muhammad Daffa
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
Prince Chaddha
eb15971f16
Merge pull request #2096 from geeknik/patch-4
...
Create CVE-2021-26475.yaml
2021-07-20 11:53:45 +05:30
Sandeep Singh
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep
9d19d5fb5b
description update
2021-07-20 00:12:01 +05:30
sandeep
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30
Geeknik Labs
39acc90454
Create CVE-2021-26475.yaml
...
CVE-2021-26475 -- EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
2021-07-19 08:34:21 -05:00
sandeep
eec253fdd8
minor update
2021-07-19 16:53:47 +05:30
Prince Chaddha
707083438e
Update CVE-2021-24389.yaml
2021-07-19 11:37:51 +05:30
Prince Chaddha
751f4e099c
Update CVE-2021-24335.yaml
2021-07-19 11:37:18 +05:30
Prince Chaddha
c8ee50bd9b
Update CVE-2021-24320.yaml
2021-07-19 11:36:45 +05:30
Prince Chaddha
06a82e2c78
Update CVE-2021-24298.yaml
2021-07-19 11:36:11 +05:30
Suman Kar
77fd227376
Update CVE-2021-24498.yaml
2021-07-19 10:45:58 +05:30
Suman Kar
556a94136b
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-19 10:40:50 +05:30
Sandeep Singh
f9c8314092
Merge pull request #2077 from gy741/rule-add-v27
...
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
2021-07-18 23:17:40 +05:30
sandeep
c56680cef3
Additional matcher
2021-07-18 23:14:19 +05:30
Sandeep Singh
9971674b36
Update CVE-2021-21479.yaml
2021-07-18 22:54:34 +05:30
sandeep
3088fb5431
Removing CVE-2021-24213
...
As per blog - https://bentl.ee/posts/cve-givewp/
> This vulnerability requires user interaction from an admin in order to be exploited.
2021-07-18 22:39:37 +05:30
sandeep
76e95ac1e5
Minor improvements
2021-07-18 22:36:15 +05:30
Dhiyaneshwaran
22fa4de8d8
Update CVE-2021-21307.yaml
2021-07-18 19:33:28 +05:30
Dhiyaneshwaran
e692d81999
Update CVE-2021-21307.yaml
2021-07-18 19:24:46 +05:30
Dhiyaneshwaran
0a8d2ffdcc
Create CVE-2021-21307.yaml
2021-07-18 19:19:19 +05:30
GwanYeong Kim
4414ff60db
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
...
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 22:12:01 +09:00
Dhiyaneshwaran
0a01f0cd79
Create CVE-2021-24213.yaml
2021-07-18 16:44:57 +05:30
Dwi Siswanto
e4b2316bf0
Add CVE-2021-21479
2021-07-18 11:11:56 +07:00
Prince Chaddha
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Muhammad Daffa
9360b48a90
Create CVE-2021-24235.yaml
2021-07-15 18:03:53 +07:00
Prince Chaddha
456f5d6b15
Merge pull request #2014 from daffainfo/patch-57
...
Create CVE-2021-24320.yaml
2021-07-15 14:51:34 +05:30
Prince Chaddha
d00d4f37f5
Update CVE-2021-24320.yaml
2021-07-15 14:43:35 +05:30
Prince Chaddha
39def9b6e1
Merge pull request #2008 from daffainfo/patch-53
...
Create CVE-2021-24335.yaml
2021-07-15 14:35:27 +05:30
Prince Chaddha
d73599eb3c
Merge pull request #2006 from daffainfo/patch-51
...
Create CVE-2021-24389.yaml
2021-07-15 14:32:09 +05:30
Prince Chaddha
799e7109c3
Update CVE-2021-24389.yaml
2021-07-15 14:30:23 +05:30
Prince Chaddha
7a1e276d7b
Update CVE-2021-24335.yaml
2021-07-15 14:27:55 +05:30
Prince Chaddha
2f41c4de62
Update CVE-2021-24298.yaml
2021-07-15 14:15:49 +05:30
GwanYeong Kim
1c729ab1ea
Create CVE-2021-31755.yaml
...
Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 15:09:26 +09:00
Muhammad Daffa
031cd24480
Create CVE-2021-24298.yaml
2021-07-15 10:52:21 +07:00
Muhammad Daffa
ca75afe52c
Create CVE-2021-24320.yaml
2021-07-15 10:38:35 +07:00
Muhammad Daffa
e34ec6c05c
Create CVE-2021-24335.yaml
2021-07-15 07:06:50 +07:00
Muhammad Daffa
6a0d2d2b90
Create CVE-2021-24389.yaml
2021-07-15 06:54:35 +07:00
sandeep
b6ec1c2abb
Added reference
2021-07-13 19:22:59 +05:30
Sandeep Singh
b4e21feadd
Rename cve-2021-24472.yaml to CVE-2021-24472.yaml
2021-07-13 19:21:21 +05:30
sandeep
6d6b30e9cf
matcher update
2021-07-13 19:20:10 +05:30
Suman Kar
9aeac41fbc
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-07-13 18:42:05 +05:30
Sandeep Singh
9a09d52520
Merge pull request #1951 from gy741/rule-add-v22
...
Create CVE-2021-33544.yaml
2021-07-13 16:30:44 +05:30
Sandeep Singh
43d4644164
Update CVE-2021-33544.yaml
2021-07-13 16:29:55 +05:30
Sandeep Singh
bb53177a74
Update CVE-2021-33544.yaml
2021-07-13 16:26:33 +05:30
Sandeep Singh
89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148
2021-07-13 05:01:01 +05:30
Dwi Siswanto
a91516cbb5
Misplaced of CVE-2020-24148
2021-07-13 05:24:03 +07:00
Sandeep Singh
e23f378fe8
Merge pull request #1943 from gy741/rule-add-v21
...
Create CVE-2021-30497.yaml
2021-07-13 01:00:59 +05:30
Sandeep Singh
dec41b5631
Merge pull request #1950 from dwisiswant0/add/CVE-2020-24148
...
Add CVE-2020-24148
2021-07-13 00:52:08 +05:30
GwanYeong Kim
0e1e727bb1
Create CVE-2021-33544.yaml
...
Multiple vulnerabilities in the web-based management interface of Geutebruck could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
CVE-2021-33543 : Authentication Bypass
CVE-2021-33544 : Command injection multiple parameters
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-12 13:10:31 +09:00
Dwi Siswanto
4ea2c71a3d
Add CVE-2020-24148
2021-07-12 09:24:50 +07:00
GwanYeong Kim
c0f5105dcf
Create CVE-2021-30497.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-11 18:31:18 +09:00
sandeep
25dcb930ad
Added CVE-2021-29156
2021-07-11 14:39:41 +05:30
sandeep
01ae482fe8
Added CVE-2021-34621
2021-07-10 22:31:08 +05:30
Sandeep Singh
97023903a0
Merge pull request #1918 from gy741/rule-add-v19
...
Create Hongdian Vulnerability
2021-07-10 21:24:56 +05:30
Sandeep Singh
5ca472b43e
Merge pull request #1880 from gy741/rule-add-v13
...
Create CVE-2021-1497.yaml
2021-07-10 20:55:14 +05:30
sandeep
1cd29628aa
more reference
2021-07-10 20:54:04 +05:30
sandeep
7f37050361
Added HTTP check
2021-07-10 20:53:23 +05:30
sandeep
dd9e85a29c
Added missing condition
2021-07-10 20:47:20 +05:30
sandeep
1e8aa5288f
Update CVE-2021-1497.yaml
2021-07-10 20:45:00 +05:30
sandeep
767f173f88
minor updates
2021-07-10 18:45:09 +05:30
GwanYeong Kim
3bf1c929ed
Create Hongdian Vulnerability
...
