daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,438 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

642 Commits (1dc9ad6e5fe849d447a3c002f25d01a78a897dec)

Author SHA1 Message Date
sandeep 937ff9f7ee misc update 2021-10-05 22:00:59 +05:30
Sandeep Singh ada6fcef43
Update CVE-2020-2036.yaml 2021-10-02 17:56:42 +05:30
Philippe Delteil 8185a0e9c0
Update CVE-2020-2036.yaml 2021-10-02 03:24:29 -03:00
sullo c0003f8731
Update CVE-2020-29453.yaml 2021-09-30 14:27:12 -04:00
sullo 784d9560be
Fix CVSS score 
incorrectly changed cvss score
 2021-09-30 14:26:37 -04:00
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts) 
* Added CVE simple-employee-rce.yaml
 2021-09-30 12:52:05 -04:00
sullo 6b5d52084d Update cvss/severity for CVE-2020-29453 2021-09-29 10:35:52 -04:00
sandeep ff1537d7da fixing tags typos 2021-09-21 15:43:08 +05:30
sandeep 7b23f4ebd4 outdated template cleanups 2021-09-21 14:34:20 +05:30
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
GitHub Action a866f1e777 Auto Generated CVE annotations [Fri Sep 17 11:08:30 UTC 2021] 🤖 2021-09-17 11:08:30 +00:00
Prince Chaddha 7fc3c211d8
Merge pull request #2667 from pikpikcu/patch-268 
Added Jeesns POC
 2021-09-17 16:37:25 +05:30
Prince Chaddha 9357ac4153
Update CVE-2020-19282.yaml 2021-09-17 16:33:45 +05:30
Prince Chaddha 51672dd85d
Update CVE-2020-19295.yaml 2021-09-17 16:32:41 +05:30
Prince Chaddha ae221b7892
Update CVE-2020-19283.yaml 2021-09-17 16:32:27 +05:30
Prince Chaddha 92014aa363
Update CVE-2020-19295.yaml 2021-09-17 16:31:20 +05:30
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
GitHub Action 7542ad2c07 Auto Generated CVE annotations [Thu Sep 16 13:05:34 UTC 2021] 🤖 2021-09-16 13:05:34 +00:00
forgedhallpass d0f5daca61 #276 Replace space character with dash in template ID. 2021-09-16 16:04:04 +03:00
GitHub Action f19daba616 Auto Generated CVE annotations [Wed Sep 15 12:04:47 UTC 2021] 🤖 2021-09-15 12:04:47 +00:00
Prince Chaddha f5c71d54e2
Merge pull request #2677 from pikpikcu/patch-278 
Create CVE-2020-28351.yaml
 2021-09-15 17:33:36 +05:30
Prince Chaddha 6539892061
Update CVE-2020-28351.yaml 2021-09-15 17:24:42 +05:30
GitHub Action 18534fa692 Auto Generated CVE annotations [Wed Sep 15 11:53:20 UTC 2021] 🤖 2021-09-15 11:53:20 +00:00
Prince Chaddha 68cdcd3034
Update CVE-2020-24912.yaml 2021-09-15 17:20:24 +05:30
Prince Chaddha bc1d567455
Update CVE-2020-24912.yaml 2021-09-15 16:50:33 +05:30
Prince Chaddha 86a369132e
Update CVE-2020-24912.yaml 2021-09-15 16:49:18 +05:30
PikPikcU 80072c8e97
Create CVE-2020-28351.yaml 2021-09-15 13:13:50 +07:00
PikPikcU bb8e0616e9
Create CVE-2020-24912.yaml 2021-09-15 13:00:51 +07:00
PikPikcU 1d63ebfe45
Update CVE-2020-19295.yaml 2021-09-15 11:30:58 +07:00
PikPikcU c5416951e5
Update CVE-2020-19283.yaml 2021-09-15 11:30:38 +07:00
PikPikcU 4a10930690
Update CVE-2020-19282.yaml 2021-09-15 11:30:18 +07:00
PikPikcU 6985e77e20
Update CVE-2020-19295.yaml 2021-09-15 10:45:24 +07:00
PikPikcU 5fb54fd82e
Update CVE-2020-19283.yaml 2021-09-15 10:45:04 +07:00
PikPikcU 42cf71e956
Create CVE-2020-19295.yaml 2021-09-15 10:41:12 +07:00
