team-projectdiscovery
d0df82d928
Adding content type checks for XSS templates
2020-12-14 00:54:23 +05:30
PD-Team
f5a5a0883d
Merge pull request #675 from geeknik/patch-27
...
Delete CVE-2019-11043.yaml
2020-12-14 00:42:16 +05:30
Geeknik Labs
5e844c925f
Delete CVE-2019-11043.yaml
...
This is the incorrect way to test for this particular bug. The person who pointed this out has no desire to open a pull request. So we nuke this file.
2020-12-12 19:45:59 +00:00
Dwi Siswanto
044bf5d19b
🔥 Add CVE-2020-11738
2020-12-12 12:03:34 +07:00
Dwi Siswanto
d383687b6a
🔥 Add CVE-2020-7318
2020-12-09 15:54:40 +07:00
bauthard
33c36b045e
Merge pull request #667 from dwisiswant0/add/CVE-2020-4463
...
Add CVE-2020-4463
2020-12-07 20:31:05 +05:30
bauthard
dd077a0300
Adding small note
2020-12-07 20:30:11 +05:30
bauthard
ad01bb0633
Temporarily removing due to f/p
2020-12-07 20:18:03 +05:30
Dwi Siswanto
676b5d23ef
🔥 Add CVE-2020-4463
2020-12-07 14:59:25 +07:00
bauthard
e22932c1fa
Improving matchers
2020-12-06 15:12:32 +05:30
bauthard
04d566eea5
misc changes
2020-12-06 15:02:10 +05:30
ree4pwn
b7102ea11b
Update CVE-2019-11581.yaml
2020-12-05 17:21:28 +08:00
ree4pwn
bf3e0f501a
Update CVE-2019-11581.yaml
2020-12-05 17:17:48 +08:00
ree4pwn
b19bcfacf8
Update CVE-2019-11581.yaml
...
Fix syntax error
2020-12-05 17:00:05 +08:00
ree4pwn
d3a77c422d
Update and rename cve-2019-11581.yaml to CVE-2019-11581.yaml
2020-12-05 16:53:14 +08:00
ree4pwn
3a7130030e
cve-2019-11581
...
Jira template injection
2020-12-05 16:51:54 +08:00
bauthard
950d3e4f24
Create CVE-2019-15858.yaml
2020-12-02 10:55:57 +05:30
bauthard
2ef8cb5c8f
temporary remove
2020-12-02 10:47:07 +05:30
bauthard
6b5734f25d
Merge pull request #630 from Patralos/master
...
cve-2019-15858 reversed check
2020-12-02 10:22:45 +05:30
Dwi Siswanto
06b94ebae3
🔥 Add CVE-2020-23972
2020-12-01 16:25:33 +07:00
bauthard
7d0d8bdb99
Update CVE-2019-11043.yaml
2020-11-29 17:38:24 +05:30
Geeknik Labs
0bc9e92da6
Update CVE-2019-11043.yaml
2020-11-28 19:14:21 +00:00
bauthard
231974676e
Merge pull request #650 from projectdiscovery/bugfix-cve-2019-12725
...
fixing unmarshal error
2020-11-27 01:19:50 +05:30
bauthard
519ddb4ce5
reverting the change
2020-11-27 01:19:35 +05:30
bauthard
1b203b350b
Update CVE-2019-12725.yaml
2020-11-27 01:16:49 +05:30
Mzack9999
f5e5515a35
fixing unmarshal error
2020-11-26 20:36:28 +01:00
bauthard
0fae570c4c
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2020-11-26 20:59:30 +05:30
bauthard
a1732cc1a3
Removing cve-2020-14815
...
This will be added back with support of https://github.com/projectdiscovery/nuclei/issues/295
2020-11-26 20:59:10 +05:30
bauthard
3d7e839a99
Update CVE-2019-12725.yaml
2020-11-26 14:42:15 +05:30
Dwi Siswanto
f9301c5808
🔥 Add CVE-2019-12725
2020-11-26 11:24:02 +07:00
bauthard
6c4fcfc602
Adding marker to payload
2020-11-26 02:02:20 +05:30
Dwi Siswanto
e39ffdf513
🔨 Fix false-positive for CVE-2013-2251
2020-11-25 07:26:52 +07:00
bauthard
6f3b2cdd0c
adding more info and matchers
2020-11-25 01:30:01 +05:30
shelld3v
b81c8ea57d
🔥 Add CVE-2018-13380
2020-11-24 21:30:18 +07:00
Dwi Siswanto
05796b0692
🔥 Rename cve-* files to CVEs
2020-11-22 05:49:16 +07:00
bauthard
971f016178
few updates
2020-11-21 20:39:12 +05:30
SaN ThosH
bf5e619803
Create CVE-2019-6340.yaml
2020-11-21 13:07:33 +05:30
bauthard
beb578cdf0
Marker updates to payloads
...
Adding § marker to variable names to avoid any confusion with real data and variable name, supported from nuclei v2.2.0
2020-11-21 12:25:49 +05:30
Patralos
f35eec7ba1
remove empty lines
2020-11-20 10:33:26 +01:00
Patralos
becd37a635
cve-2019-15858 reversed check
...
2.2.5 is the fixed version and should therefore be absent.
2020-11-20 10:28:29 +01:00
bauthard
1ec8040a8d
Merge pull request #624 from dwisiswant0/add/CVE-2020-13942
...
Add CVE-2020-13942
2020-11-19 00:42:55 +05:30
Dwi Siswanto
05f41079f4
🔥 Add CVE-2020-13942
2020-11-19 00:47:19 +07:00
Dwi Siswanto
63cfa344bd
🔥 Add CVE-2020-16846
2020-11-19 00:21:07 +07:00
bauthard
071e3b25c9
few updates
2020-11-17 16:27:15 +05:30
Sandor Toth
0202889780
cve-2017-12637.yaml tab fixed
2020-11-17 11:18:19 +01:00
Sandor Toth
f5e1d23545
cve-2017-12637.yaml added
2020-11-17 11:14:41 +01:00
Dwi Siswanto
d6198665e7
🔥 Add CVE-2020-8209
...
References:
- https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
2020-11-16 21:49:51 +07:00
bauthard
b1965155f7
Update CVE-2020-14815.yaml
2020-11-14 15:37:15 +05:30
bauthard
a710c24d4d
Update CVE-2020-14815.yaml
2020-11-14 15:35:06 +05:30
mohammedshine
a273c87c2e
Create CVE-2020-14815.yaml
2020-11-13 01:25:48 +05:30
bauthard
3cf5167077
Update CVE-2019-20141.yaml
2020-11-12 14:30:01 +05:30
bauthard
c4349a33cf
fixing possible false positive
2020-11-12 13:55:56 +05:30
bauthard
4f746684c8
Encoding updates
2020-11-10 19:43:51 +05:30
Casper Guldbech Nielsen
29d421549a
Search for "provider":"ldap" to complete the match on the cve
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-11-07 12:37:29 +01:00
Casper Guldbech Nielsen
e9b57b3e9a
Add cve-2020-26214 detection
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-11-07 11:47:02 +01:00
bauthard
cd90698cb5
Adding cve-2019-3402
2020-11-06 15:58:11 +05:30
Dwi Siswanto
b175c2117c
🔥 Update CVE-2020-14882 payload & with positive matchers
2020-11-02 14:23:12 +07:00
bauthard
73c94b174c
moved to another branch for the fix.
2020-11-01 12:53:33 +05:30
bauthard
8503dd1471
fixing mistake
2020-10-30 11:01:43 +05:30
Dwi Siswanto
baaba9036e
🔥 Add CVE-2020-14882
2020-10-29 19:58:49 +07:00
bauthard
0c3b87f943
Merge pull request #595 from projectdiscovery/z-xxe
...
adding cve-2019-9670
2020-10-29 16:24:59 +05:30
bauthard
0c63ebfd8f
adding cve-2019-9670
2020-10-29 16:23:46 +05:30
bauthard
ca1c3e7f72
Update CVE-2020-14864.yaml
2020-10-29 15:43:50 +05:30
palaziv
54f73f80e1
add template for CVE-2020-14864
2020-10-29 10:54:06 +01:00
SaN ThosH
3b1f0bf6f9
Create CVE-2020-9344.yaml
2020-10-23 11:59:51 +05:30
bauthard
c912513e40
Merge pull request #575 from dwisiswant0/fix/cve-2020-7961
...