CVE-2021-28149 : Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
CVE-2021-28150 : Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
CVE-2021-28151 : Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-10 21:16:35 +09:00
sandeep
c2f87a94c6
Added complete RCE chain
2021-07-10 13:42:09 +05:30
Geeknik Labs
d5cbcec079
Update CVE-2021-22214.yaml
...
dns interaction doesn't prove exploitability
2021-07-07 03:50:13 +00:00
Sandeep Singh
2aa91bbf24
Rename cve-2021-24387.yaml to CVE-2021-24387.yaml
2021-07-06 20:29:47 +05:30
Suman Kar
78617f6012
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
2021-07-06 19:51:53 +05:30
sandeep
59199ad35e
Update CVE-2021-28918.yaml
...
Removed version as multiple reference includes multiple versions.
2021-07-06 12:45:50 +05:30
sandeep
7fb23a24b9
minor update
2021-07-06 12:41:16 +05:30
John Jackson
ede7ca07d0
Fixing Trailing Spaces
...
As stated.
2021-07-06 01:05:03 -06:00
John Jackson
5d74f7e2e4
Update CVE-2021-28918.yaml
...
Fixing trailing spaces.
2021-07-06 01:03:18 -06:00
John Jackson
7dd0795296
Create Netmask SSRF Template
...
The basic test to fuzz for the netmask SSRF vulnerability would be to use an Octal payload that resolves to the localhost. I limited it to 4 basic testing payloads as to not slow down the speed of a full-length CVE directories test.
2021-07-06 00:50:43 -06:00
sandeep
6dd96ede94
Added additional reference
2021-07-06 12:12:09 +05:30
sandeep
fc68a95803
Template Name/ID update as per assigned CVE
2021-07-06 12:07:53 +05:30
GwanYeong Kim
71dd0de29d
Create CVE-2021-1497.yaml
...
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-06 09:30:13 +09:00
Prince Chaddha
56ccb9f3a4
Merge pull request #1822 from Akokonunes/patch-13
...
Create CVE-2021-24210.yaml
2021-07-01 00:00:03 +05:30
Prince Chaddha
f44c3e597f
Update and rename CVE-2021-24210.yaml to cves/2021/CVE-2021-24210.yaml
2021-06-30 23:45:27 +05:30
Prince Chaddha
87a1d1acce
Merge pull request #1823 from Akokonunes/patch-14
...
Create CVE-2021-24406.yaml
2021-06-30 23:44:03 +05:30
Prince Chaddha
6a6607c282
Update and rename CVE-2021-24406.yaml to cves/2021/CVE-2021-24406.yaml
2021-06-30 23:43:06 +05:30
Sandeep Singh
dbcdbe907e
Merge pull request #1797 from Mad-robot/patch-2
...
Create CVE-2021-29203.yaml
2021-06-30 21:27:35 +05:30
sandeep
2d63ddfa20
minor update
2021-06-30 21:27:06 +05:30
Sandeep Singh
3602eebf6c
Merge pull request #1780 from wwilson83H3/master
...
The default request never flagged druid in my env. Replaced with MSF …
2021-06-30 20:32:14 +05:30
Sandeep Singh
d1f47657a9
Update CVE-2021-25646.yaml
2021-06-30 20:31:15 +05:30
Sandeep Singh
cfcb739fbc
more changes
2021-06-30 20:28:41 +05:30
sandeep
498586e854
Added additional matcher and full exploit chain details
2021-06-30 03:01:13 +05:30
SaN ThosH
8b0b2a169d
Update CVE-2021-35464.yaml
2021-06-29 18:02:33 +05:30
SaN ThosH
2d4c8cb434
Create CVE-2021-35464.yaml
2021-06-29 17:26:37 +05:30
Prince Chaddha
8ae56492d8
Update CVE-2021-29203.yaml
2021-06-29 10:13:41 +05:30
Sandeep Singh
40782db039
Merge pull request #1771 from gy741/rule-add-v7
...