PikPikcU 6e09439dec
Create CVE-2020-19283.yaml 2021-09-15 10:37:44 +07:00
PikPikcU 4340807fb6
Create CVE-2020-19282.yaml 2021-09-15 09:56:03 +07:00
sandeep 29a944ea73 payload update 2021-09-12 20:22:03 +05:30
sandeep e6d97e26c5 additional matcher 2021-09-12 18:31:46 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 90eba9d883
Update CVE-2020-7961.yaml 2021-09-09 11:46:54 +05:30
Prince Chaddha 43b45a7b63
Update CVE-2020-12720.yaml 2021-09-09 11:42:52 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Sandeep Singh f6c72769ce
temporary moving to another branch 2021-09-03 22:29:55 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c41a498505 added tags 2021-09-03 12:52:27 +05:30
Prince Chaddha 58a886ad6e
Update CVE-2020-28976.yaml 2021-09-03 09:24:21 +05:30
Borna Nematzadeh 6e7c3ab0a2
Update CVE-2020-28976.yaml 2021-09-02 12:26:10 -07:00
LogicalHunter f0197ae9ac Added CVE-2020-28976.yaml Template 2021-09-02 12:13:21 -07:00
Prince Chaddha 3b32de60be
Update CVE-2020-11547.yaml 2021-09-02 18:25:16 +05:30
betul.kiral 5c94814e00 Adding CVE-2020-11547 2021-09-02 14:43:37 +03:00
sandeep c81725e991 Removed duplicate template 2021-09-01 12:36:20 +05:30
Noam Rathaus 51eb639de8 Updated 2021-08-30 12:49:23 +03:00
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
Noam Rathaus 67fa97aed1 Add vendor KB 2021-08-29 09:36:59 +03:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
socketz f290b9f60d Deleted duplicate and in wrong directory 2021-08-25 07:55:46 +02:00
sandeep d705fbd84b Update CVE-2020-11420.yaml 2021-08-25 00:33:54 +05:30
sandeep 3c95101f5a Update CVE-2020-11420.yaml 2021-08-25 00:31:27 +05:30
sandeep 65d9d8acb2 lint fix 2021-08-24 23:13:00 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
socketz 7d6a6c137a Added CVE-2020-11420 2021-08-24 14:43:45 +02:00
sandeep 85f8cf2c41 Update CVE-2020-12800.yaml 2021-08-24 05:00:04 +05:30
sandeep fba4461932 Added CVE-2020-12800 2021-08-24 04:57:51 +05:30
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update 
Payloads positional update to keep the request format uniform
 2021-08-23 15:26:35 +05:30
sandeep 451e938d46 misc changes 2021-08-23 14:54:04 +05:30
Dwi Siswanto be3d5c9d08 Add CVE-2020-29453 2021-08-23 11:30:16 +07:00
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings) 
* whitespace modifications only
 2021-08-19 17:44:46 +03:00
forgedhallpass 2a320412bf Misc (minor) 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 17:25:01 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields") 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-19 16:15:35 +03:00
Prince Chaddha 3a8b5df438
Update CVE-2020-25223.yaml 2021-08-19 16:35:50 +05:30
GwanYeong Kim 673fe80660 Create CVE-2020-25223.yaml 
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-19 18:37:59 +09:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-18 14:44:27 +03:00
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-18 14:29:20 +03:00
sandeep 63431349aa minor update 2021-08-10 20:13:14 +05:30
Geeknik Labs d6bd06a878
Update CVE-2020-24312.yaml 
Fixes a false positive.
