Commit Graph

1145 Commits (165b2c74747b08ddea58be5f38ba14324f9cc149)

Author SHA1 Message Date
Ritik Chaddha 17d3db3a62
Update CVE-2023-37474.yaml 2023-10-11 14:07:22 +05:30
Aman Rawat 57d5228626
Update CVE-2023-37474.yaml 2023-10-11 13:56:49 +05:30
Aman Rawat fa141157db
Create CVE-2023-37474.yaml 2023-10-11 13:52:27 +05:30
Ritik Chaddha dc3ea52a88
Merge pull request #8336 from projectdiscovery/updated-oast
updated oast matchers
2023-10-11 13:12:50 +05:30
Dhiyaneshwaran c97b868a5d
Create CVE-2022-25568.yaml 2023-10-11 02:31:40 +05:30
Dhiyaneshwaran 96885dc6e8
Create CVE-2023-35813.yaml (Sitecore - Remote Code Execution 🔥 ) (#8363)
* Create CVE-2023-35813.yaml

* Update CVE-2023-35813.yaml

* improved matcher

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-10 23:26:29 +05:30
sandeep 3bf6fce75a meta update 2023-10-10 20:28:10 +05:30
sandeep b09a224654 improved matcher + variables 2023-10-10 20:22:53 +05:30
sandeep 0471ab31c7 Added CVE-2023-22515 2023-10-10 18:50:42 +05:30
Prince Chaddha 583beed216
updated protocol name 2023-10-10 15:13:10 +05:30
Dhiyaneshwaran 9db41d5400
Merge pull request #8293 from gy741/rule-add-v145
Create CVE-2023-30013.yaml
2023-10-10 12:25:13 +05:30
pussycat0x 2a2cf9fe8d
minor - update 2023-10-10 12:14:27 +05:30
Dhiyaneshwaran 6e000d1c7c
Merge pull request #8342 from projectdiscovery/CVE-2023-31465
Create CVE-2023-31465.yaml
2023-10-10 10:42:41 +05:30
Dhiyaneshwaran 293264df1a
oast tag added 2023-10-10 10:39:53 +05:30
Ritik Chaddha 8898dafede
Create CVE-2023-31465.yaml 2023-10-09 14:48:51 +05:30
Ritik Chaddha 072802c4dc
Create CVE-2023-41642.yaml 2023-10-09 14:46:15 +05:30
Dhiyaneshwaran a07b5f8b38 Fix Matcher and Panel Move around 2023-10-09 13:48:46 +05:30
GwanYeong Kim 2565ddf6be Create CVE-2023-34259.yaml
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-08 17:57:09 +09:00
Prince Chaddha 213b63e42a updated oast matchers 2023-10-08 13:24:05 +05:30
Prince Chaddha d28c19efa6
Update CVE-2020-8813.yaml 2023-10-08 12:48:55 +05:30
Dhiyaneshwaran 419a1c6224
Merge pull request #8290 from 5hank4r/main
CVE-2023-33405.yaml
2023-10-08 12:45:01 +05:30
HuTa0 aea032a150
Fix: CVE-2022-4321 (#8330)
* Fix: CVE-2022-4321

* added metadata

---------

Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 11:56:49 +05:30
pussycat0x e48b398bf3
Merge pull request #8315 from ctflearner/CVE-2023-38501
Create CVE-2023-38501.YAML
2023-10-05 23:38:26 +05:30
Ritik Chaddha b479f9abb6
Update and rename CVE-2023-38501.YAML to CVE-2023-38501.yaml 2023-10-05 20:38:15 +05:30
Dhiyaneshwaran aec030bdaa
Merge pull request #8308 from luisfelipe146/main
Create CVE-2023-2224.yaml
2023-10-05 17:29:16 +05:30
GitHub Action 00e5276685 TemplateMan Update [Thu Oct 5 11:56:54 UTC 2023] 🤖 2023-10-05 11:56:55 +00:00
Dhiyaneshwaran a84dfa160c
Merge pull request #8316 from ctflearner/CVE-2022-48197
Create CVE-2022-48197.yaml
2023-10-05 17:24:51 +05:30
Ritik Chaddha b40c62549b
matchers & info update 2023-10-05 13:15:20 +05:30
Ritik Chaddha 0f42303065
lint & format fix 2023-10-05 12:57:16 +05:30
Ritik Chaddha 7a7a867b7b
Update CVE-2023-2224.yaml 2023-10-05 11:35:30 +05:30
ctflearner 26d3cf0a94
Create CVE-2022-48197.yaml 2023-10-04 07:19:16 +05:30
ctflearner 6f37e9b554
Create CVE-2023-38501.YAML 2023-10-04 06:56:45 +05:30
Dhiyaneshwaran 751ddc980a
Create CVE-2023-33405.yaml 2023-10-03 18:33:29 +05:30
Ritik Chaddha ac6bb1823c
Merge pull request #8272 from projectdiscovery/CVE-2023-22432
Create CVE-2023-22432.yaml
2023-10-03 13:40:06 +05:30
Ritik Chaddha 568b53ef70
Merge pull request #8295 from gy741/rule-add-v146
Create CVE-2023-30625.yaml
2023-10-03 13:33:19 +05:30
Ritik Chaddha 22c0b5891d
updated matcher & req 2023-10-03 13:32:34 +05:30
Ritik Chaddha a334550a21
Merge pull request #8286 from jainiresh/patch-1
Update CVE-2019-6802.yaml
2023-10-03 13:19:37 +05:30
Ritik Chaddha 43fc4f3795
added status matcher 2023-10-03 13:18:23 +05:30
GitHub Action 172150f538 TemplateMan Update [Tue Oct 3 06:50:17 UTC 2023] 🤖 2023-10-03 06:50:18 +00:00
pussycat0x e13ab6cfdd
Merge pull request #8301 from gy741/rule-add-v148
Create CVE-2023-33831.yaml
2023-10-03 12:18:01 +05:30
pussycat0x 1e956367e0
Update CVE-2023-33831.yaml 2023-10-03 12:13:22 +05:30
Luis Felipe 63dcb68b75
Create CVE-2023-2224.yaml 2023-10-02 08:57:09 -03:00
gy741 fef8a38e22
Create CVE-2023-43261 (#8300)
* Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖

* Create CVE-2023-43261.yaml

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* Revert "Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖"

This reverts commit ceb38c80b0.

* added metadata

---------

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2023-10-02 13:51:12 +05:30
Dhiyaneshwaran ffa4a84ba9
added metadata and updated matcher 2023-10-02 00:47:23 +05:30
GwanYeong Kim 06674c9bca Create CVE-2023-33831.yaml
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-02 01:19:18 +09:00
Prince Chaddha 48b3253a7e added additional matcher 2023-10-01 13:59:50 +05:30
GwanYeong Kim 208ff38843 Create CVE-2023-30013.yaml
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-30 13:15:00 +09:00
sandeep ff450a65ba strict matcher 2023-09-29 19:04:39 +05:30
sandeep fd69046097 Added CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass) 2023-09-29 18:51:23 +05:30
sandeep 6784a9d2c1 format fix 2023-09-29 14:24:46 +05:30