Create CVE-2021-3223.yaml
2021-06-28 21:43:59 +05:30
sandeep
b97811a143
Update CVE-2021-3223.yaml
2021-06-28 21:43:04 +05:30
SaN ThosH
cb5c53aef3
Create CVE-2021-29203.yaml
2021-06-26 13:40:30 +05:30
Prince Chaddha
bae4998f81
Merge pull request #1766 from gy741/rule-add-v6
...
Create CVE-2021-21234.yaml
2021-06-25 16:50:36 +05:30
Prince Chaddha
2d40d90715
Update CVE-2021-21234.yaml
2021-06-25 12:53:22 +05:30
sandeep
426abedcfa
severity updates as per CVE database
2021-06-25 00:05:59 +05:30
Sandeep Singh
e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187
...
Create CVE-2021-28169.yaml
2021-06-25 00:02:51 +05:30
sandeep
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
Sandeep Singh
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
sandeep
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
sandeep
809668943f
minor changes
2021-06-24 23:54:29 +05:30
wyatt
16e5ad7fad
The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now
2021-06-24 13:37:45 -04:00
PikPikcU
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
GwanYeong Kim
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
GwanYeong Kim
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
sandeep
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
lulz
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
lulz
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
Sandeep Singh
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
lulz
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
Noam Rathaus
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
Sandeep Singh
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
sandeep
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
sandeep
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
Sandeep Singh
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
Prince Chaddha
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
Noam Rathaus
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
Dwi Siswanto
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00
Sandeep Singh
bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4
...
Create CVE-2021-24237.yaml
2021-06-16 01:56:39 +05:30
sandeep
5cff973564
Added tags
2021-06-16 01:02:21 +05:30
sandeep
c36419c94c
Added CVE-2021-28854
2021-06-16 01:01:01 +05:30
Noam Rathaus
b5bdac494b
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates
2021-06-13 09:54:52 +03:00
Prince Chaddha
3779eb70e0
Moved template to cves folder
2021-06-11 16:48:05 +05:30
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
sandeep
ccdb667d3b
YML to YAML
2021-06-09 14:42:14 +05:30
sandeep
1299ae621f
Update CVE-2021-28164.yml
2021-06-09 14:39:19 +05:30
sandeep
eef5158207
Update CVE-2021-28164.yml
2021-06-09 14:38:12 +05:30
sandeep
23cb4c4d9f
moving files around
2021-06-09 14:37:40 +05:30
sandeep
0cdfd0468f
Update CVE-2021-24285.yaml
2021-06-09 04:01:21 +05:30
sandeep
2953942c3c
Added CVE-2021-24285
2021-06-09 03:13:23 +05:30
sandeep
8e13733d34
moving files around
2021-06-04 16:30:31 +05:30
Prince Chaddha
5269cc1c87
Update CVE-2021-22122.yaml
2021-06-02 13:17:00 +05:30
root
2678721174
Added new path for CVE-2021-22122.yaml
2021-06-02 00:06:20 +01:00
sandeep
19b73df6be
Update CVE-2021-21985.yaml
2021-05-31 19:44:44 +05:30
sandeep
633644b159
Added CVE-2021-21985
2021-05-31 19:20:59 +05:30
0xsapra
0d8c5607cb
CVE-2021-33564.yaml
2021-05-29 02:33:38 +05:30
sandeep
26fc5c2dfa
Added CVE-2021-27850
2021-05-21 09:04:16 +05:30
Geeknik Labs
67bf4fab3c
Update CVE-2021-29622.yaml
2021-05-20 13:14:28 +00:00
Geeknik Labs
dde1e5e736
Create CVE-2021-29622.yaml
2021-05-20 13:13:18 +00:00
Sandeep Singh
78abf0d8a2
Merge pull request #1480 from nrathaus/master
...