 2021-08-09 20:43:58 -05:00
Prince Chaddha bc236580ee
Merge pull request #1856 from Akokonunes/patch-15 
Create CVE-2019-9618.yaml
 2021-08-07 19:55:08 +05:30
Prince Chaddha 3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49 
Create CVE-2020-7796.yaml
 2021-08-03 19:57:45 +05:30
Prince Chaddha 23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208 
Add OpenSIS POC
 2021-08-03 19:53:32 +05:30
Prince Chaddha b927288f30
Update CVE-2020-6637.yaml 2021-08-03 19:25:06 +05:30
Prince Chaddha 107c3594bf
Update CVE-2020-6637.yaml 2021-08-03 13:24:31 +05:30
sandeep 3c03e28e55 Update CVE-2020-7796.yaml 2021-08-03 12:50:22 +05:30
sandeep d8007437ae Update CVE-2020-7796.yaml 2021-08-03 12:50:10 +05:30
Prince Chaddha b02ea3266b
Update CVE-2020-7796.yaml 2021-08-03 12:47:55 +05:30
Prince Chaddha 9620f4616e
Update CVE-2020-7796.yaml 2021-08-03 12:42:56 +05:30
GwanYeong Kim 9c16967fa5 Create CVE-2020-7796.yaml 
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-03 09:31:23 +09:00
GwanYeong Kim 8627aadce0 Create CVE-2020-27361.yaml 
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-03 01:17:48 +09:00
Prince Chaddha a3cba3b1e1
Merge pull request #2280 from daffainfo/patch-120 
Create CVE-2020-35598.yaml
 2021-08-02 17:14:38 +05:30
sandeep a24977aab9 Update CVE-2020-6637.yaml 2021-08-02 01:42:01 +05:30
Noam Rathaus 734dde35cc Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217 2021-08-01 08:52:30 +03:00
Muhammad Daffa b826d82268
Create CVE-2020-35598.yaml 2021-08-01 06:40:11 +07:00
Toufik Airane 1cce455f1c
Update CVE-2020-13927.yaml 
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477.

According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
 2021-07-30 16:40:41 +02:00
Muhammad Daffa da3ba72db3
Create CVE-2020-11455.yaml 2021-07-29 05:43:07 +07:00
Sandeep Singh 32e18be51a
Merge pull request #2215 from TheConciergeDev/patch-4 
Renamed yaml file
 2021-07-27 17:27:23 +05:30
Prince Chaddha fdfd4232a5
Merge pull request #2225 from pikpikcu/patch-231 
Create CVE-2020-26153.yaml
 2021-07-27 17:22:04 +05:30
Prince Chaddha cdb91d44f3
Update CVE-2020-26153.yaml 2021-07-27 17:20:54 +05:30
Prince Chaddha 4a5d374227
Merge pull request #2212 from pikpikcu/patch-220 
Add Jeedom XSS
 2021-07-27 17:18:07 +05:30
Prince Chaddha 142eb2fe3b
Update CVE-2020-9036.yaml 2021-07-27 17:12:32 +05:30
Prince Chaddha c4e75a7eb5
Merge pull request #2203 from pikpikcu/patch-211 
Add CVE-2020-27735
 2021-07-27 17:08:21 +05:30
PikPikcU d561a8711d
Create CVE-2020-26153.yaml 2021-07-27 18:19:44 +07:00
Prince Chaddha d9f20b63e4
Update CVE-2020-27735.yaml 2021-07-27 16:32:50 +05:30
Prince Chaddha 6e7aba2fb9
Update CVE-2020-27735.yaml 2021-07-27 13:55:45 +05:30
Prince Chaddha 4a13112125
Update CVE-2020-27735.yaml 2021-07-27 13:33:41 +05:30
TheConciergeDev 62df9585f9
Renamed yaml file 
Added missing "-" in filename
 2021-07-27 09:28:54 +02:00
PikPikcU 6f91b5d052
Create CVE-2020-9036.yaml 2021-07-27 13:45:01 +07:00
Prince Chaddha 76a39c9ef5
Update CVE 2020-6171.yaml 2021-07-27 11:58:42 +05:30
PikPikcU 751626e435
Update CVE 2020-6171.yaml 2021-07-27 12:24:17 +07:00