Update CVE-2020-7961
2020-10-16 11:34:23 +05:30
Dwi Siswanto
d9f53727c9
✏️ Escaping dot in extractors
2020-10-16 02:59:46 +07:00
Dwi Siswanto
b69d65fe7b
🔨 Update matchers using regexes
2020-10-16 02:58:54 +07:00
bauthard
9bd306ab3f
matcher updates
2020-10-16 00:20:10 +05:30
Dwi Siswanto
53c239b645
✏️ Escaping dots in patterns
2020-10-15 18:21:25 +07:00
Dwi Siswanto
31c8d723c1
🔥 Update methods & matchers for CVE-2020-16952
2020-10-15 17:27:52 +07:00
bauthard
dddb8e8a37
Merge pull request #562 from knassar702/new-branch
...
Neon Dashboard - XSS Reflected (CVE-2019-20141)
2020-10-15 00:17:02 +05:30
bauthard
431a56847b
Merge pull request #561 from dwisiswant0/add/CVE-2020-16952
...
Add CVE-2020-16952
2020-10-15 00:13:44 +05:30
Khaled Nassar
f4ba565b50
Neon Dashboard - XSS Reflected (CVE-2019-20141)
2020-10-14 15:39:46 +00:00
Dwi Siswanto
18bdf7f9d1
🔥 Add CVE-2020-16952
2020-10-14 15:49:48 +07:00
Jonatas Fil
6a9f6cd3dc
Update CVE-2013-2251.yaml
2020-10-13 18:15:07 -04:00
Jonatas Fil
78b652f2e8
add cve-2013-2251
2020-10-13 19:06:01 -03:00
Vidhun K
e6c3ec08c4
Update CVE-2020-3452.yaml
...
Added another endpoint that's vulnerable to the same path traversal issue
2020-10-07 15:33:36 +05:30
bauthard
a926f61ed2
Removing this for the time being
2020-10-04 11:54:28 +05:30
bauthard
107d9b9dcc
Merge pull request #512 from dwisiswant0/add/CVE-2020-2034
...
Add CVE-2020-2034
2020-10-03 11:45:12 +05:30
bauthard
41f64dfcf9
Merge pull request #533 from projectdiscovery/bp0lr/master
...
Bp0lr/master
2020-10-03 11:42:29 +05:30
bauthard
a5840f0205
template update
2020-10-03 11:40:14 +05:30
bauthard
b129f008f2
updates
2020-10-03 11:27:10 +05:30
sillydadddy
32d42575f7
Create CVE-2019-8442.yaml
2020-10-03 01:20:52 +05:30
bauthard
69d03e0d6f
Merge pull request #522 from swisskyrepo/swisskyrepo-shellshock
...
CVE-2014-6271 Shellshock
2020-10-02 23:11:14 +05:30
bauthard
5254fb77af
Merge pull request #517 from dwisiswant0/add/CVE-2019-1653
...
Add CVE-2019-1653
2020-10-02 23:08:48 +05:30
bauthard
365e93ec23
Merge pull request #518 from dwisiswant0/add/CVE-2019-15858
...
Add CVE-2019-15858
2020-10-02 23:07:51 +05:30
bauthard
a5df22b9d6
Merge pull request #519 from dwisiswant0/add/CVE-2019-16920
...
Add CVE-2019-16920
2020-10-02 21:57:05 +05:30
bauthard
729fc628f2
Merge pull request #516 from dwisiswant0/add/CVE-2020-12116
...
Add CVE-2020-12116
2020-10-02 03:15:53 +05:30
bauthard
5a7d6dd30d
Merge pull request #515 from jaiswalakshansh/master
...
added cve-2019-9733.yaml
2020-10-02 03:00:00 +05:30
bauthard
1acddaff20
Update CVE-2020-14181.yaml
2020-10-02 02:56:01 +05:30
bauthard
91bd427d6e
Update cve-2019-9733.yaml
2020-10-02 02:49:18 +05:30
bauthard
05df03474a
Merge pull request #514 from dwisiswant0/add/CVE-2020-9047
...
Add CVE-2020-9047
2020-10-02 02:39:20 +05:30
bauthard
c739852f38
Merge pull request #513 from dwisiswant0/add/CVE-2020-2551
...
Add CVE-2020-2551
2020-10-02 02:38:10 +05:30
bauthard
0849da5510
Merge pull request #511 from dwisiswant0/add/CVE-2018-1273
...
Add CVE-2018-1273
2020-10-02 02:23:20 +05:30
bauthard
9f11563a7f
Update CVE-2020-14181.yaml
2020-10-02 00:23:53 +05:30
Swissky
73b40d6dda
Update CVE-2014-6271.yaml
2020-10-01 20:45:00 +02:00
Swissky
e669c6dc47
Fixing the YAMLint error for CVE-2014-6271
2020-10-01 20:28:37 +02:00
Swissky
970a81c9eb
CVE-2014-6271 Shellshock
2020-10-01 20:03:35 +02:00
Dwi Siswanto
6959f3c1f9
🔥 Add CVE-2019-16920
2020-10-01 15:21:26 +07:00
Dwi Siswanto
cb639dd534
🔥 Add CVE-2019-15858
2020-10-01 15:02:00 +07:00
akshansh
949a7bc910
add cve-2019-9733
2020-10-01 12:47:40 +05:30
Dwi Siswanto
43006913e1
🔥 Add CVE-2019-1653
2020-10-01 14:17:09 +07:00
akshansh
5affe9c250
updated cve-2019-9733
2020-10-01 12:44:05 +05:30
akshansh
ffecf7ccc0
cve-2019-9733
2020-10-01 12:38:30 +05:30
Dwi Siswanto
d91334f612
🔥 Add CVE-2020-12116
2020-10-01 13:55:32 +07:00
akshansh
02cffb6720
cve-2019-9733.yaml
2020-10-01 12:10:15 +05:30
Dwi Siswanto
d7fa08cb67
🔥 Add CVE-2020-9047
2020-10-01 13:36:19 +07:00
Dwi Siswanto
6d9ae2b147
✏️ Update part matchers
2020-10-01 13:12:30 +07:00
Dwi Siswanto
005fde3835
✏️ Update severity
2020-10-01 13:11:28 +07:00
Dwi Siswanto
fc14cc2a6c
🔥 Add CVE-2020-2551
2020-10-01 13:10:28 +07:00
Dwi Siswanto
0710cbe9ad
🔨 Sort paths
2020-10-01 12:39:33 +07:00
Dwi Siswanto
1a6c98f2c5
🔥 Add CVE-2020-2034
2020-10-01 12:37:52 +07:00
Dwi Siswanto
a488f75bb1
🔥 Add CVE-2018-1273
2020-10-01 09:28:22 +07:00
bjhulst
fd8fce4308
1st version
2020-09-30 23:36:12 +03:00
bauthard
5488ef6104
adding another matcher
2020-09-30 20:14:12 +05:30
x1m
f273d2e6c5
Added CVE-2020-24312
2020-09-30 16:30:06 +02:00
bauthard
0153333b9b
template update
2020-09-29 22:56:43 +05:30
bauthard
fadb29e379
Merge pull request #503 from joeldeleep/master
...
cve-2020-0618
2020-09-29 01:03:47 +05:30
bauthard
9c592e45fd
Update cve-2020-0618.yaml
2020-09-29 01:02:19 +05:30
joeldeleep
25a04ef0cf
Update cve-2020-0618.yaml
2020-09-28 07:31:06 +05:30
joeldeleep
13a3ee21f2
Delete CVE-2020-13379.yaml
2020-09-28 07:27:02 +05:30
joeldeleep
2f7c40d80d
Create cve-2020-0618.yaml
...