Changes to reference and description
2021-05-17 21:54:41 +05:30
Geeknik Labs
0cf6e5507e
Update and rename cves/2021/CVE-2021-31800.yaml to cves/2014/CVE-2014-3744.yaml
2021-05-17 13:18:10 +00:00
Sandeep Singh
c0d13a6def
Merge pull request #1475 from Ganofins/patch-3
...
Create CVE-2021-24176.yaml
2021-05-16 22:15:39 +05:30
sandeep
1d9cdf949b
Update CVE-2021-24176.yaml
2021-05-16 22:12:33 +05:30
Noam Rathaus
dbdf6e8b6e
Better description
2021-05-16 15:53:51 +03:00
sandeep
e46fcb9e9a
Adding CVE-2021-27651
2021-05-16 15:10:08 +05:30
Ganesh Bagaria
4170b2d3e3
Create CVE-2021-24176.yaml
2021-05-16 12:59:32 +05:30
Prince Chaddha
5e2eaaf7a7
Update CVE-2021-31800.yaml
2021-05-16 02:16:34 +05:30
Geeknik Labs
4e1c4986f8
Create CVE-2021-31800.yaml
2021-05-15 18:56:07 +00:00
sandeep
7b4d736b94
Adding additional matcher
2021-05-14 22:15:50 +05:30
Geeknik Labs
77b95af240
Update CVE-2021-31537.yaml
2021-05-12 20:27:33 +00:00
Geeknik Labs
8365697de4
Update CVE-2021-31537.yaml
2021-05-12 20:25:22 +00:00
Geeknik Labs
7dcfccff74
Create CVE-2021-31537.yaml
2021-05-12 20:23:19 +00:00
sandeep
988d09e2de
Added CVE-2021-28073
2021-05-07 20:30:23 +05:30
sandeep
c56111663f
Added CVE-2021-30461
2021-05-07 18:00:10 +05:30
Sandeep Singh
cee291e366
Merge pull request #1419 from dwisiswant0/add/GHSL-2020-325
...
Hotfix: Update operator
2021-05-07 16:46:43 +05:30
Dwi Siswanto
1f5cbe507c
Update operator
2021-05-06 16:24:08 +07:00
Sandeep Singh
1198c7e724
Merge pull request #1382 from dwisiswant0/add/GHSL-2020-325
...
Add CVE-2021-29441
2021-05-05 18:26:10 +05:30
sandeep
22f123ff79
template update
2021-05-05 18:23:07 +05:30
Dwi Siswanto
d2ea9d2da0
Using Get configurations open API endpoint
2021-05-04 13:18:55 +07:00
Dwi Siswanto
3a51f45be5
Update description
2021-04-28 21:01:25 +07:00
Prince Chaddha
56d09dda92
Update CVE-2021-29442.yaml
2021-04-28 18:30:55 +05:30
Dwi Siswanto
64a45f2439
Add CVE-2021-29442
2021-04-28 12:01:34 +07:00
Dwi Siswanto
486103e0d4
Add CVE-2021-29441
2021-04-28 11:54:36 +07:00
sandeep
ee74145a98
template update
2021-04-23 15:38:41 +05:30
sandeep
76c08284ce
Adding more references
2021-04-23 14:21:15 +05:30
sandeep
c539514cdd
Update CVE-2021-27905.yaml
2021-04-23 14:18:51 +05:30
sandeep
33c9b30143
Template fix and minor updates
2021-04-23 14:14:49 +05:30
Dhiyaneshwaran
6ca4f1c5d2
Create CVE-2021-27905
2021-04-23 12:53:49 +05:30
sandeep
2f434d0440
Update CVE-2021-24146.yaml
2021-04-23 08:50:02 +05:30
sandeep
6cd5b9d35c
CVE update
2021-04-23 08:47:52 +05:30
sandeep
65b6c57e9f
Temporarily removing this template
2021-04-22 09:46:29 +05:30
sandeep
6cb0b89738
minor update
2021-04-21 12:46:44 +05:30
SaN ThosH
f91c579fb3
Update CVE-2021-28480.yaml
2021-04-21 12:24:19 +05:30
SaN ThosH
beb1ac700e
Update CVE-2021-28480.yaml
2021-04-21 02:51:05 +05:30
SaN ThosH
8e8ef1a0dd
Update CVE-2021-28480.yaml
2021-04-21 02:42:50 +05:30
SaN ThosH
5a8949554c
Create CVE-2021-28480.yaml
2021-04-21 02:34:10 +05:30
Sandeep Singh
954fe60b85
Merge pull request #1286 from geeknik/patch-66
...
