Commit Graph

1217 Commits (10b4076f883e996e92c4a55b89d02b5e725845d5)

Author SHA1 Message Date
Prince Chaddha 843c688505
Merge pull request #2867 from Akokonunes/patch-54
Create advanced-access-manager-plugin-lfi.yaml
2021-10-11 16:55:58 +05:30
Prince Chaddha da08f02913
Update and rename advanced-access-manager-plugin-lfi.yaml to vulnerabilities/wordpress/advanced-access-manager-lfi.yaml 2021-10-11 16:52:28 +05:30
sandeep 9b1c57506b Updating CVE-2021-41773 / CVE-2021-42013 to include RCE check 2021-10-10 06:00:43 +05:30
sandeep 6205415bbd Update keycloak-xss.yaml
Updating severity as this XSS is not exploitable directly.
2021-10-09 08:46:17 +05:30
Sandeep Singh 0c8e813c15
Merge pull request #2854 from Akokonunes/patch-52
Create wp-oxygen-theme-lfi.yaml
2021-10-08 19:20:54 +05:30
sandeep ecca8374fc moving file around 2021-10-08 19:19:29 +05:30
Sandeep Singh 95305667c0
Merge pull request #2852 from pdelteil/patch-65
Update qcubed-xss.yaml
2021-10-08 19:14:41 +05:30
sandeep 6a00b9245c Update qcubed-xss.yaml 2021-10-08 19:14:26 +05:30
sandeep de0a0ff3c1 misc update 2021-10-08 19:10:03 +05:30
Philippe Delteil 60a3b6f4a4
Update qcubed-xss.yaml 2021-10-08 03:46:49 -03:00
Philippe Delteil 888c703a3c
Update pmb-directory-traversal.yaml 2021-10-08 03:33:40 -03:00
Sandeep Singh 634e215433
Merge pull request #2840 from projectdiscovery/apache-httpd-rce
Added Apache HTTPd - 2.4.49 (CGI enabled) RCE
2021-10-06 19:50:18 +05:30
sandeep 8dfa5ce9b4 Added Lucee Unauthenticated Reflected XSS 2021-10-06 16:38:23 +05:30
sandeep 856b96a084 lint update 2021-10-06 15:56:00 +05:30
sandeep 796dd93113 Added Apache HTTPd - 2.4.49 (CGI enabled) RCE 2021-10-06 15:53:31 +05:30
Prince Chaddha 3ce3718a5e
Merge pull request #2835 from Akokonunes/patch-49
Create ultimatemember-plugin-open-redirect.yaml
2021-10-06 11:04:54 +05:30
Prince Chaddha 183af8b95b
Update and rename ultimatemember-plugin-open-redirect.yaml to vulnerabilities/wordpress/ultimatemember-open-redirect.yaml 2021-10-06 10:59:48 +05:30
Prince Chaddha f1130595ce
Update and rename wptouch-plugin-open-redirect.yaml to vulnerabilities/wordpress/wptouch-open-redirect.yaml 2021-10-06 10:46:16 +05:30
Prince Chaddha 5b5e764b48
Merge pull request #2787 from mr-rizwan-syed/master
wp-config-file and aws-s3-access-key-leak
2021-10-05 18:25:04 +05:30
Prince Chaddha 6e7b91f6dc
Update wordpress-accessible-wpconfig.yaml 2021-10-05 18:02:50 +05:30
Sandeep Singh 478a7ef833
Merge pull request #2808 from pdelteil/patch-61
Update wp-plugin-1-flashgallery-listing.yaml
2021-10-02 17:59:10 +05:30
Sandeep Singh 47853b869b
Update metinfo-lfi.yaml 2021-10-02 17:57:59 +05:30
Sandeep Singh f43b256e6e
Update metinfo-lfi.yaml 2021-10-02 17:57:33 +05:30
Philippe Delteil 8fc91de606
Update metinfo-lfi.yaml 2021-10-02 03:42:22 -03:00
Philippe Delteil e3947fbfeb
Update wp-plugin-1-flashgallery-listing.yaml 2021-10-02 03:29:17 -03:00
Prince Chaddha 4dc168520c
Merge pull request #2791 from pdelteil/patch-59
Update and rename wordpress-emails-verification-for-woocommerce.yaml …
2021-10-01 16:33:44 +05:30
Prince Chaddha d7e6cb313e
Update wp-woocommerce-email-verification.yaml 2021-10-01 16:31:50 +05:30
Prince Chaddha 58fd372498
Update and rename qihang-media-web-lfi.yaml to qihang-media-lfi.yaml 2021-10-01 16:28:20 +05:30
Prince Chaddha ea71661d79
Update and rename qihang-media-web-credentials-disclosure.yaml to qihang-media-disclosure.yaml 2021-10-01 16:26:25 +05:30
GwanYeong Kim f750bf5ba5 Create qihang-media-web-credentials-disclosure.yaml
The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:42:48 +09:00
GwanYeong Kim 90138f44d1 Create qihang-media-web-lfi.yaml
The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:35:12 +09:00
Philippe Delteil 145f1a643d
Update and rename wordpress-emails-verification-for-woocommerce.yaml to wp-woocommerce-email-verification.yaml
- name changed to match template id. 
- added  stop-at-first-match condition.
2021-09-30 22:49:21 -03:00
Sullo 7adfd01163 Moving listserv_maestro_rce.yaml to cves folder 2021-09-30 15:39:45 -04:00
Sullo d34e6c1145 Add information for CVE-2010-1870 2021-09-30 15:38:59 -04:00
Sullo 3c012b137d Break CVE-2016-4975 into its own template 2021-09-30 15:35:17 -04:00
Rizwan Syed 4065f6a493
Update wordpress-accessible-wpconfig.yaml 2021-09-30 23:15:18 +05:30
Sullo c9a374bed5 renamed: simple-employee-rce.yaml -> ../../cves/2019/CVE-2019-20183.yaml 2021-09-30 13:06:46 -04:00
Sullo 28def083f6 Merge branch 'master' of https://github.com/sullo/nuclei-templates
Fix typo for cvss
2021-09-30 13:03:09 -04:00
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts)
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
sullo 66cad3ff35 Revert "* Added CVE info & moved simple-employee-rce.yaml to cves/2019/CVE-2019-20183.yaml"
incorrect push to master repo