The template only scans for the respective vulnerable url , it has to be manually verified .
2020-09-28 07:22:37 +05:30
bauthard
0aee5a9715
remvoing cve-2017-7529
...
This can be precisely checked only when Nginx version is known, otherwise it will produce false positives results, as such removing this template for the time being.
2020-09-27 15:41:50 +05:30
bauthard
a2d60bbd1e
Removing cve-2020-13379
2020-09-27 13:59:33 +05:30
joeldeleep
e53c03ab60
Update CVE-2020-13379.yaml
2020-09-27 12:49:42 +05:30
joeldeleep
aa50c7370d
Update CVE-2020-13379.yaml
2020-09-27 12:44:17 +05:30
joeldeleep
f83e33f78f
Update CVE-2020-13379.yaml
2020-09-27 12:37:03 +05:30
joeldeleep
3da6c533f0
Update CVE-2020-13379.yaml
...
The old matching using status code 502 returned false positive when the endpoint is already having a bad gateway. Going through the report here
https://hackerone.com/reports/878779 and video https://www.youtube.com/watch?v=NWHOmYbLrZ0 , the path has been rewritten and matched with respective image/jpeg as explained in the poc
2020-09-27 11:58:57 +05:30
Dwi Siswanto
624bb0316a
🔥 Add CVE-2017-11444
2020-09-26 08:05:00 +07:00
bp0lr
0922fb623e
added CVE-2019-15107
2020-09-25 09:30:58 -03:00
bp0lr
ecddef3d6c
added cve-2019-15107
2020-09-25 09:23:29 -03:00
bp0lr
bee3e3839e
added cve-2019-15107
2020-09-25 09:20:52 -03:00
root
114f83abc4
add CVE-2017-7615
2020-09-24 15:34:36 -03:00
bauthard
c89904cc14
Update CVE-2020-14179.yaml
2020-09-24 23:32:55 +05:30
bauthard
23e5970714
Merge pull request #486 from dwisiswant0/add/CVE-2018-17431
...
Add CVE-2018-17431
2020-09-22 21:36:51 +05:30
bauthard
ecc56a5140
matchers updates
2020-09-22 21:33:17 +05:30
x1m
76971fcea7
Added CVE-2020-14179
2020-09-22 17:44:12 +02:00
Dwi Siswanto
3740c58965
🔥 Add CVE-2018-17431
2020-09-22 21:41:13 +07:00
bauthard
faf6b488a5
matcher update
2020-09-18 20:28:38 +05:30
bauthard
cd8699a104
Update CVE-2019-6715.yaml
2020-09-17 22:09:30 +05:30
Robbie
5657004705
Update CVE-2019-6715.yaml
2020-09-17 16:51:35 +01:00
Robbie
296e18768b
Create CVE-2019-6715.yaml
2020-09-17 15:59:14 +01:00
Adam Jordan
5dc45f1fb1
Fix typo in cve-2019-14696.yaml and cve-2020-24223
2020-09-17 17:58:51 +08:00
bauthard
048ab54a98
Update CVE-2020-25540.yaml
2020-09-16 23:54:38 +05:30
Geeknik Labs
9ff599c333
Update CVE-2020-25540.yaml
2020-09-16 18:20:43 +00:00
Geeknik Labs
74a88ab411
Create CVE-2020-25540.yaml
...
This is for testing against a Linux host as per https://www.exploit-db.com/exploits/48812 . If someone else wants to update this to add the check for Windows, that would be swell.
2020-09-16 18:17:57 +00:00
bauthard
beed4568eb
Merge pull request #473 from CasperGN/fix-cve-2020-15920
...
Correcting endpoint to contain /PDC/ajaxreq.php?
2020-09-16 23:03:45 +05:30
Casper Guldbech Nielsen
63c0a78fc8
Correcting endpoint to contain /PDC/ajaxreq.php?
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-09-16 19:02:49 +02:00
Ice3man543
ffef121561
Normalized id fields to match schema regex
2020-09-16 00:55:55 +05:30
bauthard
e8ef3b5759
Merge pull request #461 from dwisiswant0/add/CVE-2020-15129
...
Add CVE-2020-15129
2020-09-15 19:45:59 +05:30
Dwi Siswanto
fa570b5560
✏️ Add reference
2020-09-15 00:40:03 +07:00
Dwi Siswanto
19f9e5842a
🔨 Update status matcher
2020-09-15 00:39:24 +07:00
Dwi Siswanto
e0f4437cdd
🔥 Add CVE-2020-15129
2020-09-15 00:31:40 +07:00
Dwi Siswanto
f7d2851490
✏️ Add descriptions
2020-09-14 14:26:39 +07:00
Dwi Siswanto
66f1789690
⬇️ Delete payloads
2020-09-14 14:26:11 +07:00
Dwi Siswanto
4c29679877
✏️ Update name
2020-09-14 14:25:01 +07:00
Dwi Siswanto
5fb87d81a2
🔥 Add CVE-2020-15505
2020-09-14 14:23:20 +07:00
PikPikcU
118df25b44
Create CVE-2019-16662.yaml
2020-09-11 13:25:48 +00:00
bauthard
a1d9be6097
Update CVE-2018-16763.yaml
2020-09-11 16:20:03 +05:30
PikPikcU
73572d26de
Update CVE-2020-16139.yaml
2020-09-10 12:45:32 +00:00
PikPikcU
459bdf6922
Cisco 7937G Denial-of-Service Reboot Attack 🔥
2020-09-10 07:32:07 +00:00
Dwi Siswanto
1110db2ad4
🔨 Add matchers condition
2020-09-10 01:44:26 +07:00
bauthard
90de2070c4
Merge pull request #434 from CasperGN/master
...
More templates to Lotus Domino + workflow to bind them together
2020-09-09 22:40:33 +05:30
Casper Guldbech Nielsen
ad3bab450d
Based on metasploit regex
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-09-09 19:08:23 +02:00
Casper Guldbech Nielsen
e984f1466f
Adding word matcher which mimics public PoC exploits
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-09-09 16:53:16 +02:00
Casper Guldbech Nielsen
5f452f2969
And the last file
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-09-09 10:38:32 +02:00
Casper Guldbech Nielsen
7cf712bd49
Inclusion of stage- 1 detection of the old hashdump vuln.
...
Signed-off-by: Casper Guldbech Nielsen <whopsec@protonmail.com>
2020-09-09 10:11:50 +02:00
PikPikcU
061c4e5c1f
Create CVE-2018-19386.yaml
2020-09-09 01:45:42 +00:00
toufik-airane
0d0cb8c225
Fixed some spaces
2020-09-07 15:07:46 +02:00
toufik-airane
7dcba733f0
Removed original code
2020-09-07 15:07:13 +02:00
toufik-airane
1ba5ba68af
Moved some spaces
2020-09-07 15:06:14 +02:00
toufik-airane
dd3ce36a87
Fix CVE-2017-7529.yaml matcher
...
Submit a fix to resolve the issue
https://github.com/projectdiscovery/nuclei-templates/issues/424 .
2020-09-07 15:04:58 +02:00
PikPikcU
23e88269bb
Update CVE-2018-16763.yaml
2020-09-07 00:47:19 +00:00
bauthard
28d50c311f
Merge pull request #422 from pikpikcu/patch-18
...
Add CVE-2018-16763 fuelCMS 1.4.1 - Remote Code Execution
2020-09-07 02:28:38 +05:30
bauthard
f9ee82f180
Update CVE-2018-16763.yaml
2020-09-07 02:25:49 +05:30
bauthard
a2fe4e9932
few updates
2020-09-07 02:22:50 +05:30
PikPikcU
33643990de
Create CVE-2018-16763.yaml
2020-09-06 17:22:32 +00:00
PikPikcU
3a624136d4
Update CVE-2019-7256.yaml
2020-09-06 12:06:45 +00:00
PikPikcU
06c45b8a8d
Create CVE-2019-7256.yaml
2020-09-06 11:55:23 +00:00
bauthard
cb5d5b9f0d
Update CVE-2019-1010287.yaml
2020-09-05 13:10:46 +05:30
bauthard
6d67bb8d7b
Merge pull request #416 from pikpikcu/patch-15
...