Create CVE-2021-3374.yaml
2021-04-17 20:45:29 +05:30
sandeep
6bf828d61d
Update CVE-2021-28937.yaml
2021-04-16 02:21:48 +05:30
Geeknik Labs
aa2ac6471d
Update CVE-2021-28937.yaml
2021-04-15 20:31:01 +00:00
Geeknik Labs
e7a1fde388
Update CVE-2021-28937.yaml
2021-04-15 20:24:24 +00:00
Geeknik Labs
6edf8c3a8b
Create CVE-2021-28937.yaml
2021-04-15 20:20:27 +00:00
Geeknik Labs
a6417c6fa5
Update CVE-2021-3374.yaml
2021-04-14 23:54:48 +00:00
Geeknik Labs
de7321344f
Create CVE-2021-3374.yaml
2021-04-14 20:56:03 +00:00
sandeep
b0b45dd599
Update CVE-2021-30151.yaml
2021-04-11 17:51:41 +05:30
Prince Chaddha
43e59a577e
Update CVE-2021-30151.yaml
2021-04-11 01:00:49 +05:30
Prince Chaddha
4c9cbc1692
Update CVE-2021-30151.yaml
2021-04-11 00:57:38 +05:30
Dhiyaneshwaran
1692ef1821
Update CVE-2021-30151.yaml
2021-04-10 23:47:02 +05:30
Dhiyaneshwaran
1e0b6ea383
Update CVE-2021-30151.yaml
2021-04-10 23:43:37 +05:30
Dhiyaneshwaran
3e3db1c972
Update CVE-2021-30151.yaml
2021-04-10 23:37:38 +05:30
Dhiyaneshwaran
e87a0671ee
Create CVE-2021-30151.yaml
2021-04-10 22:58:27 +05:30
Noam Rathaus
989ee9d9dd
Spelling
2021-04-06 13:38:03 +03:00
Dwi Siswanto
c2c7c9b0c2
Add header matcher
2021-04-02 07:17:18 +07:00
Dwi Siswanto
efae3ccd11
Update vulnerable paths
2021-04-02 07:11:37 +07:00
Dwi Siswanto
bb33d0597b
Update routes
2021-04-02 05:28:27 +07:00
Dwi Siswanto
029706a939
Add more vulnerable path
2021-04-02 05:17:29 +07:00
Dwi Siswanto
79c0046596
Update severity
2021-04-02 05:17:07 +07:00
Dwi Siswanto
ad69b05f11
🔥 Add CVE-2021-21402
2021-04-02 05:16:53 +07:00
sandeep
570cc1a220
Update CVE-2021-21975.yaml
2021-03-31 22:45:42 +05:30
sandeep
063d685ac5
Update CVE-2021-21975.yaml
2021-03-31 06:27:33 +05:30
sandeep
94a4c87c3f
safe matcher
2021-03-31 06:22:10 +05:30
daemonum
8f7e7cba24
Add CVE-2021-21975
2021-03-31 02:43:36 +03:00
Noam Rathaus
66f141f733
Better reference
2021-03-25 12:08:15 +02:00
PD-Team
5d8bf70470
Merge pull request #1137 from nrathaus/master
...