This reverts commit 7191aee570.
2021-09-30 12:25:22 -04:00
Sullo 7191aee570 * Added CVE info & moved simple-employee-rce.yaml to cves/2019/CVE-2019-20183.yaml
* Added missing {{Hostname}} to some raw requests (confirmed that hostname is allowed in exploits)
* Minor cleanup in the modified plugins
2021-09-30 12:20:54 -04:00
sandeep e90e3b49bc Added more unique matchers 2021-09-30 20:22:53 +05:30
sandeep 88f6bba576 Added thinkphp keyword from response to avoid false positive 2021-09-30 18:35:14 +05:30
Prince Chaddha f839f628b6
Update and rename fatpipe-networks-warp-backdoor.yaml to fatpipe-backdoor.yaml 2021-09-30 17:18:45 +05:30
Prince Chaddha b65719103f
Update and rename fatpipe-networks-warp-auth-bypass.yaml to fatpipe-auth-bypass.yaml 2021-09-30 17:18:21 +05:30
Prince Chaddha 9e25b4871e
Update fatpipe-networks-warp-backdoor.yaml 2021-09-30 16:13:19 +05:30
GwanYeong Kim 606d2b5ea4 Create fatpipe-networks-warp-backdoor.yaml
The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 13:38:01 +09:00
GwanYeong Kim 263cadaacf Create fatpipe-networks-warp-auth-bypass.yaml
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 11:07:24 +09:00
Sandeep Singh e9f81943b6
Merge pull request #2759 from projectdiscovery/generic-ssrf
generic-ssrf
2021-09-30 03:31:52 +05:30
sandeep 553a7a2480 Update request-based-interaction.yaml 2021-09-30 03:31:03 +05:30