Add CVE-2019-12593 IIceWarp <=10.4.4 - Local File Inclusion
2020-09-05 12:42:58 +05:30
bauthard
3839c683f4
Update CVE-2019-12593.yaml
2020-09-05 12:41:21 +05:30
PikPikcU
02a46f245e
Update CVE-2019-12593.yaml
2020-09-05 07:00:51 +00:00
PikPikcU
4d4ff8073c
Update CVE-2019-12593.yaml
2020-09-05 07:00:15 +00:00
bauthard
651396a50b
Merge pull request #413 from geeknik/patch-4
...
Create sql-dump.yaml
2020-09-05 12:28:38 +05:30
bauthard
148bb16fa7
Update CVE-2020-11034.yaml
2020-09-05 12:27:56 +05:30
PikPikcU
d0b755c0e3
Create CVE-2019-12593.yaml
2020-09-05 06:49:58 +00:00
bauthard
798dbf01a4
Merge pull request #412 from geeknik/patch-2
...
Create CVE-2019-11043.yaml
2020-09-05 12:18:04 +05:30
bauthard
4450dec23c
Merge pull request #410 from pikpikcu/patch-13
...
Add CVE-2019-14696 Open-Scool 3.0 - Cross Site Scripting
2020-09-05 12:11:01 +05:30
bauthard
4b828d3a06
Update CVE-2019-14696.yaml
2020-09-05 12:10:16 +05:30
bauthard
a5da5abd03
Merge pull request #409 from dwisiswant0/tpl/magmi-multiple-vulns
...
Add Magmi Multiple Vulnerabilities
2020-09-05 12:07:14 +05:30
bauthard
6dd5f429d9
updates
2020-09-05 12:04:18 +05:30
Geeknik Labs
f663a946c6
Update CVE-2019-11043.yaml
2020-09-04 22:30:54 +00:00
Geeknik Labs
b773cc9f0f
Create CVE-2019-11043.yaml
...
PHP-FPM & nginx RCE (CVE-2019-11043)
2020-09-04 22:28:41 +00:00
PikPikcU
6b64e78280
Solved escape character
2020-09-04 18:02:18 +00:00
PikPikcU
301135ad74
Update URL Encoding
2020-09-04 15:51:55 +00:00
PikPikcU
cc1e0a3fef
Create CVE-2019-14696.yaml
2020-09-04 15:46:07 +00:00
Dwi Siswanto
8cce587aa8
📝 Remove trailing spaces
2020-09-04 20:34:53 +07:00
Dwi Siswanto
9036d1bdc9
✏️ Update CVEs name
2020-09-04 20:25:30 +07:00
Dwi Siswanto
196cb1691b
🔥 Add CVE-2020-5776
2020-09-04 20:19:13 +07:00
Dwi Siswanto
5ce8c21fa1
🔥 Add CVE-2020-5777
2020-09-04 20:02:17 +07:00
bauthard
9fd85c7bba
Merge pull request #407 from pikpikcu/patch-12
...
Add CVE-2019-1010287 Timesheet Cross Site Scripting
2020-09-04 17:25:11 +05:30
bauthard
243eb9b04e
Merge pull request #405 from pikpikcu/patch-11
...
Add CVE-2020-11034 - GLPI v.9.4.6 - Open redirect
2020-09-04 17:15:34 +05:30
bauthard
6f3992305e
Merge pull request #403 from pikpikcu/patch-10
...
Add CVE-2017-14537 trixbox 2.8.0 - directory-traversal
2020-09-04 17:10:36 +05:30
bauthard
4547aeb6bb
Update CVE-2017-14537.yaml
2020-09-04 17:09:45 +05:30
PikPikcU
089cf671eb
Create CVE-2019-1010287.yaml
2020-09-04 10:01:06 +00:00
PikPikcU
216def75b4
Update CVE-2020-11034.yaml
2020-09-04 07:25:27 +00:00
PikPikcU
26aeaaa5a4
GLPI v.9.4.6 - Open redirect Detection
2020-09-04 07:16:47 +00:00
un-fmunozs
07d10d6e50
Fix encoding for XSS payloads
...
Prevent false positives encoding the xss payloads, and remove from the match data that was not injected.
2020-09-04 00:55:13 -05:00
PikPikcU
de779e3de1
Create CVE-2017-14537.yaml
2020-09-04 04:26:20 +00:00
bauthard
39cfec87ae
Update CVE-2019-17558.yaml
2020-09-03 22:44:42 +05:30
PikPikcU
6d1789ff76
Create CVE-2019-17558.yaml
2020-09-03 16:13:34 +00:00
PikPikcU
d78a56514a
Create CVE-2019-12461.yaml
2020-09-03 12:37:18 +00:00
bauthard
a3f96907fe
Update CVE-2017-7391.yaml
2020-09-03 09:12:43 +05:30
PikPikcU
df52790318
Create CVE-2017-7391.yaml
2020-09-03 03:32:29 +00:00
bauthard
4b8fb4774f
Merge pull request #391 from dwisiswant0/cve/CVE-2020-15920
...
Add CVE-2020-15920
2020-09-02 12:40:21 +05:30
Dwi Siswanto
455a98f771
🔥 Add CVE-2020-15920
2020-09-02 01:38:31 +07:00
bauthard
b08882d0fe
Update CVE-2020-24223.yaml
2020-09-02 00:01:57 +05:30
PikPikcU
4fca8d598f
Update CVE-2020-24223.yaml
2020-09-01 18:23:35 +00:00
PikPikcU
e82474224e
Create CVE-2020-24223.yaml
2020-09-01 18:16:14 +00:00
bauthard
5e1d63fa5f
Update CVE-2019-16278.yaml
2020-09-01 23:29:32 +05:30
bauthard
8d1b5caf39
Update CVE-2019-16278.yaml
2020-09-01 23:28:20 +05:30
PikPikcU
cc3affd053
Update CVE-2019-16278.yaml
2020-09-01 16:10:27 +00:00
PikPikcU
4d4343cc54
Create CVE-2019-16278.yaml
2020-09-01 15:59:30 +00:00
bauthard
b1f2a9ebe8
Merge pull request #386 from dwisiswant0/cve/CVE-2020-5412
...
Add CVE-2020-5412
2020-09-01 19:03:46 +05:30
bauthard
cd3c9f56c3
Update CVE-2020-5412.yaml
2020-09-01 19:02:57 +05:30
Dwi Siswanto
92720cbc20
✏️ Update template name
2020-09-01 20:26:37 +07:00
Dwi Siswanto
bfee8d6679
♨️ Update severity
2020-09-01 20:25:49 +07:00
Dwi Siswanto
c43cac170c
🔥 Add CVE-2020-5412
2020-09-01 20:24:39 +07:00
bauthard
23de5c8b44
Merge pull request #384 from ohlinge/master
...