Description and References on some templates were missing
2021-03-24 23:02:15 +05:30
SaN ThosH
bc5ab99237
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
8e781f97d0
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
sandeep
7a8d56ee65
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
sandeep
635cc7fae7
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
9987dc0c36
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
33e3fac8da
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
c55a72a168
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
38daf751a3
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
3876cb6b55
Create CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
Noam Rathaus
93bc3a76b1
Better references and description
2021-03-24 08:48:11 +02:00
sandeep
ca66fa321b
Update CVE-2021-22986.yaml
2021-03-22 18:21:42 +05:30
sandeep
339077ff43
misc fixes
2021-03-22 01:19:30 +05:30
sandeep
d021e2084e
Update CVE-2021-22986.yml
2021-03-21 21:48:27 +05:30
Rahul Maini
71886cb8ca
Adding F5 BIG-IP iControl REST Pre-Auth RCE
2021-03-21 20:08:00 +04:00
sandeep
ad84ecb792
tag improvements
2021-03-18 13:24:36 +05:30
PD-Team
110617aa03
Merge pull request #961 from Mad-robot/master
...
CVE-2021-25281 wheel_async unauth access
2021-03-13 21:19:16 +05:30
sandeep
06945d56a8
fixing typos
2021-03-10 19:33:49 +05:30
Noam Rathaus
d6c3028f60
Spelling mistake
2021-03-10 13:49:34 +02:00
PD-Team
0161c03b65
Merge pull request #1027 from dwisiswant0/add/cves/2021/CVE-2021-21978
...
Add CVE-2021-21978
2021-03-10 01:56:23 +05:30
Noam Rathaus
d04f747147
Spelling mistake in the parameter
2021-03-08 16:17:59 +02:00
sandeep
3f840d0783
minor update
2021-03-08 19:41:41 +05:30
sandeep
3c01c4df56
minor fix
2021-03-08 13:43:06 +05:30
aron
0c761a2e85
No need for internet connection and leak to burp
2021-03-08 08:55:22 +01:00
sandeep
855da4abcd
Additional references
2021-03-06 16:25:24 +05:30
sandeep
c6deb0c2fc
misc changes
2021-03-06 13:04:26 +05:30
SaN ThosH
61327f4d96
Update CVE-2021-26855.yaml
2021-03-06 13:02:30 +05:30
SaN ThosH
9ac013952d
Update CVE-2021-26855.yaml
2021-03-06 12:46:45 +05:30
SaN ThosH
d12120355c
Update CVE-2021-26855.yaml
2021-03-06 12:37:41 +05:30
SaN ThosH
55e4c5d32e
Create CVE-2021-26855.yaml
2021-03-06 12:30:59 +05:30
Dwi Siswanto
df24aca916
✏️ Fix misspelling of 'image' in content-type
2021-03-05 15:29:13 +07:00
Dwi Siswanto
b2e4914f98
🔥 Add CVE-2021-21978
2021-03-05 15:27:05 +07:00
sandeep
1a652283db
Update CVE-2021-21315.yaml
2021-03-04 20:28:32 +05:30
PD-Team
db15888b10
Merge pull request #998 from pikpikcu/patch-102
...
Create CVE-2021-21315
2021-03-04 20:27:55 +05:30
sandeep
7c32ecd13e
improved matcher
2021-03-04 20:25:34 +05:30
sandeep
6f9c901ca7
misc updates
2021-03-03 11:58:28 +05:30
PikPikcU
a236c53d68
Update CVE-2021-21315.yaml
2021-03-03 00:43:48 +07:00
PD-Team
883bfacbdd
Merge pull request #993 from geeknik/patch-43
...
Create CVE-2021-27132.yaml
2021-03-02 21:45:35 +05:30
PikPikcU
723ea55285
Create CVE-2021-21315.yaml
2021-03-02 11:02:08 +00:00
sandeep
c56ba05165
Update CVE-2021-27330.yaml
2021-03-02 14:20:19 +05:30
sandeep
5b690a9003
improving matcher
2021-03-02 12:36:11 +05:30
Geeknik Labs
15f52ad586
Update CVE-2021-27132.yaml
...
omg typo
2021-03-01 20:34:15 +00:00
Geeknik Labs
9a598c5335
Update CVE-2021-27132.yaml
2021-03-01 14:17:25 +00:00
Geeknik Labs
a07d7bca4e
Create CVE-2021-27132.yaml
2021-03-01 14:15:30 +00:00
PikPikcU
da44a0face
Create CVE-2021-27330.yaml
2021-03-01 11:46:14 +00:00
PD-Team
2b1c3aa29c
Merge pull request #985 from dwisiswant0/add/cves/2021/CVE-2021-3378
...