PikPikcU ddc251861f
Create CVE 2020-6171.yaml 2021-07-27 12:21:52 +07:00
Prince Chaddha caf6bb61c3
Update CVE-2020-27735.yaml 2021-07-27 10:41:08 +05:30
Prince Chaddha b2f1863fd7
Update CVE-2020-35774.yaml 2021-07-27 10:40:55 +05:30
Prince Chaddha b75c2dde67
Update CVE-2020-35774.yaml 2021-07-27 10:38:46 +05:30
PikPikcU 326c8265ef
Create CVE-2020-35774.yaml 2021-07-27 10:31:48 +07:00
PikPikcU f619caf26a
Create CVE-2020-27735.yaml 2021-07-27 10:23:23 +07:00
PikPikcU 96c03d93cc
Update CVE-2020-6637.yaml 2021-07-27 07:38:49 +07:00
PikPikcU b1dfb89f88
Create CVE-2020-6637.yaml 2021-07-27 07:36:48 +07:00
sandeep 9c66387f0f More CVEs Template 2021-07-26 22:48:45 +05:30
Sandeep Singh 79c077ddf7
Merge pull request #1874 from Vladimir-Ivanov-Git/CVE-2020-6207 
CVE-2020-6207 SAP SolMan RCE
 2021-07-26 18:26:55 +05:30
Sandeep Singh 8130cd2c3b
Update CVE-2020-6207.yaml 2021-07-26 18:26:19 +05:30
Prince Chaddha 4ee46bf076
Merge pull request #2112 from daffainfo/patch-91 
Create CVE-2020-35580.yaml
 2021-07-26 14:06:50 +05:30
Prince Chaddha 84161bc33e
Update CVE-2020-8813.yaml 2021-07-26 13:27:19 +05:30
GwanYeong Kim 620ff3f367 Create CVE-2020-8813.yaml 
This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-26 11:32:23 +09:00
Muhammad Daffa fed682443e
Update CVE-2020-35580.yaml 2021-07-26 06:55:48 +07:00
GwanYeong Kim b9fadff659 Create CVE-2020-5307.yaml 
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-25 11:50:53 +09:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha f32521ad9d
Merge pull request #2113 from daffainfo/patch-92 
Create CVE-2020-29227.yaml
 2021-07-24 12:22:54 +05:30
Prince Chaddha af4081d0ec
Update CVE-2020-29227.yaml 2021-07-24 12:17:56 +05:30
Prince Chaddha 956eb6691f
Update CVE-2020-29227.yaml 2021-07-24 12:16:30 +05:30
Prince Chaddha f40aca136b
Update CVE-2020-29227.yaml 2021-07-24 12:15:24 +05:30
Prince Chaddha 31f62d59ce
Update CVE-2020-13117.yaml 2021-07-24 11:39:47 +05:30
Prince Chaddha f60a9ed891
Update CVE-2020-13117.yaml 2021-07-23 15:06:51 +05:30
GwanYeong Kim 7298a0b35d Create CVE-2020-13117.yaml 
Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-23 11:14:31 +09:00
Muhammad Daffa 65bddf3e33
Create CVE-2020-29227.yaml 2021-07-20 20:08:18 +07:00
Muhammad Daffa f7d4a642f1
Create CVE-2020-35580.yaml 2021-07-20 20:02:49 +07:00
Sandeep Singh ac39bd3284
Merge pull request #2100 from daffainfo/master 
Renamed CVE-2020-8771.yaml
 2021-07-20 11:38:35 +05:30
Sandeep Singh 14beefec28
Update CVE-2020-8771.yaml 2021-07-20 11:35:57 +05:30
sandeep 19fe96bc45 minor improvements and file name update 2021-07-20 11:33:16 +05:30
Muhammad Daffa d27fb4c3b0
Renamed CVE-2020-8771.yaml 2021-07-20 12:49:16 +07:00
Sandeep Singh 6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers 
fixing-xss-matchers
 2021-07-20 00:28:01 +05:30
sandeep 414883f719 Update CVE-2020-12054.yaml 2021-07-19 23:55:15 +05:30
sandeep 7d9dbc4aad Update CVE-2020-28188.yaml 2021-07-19 16:41:12 +05:30
GwanYeong Kim edabf1e7ca Create CVE-2020-28188.yaml 
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-19 15:13:57 +09:00