Fix bug about CVE-2018-1000129
2020-09-01 18:42:45 +05:30
PikPikcU
d7a44ae025
Update CVE-2020-7209.yaml
2020-09-01 13:08:31 +00:00
0h1in9e
d1d679e04c
Merge branch 'master' into master
2020-09-01 20:49:15 +08:00
ohlinge
27fd87ce24
Fix bug about CVE-2018-1000129
2020-09-01 20:42:12 +08:00
bauthard
9bf0b6dbaf
uniform format
2020-09-01 00:04:29 +05:30
bauthard
1dd5658717
Update CVE-2020-2140.yaml
2020-08-31 13:09:38 +05:30
bauthard
dfc487caba
Update CVE-2020-2140.yaml
2020-08-31 13:08:04 +05:30
Gabriel Geraldino
72a2b1ec29
Delete CVE-2019-7238.yaml
2020-08-30 15:08:56 -03:00
Gabriel Geraldino
5fa09b15cc
Create CVE-2019-7238.yaml
2020-08-30 15:03:30 -03:00
Gabriel Geraldino
635446eb26
Create CVE-2020-2140.yaml
2020-08-30 14:42:46 -03:00
bauthard
f4f36ec0c6
Update CVE-2018-1000129.yaml
2020-08-30 18:49:02 +05:30
bauthard
4667c44bb0
Merge pull request #365 from projectdiscovery/CVE-2017-7529-fix
...
drafting CVE-2017-7529
2020-08-30 10:42:18 +05:30
Dwi Siswanto
f40edfcbb8
🔨 Add 'and' condition
2020-08-30 12:04:34 +07:00
Dwi Siswanto
a850c41aa1
🔨 Add server matcher
2020-08-30 11:58:14 +07:00
bauthard
3558952c03
Merge pull request #353 from flag007/patch-3
...
Update CVE-2018-1000129.yaml
2020-08-30 10:03:58 +05:30
bauthard
3ff2f585c5
Update CVE-2018-1000129.yaml
2020-08-30 10:02:59 +05:30
bauthard
4f9de168af
drafting cve
2020-08-30 09:57:07 +05:30
bauthard
efaecb5df5
CVE-2017-7529 to draft
2020-08-30 09:54:06 +05:30
bauthard
53f7438d58
Update CVE-2017-5638.yaml
2020-08-30 09:44:52 +05:30
bauthard
374d6c54b0
Update CVE-2017-7529.yaml
2020-08-29 10:20:04 +05:30
Dwi Siswanto
316bdbdaed
🔥 Add CVE-2017-12629
2020-08-28 10:46:31 +07:00
bauthard
747aa48d09
Merge pull request #345 from aqme/master
...
Add *description* property to nuclei-templates
2020-08-28 01:09:39 +05:30
toufik-airane
0896fc82f9
fix minor issue
...
fix issue from yamllint.
2020-08-27 18:19:24 +02:00
flag007
10bc6dbef6
Update CVE-2018-1000129.yaml
...
A single svg is prone to false positives, let me update the payload
2020-08-27 20:32:15 +08:00
flag007
2113093014
Update CVE-2018-1000129.yaml
...
There are two problems with this payload, / means the path, add it cannot be detected correctly, in addition, it should not be url-encoded
2020-08-27 20:27:47 +08:00
SaN ThosH
c76c05af44
Update CVE-2018-2791.yaml
2020-08-26 13:04:18 +05:30
SaN ThosH
0856415d43
Update CVE-2018-2791.yaml
2020-08-26 13:01:07 +05:30
chajer
58d0e08739
description
2020-08-26 00:52:00 +02:00
chajer
32f77c4632
The avatar feature
2020-08-26 00:43:40 +02:00
chajer
a0094cb3bc
description bugs
2020-08-26 00:22:08 +02:00
chajer
d1e45e084e
add desc
2020-08-26 00:15:20 +02:00
chajer
f20cdfcb69
add some descr
2020-08-25 23:51:04 +02:00
chajer
7fd89d3550
add
2020-08-25 23:35:37 +02:00
chajer
085f9c4a34
add descru
2020-08-25 23:23:46 +02:00
toufik-airane
146e114a3b
fix minor yamllint issues
...
Fix minor yamllint issues to move forward.
2020-08-25 22:18:58 +02:00
Jawad Moustadif
18b36a4cd6
Update CVE-2017-10075.yaml
...
add oracle xss descri
2020-08-25 19:27:30 +02:00
chajer
e767c37070
xss oracle cmt
2020-08-25 19:22:18 +02:00
Dwi Siswanto
fb9c909e5c
🔨 Add word matcher & enable redirects
2020-08-24 11:39:40 +07:00
Dwi Siswanto
cd22d83f94
🔨 Add content-type matcher CVE-2020-5284
2020-08-24 11:34:40 +07:00
Dwi Siswanto
b2828c3a44
🔨 Fix false-positive CVE-2019-9978
2020-08-24 09:08:46 +07:00
bauthard
0a82cb787d
Merge pull request #339 from aringo/master
...
CVE-2020-5902 added hsqldb bypass
2020-08-23 14:43:03 +05:30
bauthard
fc0a1ba15d
Merge pull request #338 from correkthorse/cve/2020-8163
...
Create CVE-2020-8163.yaml
2020-08-23 14:19:20 +05:30
ringo
986a49f6d1
CVE-2020-5902 added hsqldb bypass
2020-08-22 19:37:43 -05:00
Tim Koopmans
03c0feee77
Create CVE-2020-8163.yaml
...
details of CVE at https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/
2020-08-23 07:47:58 +10:00
bauthard
26fc8b5a23
updating PR
2020-08-21 00:31:07 +05:30
Dwi Siswanto
4fd07d906c
🔨 Move name to matchers to chain with workflow - CVE-2020-17506
2020-08-20 22:49:36 +07:00
Dwi Siswanto
8b9b0d2747
🔥 Add CVE-2020-17505
2020-08-20 22:38:14 +07:00
Dwi Siswanto
20ea5091d1
🔥 Add CVE-2020-17506
2020-08-20 22:11:34 +07:00
Robbie
394d2e37cf
Create CVE-2017-14849.yaml
2020-08-19 16:34:31 +01:00
bauthard
e734a23381
Update CVE-2019-11248.yaml
2020-08-19 20:14:59 +05:30
bauthard
2b5e991df2
cve update
2020-08-19 20:12:29 +05:30
0xceeb
f466050ac1
Create 2019-11248.yaml
2020-08-19 20:03:23 +05:30
bauthard
0cd106838f
Update CVE-2017-5638.yaml
2020-08-19 19:25:42 +05:30
Robbie
7a45a9deef
Create CVE-2017-5638.yaml
2020-08-19 14:13:31 +01:00
Dwi Siswanto
de04f9d30a
🔨 Add some ports & extractors
2020-08-18 07:20:02 +07:00
Dwi Siswanto
f6a35bb11d
🔨 Convert payload to sniper attack for cross-platform exploit
2020-08-18 07:03:51 +07:00
Dwi Siswanto
3cfbf7edf8
🔨 CVE-2020-7961 - Fix payload that can't execute in Windows platform
2020-08-18 04:46:19 +07:00
un-fmunozs
a7e79e8dc9
Update CVE-2019-9978.yaml
...
Typo
2020-08-17 01:02:37 -05:00
Dwi Siswanto
049d7d9b04
🔥 Add CVE-2019-2725
2020-08-16 23:33:49 +07:00
Dwi Siswanto
7747dd475a
🔥 Add CVE-2019-11580
2020-08-16 22:54:45 +07:00
Dwi Siswanto
3d6f52fbbf
🔥 Add CVE-2019-6112
2020-08-16 22:22:28 +07:00
Dwi Siswanto
505e77400a
🔨 Add multi-request because by default OFBiz doesn't run directly through port 80 (except it build with Docker image)
2020-08-16 08:14:03 +07:00
Dwi Siswanto
0c89ba4dae
🔥 Add CVE-2020-9496
2020-08-16 07:52:06 +07:00
bauthard
d57f734d54
Merge pull request #309 from dwisiswant0/tpl/add-cves
...
Add CVE-2019-7609
2020-08-16 02:08:06 +05:30
bauthard
b994bc6435
Update CVE-2019-7609.yaml
2020-08-16 02:07:25 +05:30
bauthard
2796981df2
Merge pull request #311 from Pxmme/master
...