Add FortiLogger Unauthenticated Arbitrary File Upload
2021-03-01 14:20:36 +05:30
sandeep
bea2bfee01
Added complete poc
2021-03-01 14:15:16 +05:30
sandeep
f0e0bcfd04
Update CVE-2021-3378.yaml
2021-03-01 12:50:00 +05:30
sandeep
4a4c9c3437
misc update
2021-03-01 12:27:18 +05:30
Dwi Siswanto
bb60b70454
🔨 Add missing matchers-condition
2021-03-01 07:33:25 +07:00
Dwi Siswanto
998216b8c0
🔥 Add CVE-2021-3378
2021-03-01 07:32:59 +07:00
sandeep
530658c9da
Update CVE-2021-3129.yaml
2021-02-27 23:56:53 +05:30
sandeep
6cb87158a7
improved matcher
2021-02-27 23:54:39 +05:30
sandeep
705b0d05f3
Update CVE-2021-3129.yaml
2021-02-27 18:31:48 +05:30
sandeep
dcd939ad97
Update CVE-2021-3129.yaml
2021-02-27 18:30:16 +05:30
sandeep
d6e5c4df85
Update CVE-2021-3129.yaml
2021-02-27 18:27:42 +05:30
sandeep
0781aa3d66
Adding CVE-2021-3129
2021-02-27 18:26:57 +05:30
sandeep
586d4c7e8d
Update CVE-2021-25281.yaml
2021-02-26 18:12:25 +05:30
sandeep
125f592c47
adding condition
2021-02-26 17:55:38 +05:30
SaN ThosH
c11420de46
Update CVE-2021-25281.yaml
2021-02-26 14:35:50 +05:30
SaN ThosH
d308f8734d
Update CVE-2021-25281.yaml
2021-02-26 14:32:59 +05:30
SaN ThosH
d719d890a0
Create CVE-2021-25281.yaml
2021-02-26 14:32:30 +05:30
Dwi Siswanto
6d514eee84
🔥 Add CVE-2021-21972
2021-02-25 07:37:02 +07:00
PikPikcU
e1768ccede
Added CVE-2021-26710 ( #822 )
...
* Created CVE-2021-26710 🔥
2021-02-09 18:28:32 +05:30
PikPikcU
cb926dc3b9
Added CVE-2021-26722 🔥 ( #821 )
2021-02-08 01:39:58 +05:30
PikPikcU
316f0d5daa
Added CVE-2021-26723 🔥 ( #819 )
2021-02-07 21:11:09 +05:30
PD-Team
00d26c0608
Added tags to cves 😎 ( #813 )
...
* Added tags to cves 😎
2021-02-06 01:14:41 +05:30
PD-Team
33ae9284e2
Update CVE-2021-22122.yaml
2021-02-04 19:43:13 +05:30
Dwi Siswanto
2cae0785ca
🔥 Add CVE-2021-22122
2021-02-04 20:33:19 +07:00
PD-Team
b33a15f3e2
Update CVE-2021-25646.yaml
2021-02-03 21:42:03 +05:30
PikPikcU
85db9df19d
CVE-2021-25646
2021-02-03 09:24:49 +00:00
PikPikcU
aa7420713b
Create CVE-2021-3019.yaml
2021-01-30 12:22:35 +00:00
PD-Team
865c778d4b
few updates
2021-01-29 23:35:27 +05:30
pudsec
5e7ae851f1
Added CVE-2021-22873
2021-01-24 19:37:25 +08:00