Create CVE-2020-13379.yaml
2020-08-16 02:05:21 +05:30
bauthard
afe7ba568d
Update CVE-2020-13379.yaml
2020-08-16 02:04:11 +05:30
Pxmme
37891375e1
Create CVE-2020-13379.yaml
...
lol DoS is fun
2020-08-15 22:14:07 +02:00
Dwi Siswanto
64cbf896de
🔥 Add CVE-2019-7609
2020-08-16 01:10:27 +07:00
Dwi Siswanto
5eac34b513
🔨 Fix false-positive
2020-08-15 15:04:58 +07:00
bauthard
96093904ad
Update CVE-2019-19985.yaml
2020-08-12 23:14:53 +05:30
SaN ThosH
dc627f2d97
Update CVE-2019-19985.yaml
2020-08-12 23:10:09 +05:30
SaN ThosH
5e8411900f
Update CVE-2019-19985.yaml
...
Fixing false positives
previously shown vulnerable for
https://books.apple.com/wp-admin/admin.php?page=download_report&report=users&status=all
Originally vulnerable
https://www.yacht-charter.co.uk/wp-admin/admin.php?page=download_report&report=users&status=all
2020-08-12 23:09:50 +05:30
bauthard
4d1ff74303
Merge branch 'master' of https://github.com/Mad-robot/nuclei-templates into pr/298
2020-08-12 20:43:14 +05:30
bauthard
d9a36ec84f
Update CVE-2019-9978.yaml
2020-08-12 20:42:50 +05:30
SaN ThosH
d60f915497
Update CVE-2019-9978.yaml
2020-08-12 20:41:52 +05:30
SaN ThosH
ec95929e4b
Create CVE-2019-9978.yaml
2020-08-12 20:35:52 +05:30
bauthard
aaba00a84d
Update CVE-2019-16759-1.yaml
2020-08-10 16:30:34 +05:30
bauthard
634226bdcb
Merge pull request #293 from Mad-robot/master
...
Create CVE-2019-16759-fixbypass.yaml
2020-08-10 14:42:33 +05:30
bauthard
b4c75eba60
Updated file name
2020-08-10 14:41:08 +05:30
SaN ThosH
ba3dddc284
Create CVE-2019-16759-fixbypass.yaml
2020-08-10 14:02:30 +05:30
bauthard
5c083d5860
Update CVE-2017-9841.yaml
2020-08-07 13:43:01 +05:30
bauthard
7cdf1f2154
Adding Reference
2020-08-07 13:41:39 +05:30
bauthard
5d6e6e8fbf
updating file name
2020-08-07 13:37:12 +05:30
Robbie
a43291d9d9
Create CVE-2017-9841
2020-08-07 09:02:28 +01:00
bauthard
fca119eb24
adding both path for possilbe use cases
2020-08-06 13:42:12 +05:30
Aron Molnar
8315f5f780
Add semicolon to path
...
The vulnerability is that access restriction can be circumvented by adding a semicolon to the path (as pointed out in https://github.com/immunIT/CVE-2018-11759 ).
Without semicolon, jkstatus would be public anyway and would not be related to the CVE.
2020-08-06 10:06:13 +02:00
bauthard
e4ecdde5e0
Added CVE-2019-19985
2020-08-05 01:49:57 +05:30
bauthard
4abb268ac2
Added CVE-2019-18394
2020-08-04 20:54:23 +05:30
bauthard
6f7eca5f04
few more updates
2020-08-04 04:05:04 +05:30
bauthard
a41edcf8e5
template mise
2020-08-04 03:24:35 +05:30
bauthard
0088f2e474
encoding update
2020-08-02 21:28:48 +05:30
bauthard
fdf5ac46df
Readme update
2020-08-02 18:42:36 +05:30
bauthard
8bb5d0ba4e
preparing for v2.1.0 release
2020-08-02 18:28:07 +05:30
bauthard
f5d35e3fad
minor fixs
2020-08-01 02:18:24 +05:30
SaN ThosH
fb310bc62f
Oracle Content Server XSS
2020-07-31 23:23:22 +05:30
bauthard
b44f47c502
matcher updates
2020-07-31 23:12:34 +05:30
SaN ThosH
0a38e306a7
Odoo 12.0 - Local File Inclusion
...
https://www.exploit-db.com/exploits/48609
2020-07-31 22:52:10 +05:30
bauthard
7054c2b758
Payload update
2020-07-31 21:51:48 +05:30
bauthard
567dd35b03
Update CVE-2020-3187.yaml
2020-07-25 12:35:19 +05:30
bauthard
86e27b8609
updating template
2020-07-25 12:27:30 +05:30
bauthard
bb4542433e
Update CVE-2020-3187.yaml
2020-07-25 10:52:00 +05:30
v1ll41n
5d616236af
Adding Cisco ASA/FTD Unauthenticated Arbitrary File Deletion - CVE-2020-3187
2020-07-25 03:53:21 +02:00
bauthard
d498f1a4bd
Update and rename cve-2020-3452.yaml to CVE-2020-3452.yaml
2020-07-23 02:14:48 +05:30
Ice3man
b4a6f7bc8c
Create cve-2020-3452.yaml
2020-07-23 00:59:49 +05:30
bauthard
0eb330bd46
removing extra spaces
2020-07-21 13:30:14 +05:30
Dwi Siswanto
d31ce1f937
🔥 Add CVE-2020-6287
2020-07-21 13:53:00 +07:00
Dwi Siswanto
1a836fc482
🔥 Add CVE-2020-1147
2020-07-21 03:12:42 +07:00
bauthard
d2885a1351
Merge pull request #186 from dwisiswant0/development
...
Add CVE-2019-16759 RCE in vBulletin
2020-07-17 09:39:39 +05:30
bauthard
2ff5be0a36
Merge pull request #233 from bauthard/master
...
template for CVE-2020-8193 detection
2020-07-11 23:59:37 +05:30
Dwi Siswanto
dd8e298fdc
🔨 Update severity - CVE-2020-8191
2020-07-12 00:54:36 +07:00
Dwi Siswanto
624c89931c
🔥 Add Citrix ADC/Gateway Reflected XSS - CVE-2020-8191
2020-07-12 00:53:33 +07:00
Dwi Siswanto
0c74115ffd
🔥 Add Citrix ADC/Gateway Reflected Code Injection - CVE-2020-8194
2020-07-12 00:52:28 +07:00
bauthard
b15494d59e
tempalte for CVE-2020-8193 detection
2020-07-11 15:45:20 +05:30
bauthard
7e7afed768
fixing few templates
...
need to confirm this before adding this again
2020-07-11 11:39:55 +05:30
bauthard
292197f823
Merge pull request #231 from dwisiswant0/fix-false-positives
...
Fix from False-positive Results
2020-07-11 03:33:19 +05:30
Dwi Siswanto
d634b2710c
🔨 Fix CVE-2018-5230 from false-positives
2020-07-11 03:38:48 +07:00
Dwi Siswanto
8bb2915b01
🔨 Fix CVE-2020-8512 from false-positives
2020-07-11 03:30:14 +07:00
Dwi Siswanto
f216354342
🔨 Fix CVE-2018-19439 from false-positives
2020-07-11 03:12:41 +07:00
bauthard
5e9005e2db
Update CVE-2017-7529.yaml
2020-07-10 15:08:52 +05:30
bauthard
ee41cc2b3d
Merge pull request #227 from harsh-bothra/patch-10
...
Create CVE-2017-6360.yaml
2020-07-10 14:22:40 +05:30
bauthard
e67853ce9d
Merge pull request #228 from harsh-bothra/patch-11
...
Create CVE-2017-6361.yaml
2020-07-10 14:22:29 +05:30
bauthard
2a37e53ed4
Update CVE-2017-6360.yaml
2020-07-10 14:19:05 +05:30
bauthard
2bc59cd709
Update CVE-2017-6361.yaml
2020-07-10 14:17:33 +05:30
bauthard
f5b2e1b794
Update CVE-2017-7529.yaml
2020-07-10 13:51:33 +05:30
Florian Pfitzer
965e5947cd
improve CVE-2017-7529 detection
2020-07-09 13:12:36 +02:00
Harsh Bothra
aa2fa6a6c2
Create CVE-2017-6361.yaml
...
Command Injection in authLogin.cgi 'reboot_notice_msg'
2020-07-09 12:40:32 +05:30
Harsh Bothra
704fb54ecc
Create CVE-2017-6360.yaml
...
Command Injection in userConfig.cgi cloudPersonalSmtp 'hash'
2020-07-09 12:37:53 +05:30
dw1
10592308d3
🔨 Fix false-positives - CVE-2018-20824
2020-07-09 03:47:36 +07:00
dw1
0ab076bf9a
🔨 Update matchers causes false-positives - CVE-2020-8115
2020-07-09 03:22:44 +07:00
dw1
3206089f45
🔨 Update payload due to false-positives - CVE-2020-13167
2020-07-09 03:02:14 +07:00
bauthard
eb87a5ddb8
Removing CVE-2018-6389
...
as it's an invalid issue.
2020-07-08 23:16:18 +05:30
bauthard
c47a4d881d
Merge pull request #215 from harsh-bothra/patch-8
...
Create CVE-2019-3396.yaml
2020-07-08 23:11:43 +05:30
bauthard
441cdd039d
Update CVE-2019-3396.yaml
2020-07-08 23:10:14 +05:30
bauthard
db19560721
Update CVE-2020-10199.yaml
2020-07-08 22:51:50 +05:30
Aditya Soni
849ac3599d
Create CVE-2020-10199.yaml
2020-07-08 20:41:50 +05:30
Ice3man543
ed4e9e7feb
Fixed default condition OR to AND in false-positives
2020-07-08 17:08:57 +05:30
bauthard
f2bfdbfb9f
Merge pull request #216 from secureITmania/secureITmania-patch-1
...
Update CVE-2020-9757 logic
2020-07-08 15:19:51 +05:30
bauthard
7044a9116c
Update CVE-2020-5284.yaml
2020-07-08 14:15:47 +05:30
bauthard
38bc600e99
Update CVE-2020-5284.yaml
2020-07-08 14:15:18 +05:30
bauthard
336bac5e1a
Merge pull request #219 from dwisiswant0/add-cves-and-workflows
...
Add CVE-2020-13167, CVE-2020-7209 & Workflows
2020-07-08 09:46:45 +05:30
dw1
577e3cb429
📝 Remove trailing spaces
2020-07-08 02:55:24 +07:00
dw1
b0aec24951
🔥 Add LinuxKI Toolset RCE - CVE-2020-7209
2020-07-08 02:28:16 +07:00
dw1
5f42e15fcb
🔥 Add Netsweeper WebAdmin PreAuth RCE - CVE-2020-13167
2020-07-08 02:26:15 +07:00
secureITmania
cc260b27b0
Update CVE-2020-9757.yaml
...
template logic changed
2020-07-07 14:09:32 +05:30
Harsh Bothra
ab6bfa0107
Create CVE-2019-3396.yaml
...
Atlassian Confluence Path Traversal/RCE
2020-07-07 12:54:27 +05:30
bauthard
d58fb83331
Merge pull request #214 from harsh-bothra/patch-6
...
Create CVE-2019-17382.yaml
2020-07-07 11:56:49 +05:30
bauthard
5cfdcf0064
adding matchers-condition
...
when we are looking to match two condition, we should add matchers-condition, as the default check is OR which will results into false positive results.
2020-07-07 11:56:01 +05:30
bauthard
0a207f55cc
Update CVE-2020-10204.yaml
2020-07-07 11:49:48 +05:30
Harsh Bothra
76745f7dcb
Create CVE-2019-17382.yaml
...
Zabbix Authentication Bypass to access Dashboard
2020-07-07 09:47:27 +05:30
Aditya Soni
9c8104f937
Create CVE-2020-10204.yaml
2020-07-07 01:54:18 +05:30
bauthard
2499aaa0a6
Update CVE-2018-1247.yaml
2020-07-07 00:37:01 +05:30
bauthard
24eafa3648
updated matcher
2020-07-07 00:34:27 +05:30
bauthard
ebb2f1f3ac
Merge pull request #210 from harsh-bothra/patch-5
...
Create CVE-2018-11759.yaml
2020-07-06 22:44:05 +05:30
bauthard
ba2fe4bf75
Update CVE-2018-11759.yaml
2020-07-06 22:43:45 +05:30
bauthard
1714fa6674
Merge pull request #209 from harsh-bothra/patch-4
...
Create CVE-2020-5405.yaml
2020-07-06 22:41:09 +05:30
bauthard
8362fb3dc2
Update CVE-2020-5405.yaml
2020-07-06 22:40:05 +05:30
bauthard
63289fb700
Merge pull request #205 from dwisiswant0/update-cve-2020-5902
...
Update RAW payloads due to can't use helper function - CVE-2020-5902
2020-07-06 22:19:31 +05:30
Harsh Bothra
8b4cf6bd46
Create CVE-2018-11759.yaml
...
Apache Tomcat JK Status Manager Access
2020-07-06 21:58:42 +05:30
Harsh Bothra
ebcf1ec0f6
Create CVE-2020-5405.yaml
...
Spring Cloud Directory Traversal
2020-07-06 21:52:18 +05:30
Techbrunch
59661b1eb6
Update CVE-2019-8451.yaml
...
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
Techbrunch
3a44d74762
Create CVE-2019-8451.yaml
...
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00
dw1
d19f00bf82
❌ Update RAW payloads due to can't use helper function
2020-07-06 21:45:44 +07:00
bauthard
8ef6e99ab3
Merge pull request #200 from dwisiswant0/update-cve-2020-5902
...
Update CVE-2020-5902 matchers & requests
2020-07-06 19:15:28 +05:30
dw1
2479e51afb
📝 Fix indentation on RAW requests
2020-07-06 18:28:20 +07:00
dw1
f4da7bec43
🔨 Update CVE-2020-5902 matchers & requests to reduce false-positive results
2020-07-06 18:14:01 +07:00
bauthard
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
bauthard
295f836a39
updated condition
2020-07-06 13:54:03 +05:30
SaN ThosH
dfe6244c7e
Update CVE-2020-5902.yaml
2020-07-05 21:51:24 +05:30
SaN ThosH
0fe4c5ee3d
Update CVE-2020-5902.yaml
2020-07-05 21:47:48 +05:30
SaN ThosH
4f63a86229
Update CVE-2020-5902.yaml
2020-07-05 21:45:24 +05:30
SaN ThosH
06388ed981
Create CVE-2018-3714.yaml
...
https://hackerone.com/reports/309124
2020-07-05 21:19:09 +05:30
SaN ThosH
193d536685
CVE-2020-5902 F5 BIG-IP TMUI
...
Version:
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
2020-07-05 13:41:58 +05:30
dw1
695afb7a96
✏️ Rename to CVE-2019-16759
2020-07-05 14:20:36 +07:00
dw1
40e627d9db
🔨 Escaping payload - CVE-2020-7961
2020-07-04 23:29:12 +07:00
dw1
56e21957a3
🔨 Update payload & matchers - CVE-2020-7961
2020-07-04 22:55:40 +07:00
med pro
c40cd5259f
Create CVE-2019-15043.yaml
2020-07-04 14:05:56 +01:00
dw1
fc3bc06f65
🔥 Add SEOmatic SSTI (CVE-2020-9757)
2020-07-04 00:56:51 +07:00
dw1
53a9952dc7
🔥 Add Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read (CVE-2020-8982)
2020-07-04 00:56:16 +07:00
dw1
b427cfc641
🔥 TYPO3 XSS (CVE-2020-8091)
2020-07-04 00:55:17 +07:00
dw1
919d657c41
🔥 Add Liferay Portal Unauthenticated RCE (CVE-2020-8982)
2020-07-04 00:54:34 +07:00
dw1
5756349c14
⚡ Add Apache Tomcat RCE by deserialization - CVE-2020-9484
2020-07-03 12:39:02 +07:00
dw1
caf833c28e
🔧 Fix for false-positive CVE-2018-16341 results
2020-07-02 17:45:29 +07:00
bauthard
14494ba4d3
Update CVE-2019-8449.yaml
2020-07-02 15:36:11 +05:30
bauthard
906e6e918d
Update CVE-2017-7529.yaml
2020-06-30 16:54:48 +05:30
Harsh Bothra
dbaa71a763
Create CVE-2017-7529.yaml
...
Remote Integer Overflow in Nginx allows an attacker to extract sensitive information from memory buffer by triggering specially crafted requests.
2020-06-30 16:44:33 +05:30
bauthard
2f59c74b28
Update CVE-2019-8449.yaml
2020-06-30 16:31:20 +05:30
bauthard
fc95489690
Update CVE-2019-8449.yaml
2020-06-30 16:13:35 +05:30
Harsh Bothra
d6027b67d2
Create CVE-2019-8449.yaml
...
CVE-2019-8449 which allows an Unauthenticated Attacker to enumerate all the users and their information such as Username, Avatars, Emails, Keys, etc.
Reference - https://www.doyler.net/security-not-included/more-jira-enumeration
2020-06-30 16:06:15 +05:30
bauthard
ba30333045
updating trailing space
2020-06-30 15:55:45 +05:30
Harsh Bothra
53a47cc1bc
Create CVE-2018-11409.yaml
...
CVE-2018-11409 allows an unauthenticated user to get sensitive information such as license key from a Splunk instance by appending /__raw/services/server/info/server-info?output_mode=json to a query.
2020-06-30 15:49:43 +05:30
bauthard
b9ea4ecaf3
Update CVE-2020-12720.yaml
2020-06-30 02:04:13 +05:30
bauthard
c718848a88
Update CVE-2020-8512.yaml
2020-06-30 01:59:13 +05:30
bauthard
01378933c6
Update CVE-2020-12720.yaml
2020-06-29 19:25:45 +05:30
bauthard
75e2166cc5
updating CVE-2020-12720
2020-06-29 19:24:56 +05:30
bauthard
084a745600
added CVE-2020-8512
2020-06-26 09:14:54 +05:30
bauthard
2d56871bd0
Update CVE-2019-3799.yaml
2020-06-23 03:22:51 +05:30
bauthard
2d8efb04ba
Update CVE-2018-20824.yaml
2020-06-23 03:21:54 +05:30
bauthard
d8a79274ae
Update CVE-2018-19439.yaml
2020-06-23 03:17:00 +05:30
bauthard
b7103a2197
Pushing newly added cves
2020-06-22 19:05:37 +05:30
bauthard
32d9373273
adding more path with recent PR
2020-06-22 03:50:29 +05:30
bauthard
3b3ab42984
Merge pull request #144 from maverickNerd/master
...
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config
2020-06-18 16:48:30 +05:30
Sachin Grover
68450463c2
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config Server
2020-06-18 10:16:29 +00:00
bauthard
48e9534630
Removing CVE-2020-7473
...
I will try to find a more stable syntax and will add it again.
2020-06-18 00:00:00 +05:30
Sachin Grover
fea47dd3f5
Add CVE-2018-1000129 and version detection is enabled for port 8080 also
2020-06-17 09:18:49 +00:00
Aditya Soni
d72794b4d8
Create CVE-2018-1271.yaml
2020-06-03 06:23:25 +05:30
Fabian Affolter
d3b7f6b54c
Update syntax
2020-05-25 09:49:06 +02:00
bauthard
5d5647b05e
updated CVE-2019-5418
2020-05-24 03:55:32 +00:00
bauthard
999fbd9daf
updating severity
2020-05-24 09:20:13 +05:30
Andrea
c0bf01de1a
improve wp cve admin
2020-05-23 10:09:09 +02:00
Andrea
4132f3d7af
Merge remote-tracking branch 'upstream/master'
2020-05-23 10:08:02 +02:00
bauthard
7a6e1d181b
added CVE-2020-12720 vBulletin SQLI
2020-05-22 03:24:16 +05:30
bauthard
4a33940a37
Added CVE-2020-12720 vBulletin SQLI
2020-05-22 03:17:20 +05:30
Regala
03e957b0df
Update CVE-2020-7473.yaml
2020-05-19 13:55:49 +01:00
Regala
a2433d86a4
Update CVE-2020-7473.yaml
...
Updated to support 2xx and 3xx status code, as well as accepting redirects just in case.
2020-05-19 11:45:31 +01:00
Regala
5316f5dbcc
Update CVE-2020-7473.yaml
...
This is to avoid false positives. I think it would be better to only match 2xx and 3xx status code (don't know if nuclei supports this terminology)
2020-05-18 11:14:04 +01:00
bauthard
601b3c086d
Merge pull request #87 from 73735/front-page-misconfig.yaml
...
Add front-page-misconfig.yaml
2020-05-16 15:38:39 +05:30
João Teles
7a37488076
Update CVE-2020-7473.yaml
...
Ready guys. Now the template will check for size. I didn't implement the "HEAD" method because the nuclei is not supported.
2020-05-15 20:59:23 -03:00
Nadino92
7b88d4258e
adding 2 cves and crxde
2020-05-14 19:54:02 +02:00
bauthard
0d5b682e94
updating cve names
2020-05-08 18:40:02 +00:00
Andrea
fc797a94e1
fix crash for {{
2020-05-08 18:31:59 +02:00
Michael Blake
339ac74114
Prevent false-positives for CVE-2019-19368
2020-05-07 21:47:47 -07:00
Michael Blake
fe2efe6124
CVE-2019-14974 check and severity update
2020-05-07 21:45:25 -07:00
Joao Teles
d22d0745d2
Add CVE-2020-7473.yaml
2020-05-07 10:15:25 -03:00
organiccrap
413c126c29
pending pull
2020-04-22 14:42:01 +08:00
Prince Chaddha
dc58dc9f0d
Update CVE-2018-1247.yaml
2020-04-20 17:49:55 +05:30
bauthard
01d665867f
Update CVE-2019-8903.yaml
2020-04-15 17:38:14 +05:30
bauthard
7a676dc859
Update CVE-2020-5284.yaml
2020-04-15 17:36:26 +05:30
bauthard
1c6ae2caeb
Update CVE-2019-10475.yaml
2020-04-10 02:24:19 +05:30
bauthard
8314cf90b7
fixing the template
2020-04-10 02:15:42 +05:30
bauthard
4d5bdb15e4
updating temp
2020-04-10 01:51:15 +05:30
bauthard
50b1085603
updating matchers
2020-04-09 20:09:41 +05:30
bauthard
84c9d6581b
fixing the template
2020-04-09 18:32:30 +05:30
bauthard
cf61253752
Rename uWSGI PHP Plugin Directory Traversal.yaml to CVE-2018-7490.yaml
2020-04-08 22:15:03 +05:30
bauthard
71789aebc0
Rename totaljs-CVE-2019-8903.yaml to CVE-2019-8903.yaml
2020-04-08 22:13:39 +05:30
bauthard
5520abf86d
Rename nextjs-cve-2020-5284.yaml to CVE-2020-5284.yaml
2020-04-08 22:12:59 +05:30
bauthard
7461a3ab47
Rename cve-2019-19781.yaml to CVE-2019-19781.yaml
2020-04-08 22:10:31 +05:30
bauthard
f44cfef0dc
Rename jira-cve-2017-9506.yaml to CVE-2017-9506.yaml
2020-04-08 22:04:08 +05:30
bauthard
fea46895e3
updating file name for uniform structure
2020-04-08 22:02:49 +05:30
bauthard
1735b236d7
added to vulnerabilities section
2020-04-08 22:00:48 +05:30
bauthard
ea6f33f4a4
Update and rename Revive Adserver XSS.yaml to CVE-2020-8115.yaml
2020-04-08 21:52:47 +05:30
bauthard
96af25bc0a
Update and rename RSA Authentication Manager XSS.yaml to CVE-2018-1247.yaml
2020-04-08 21:47:23 +05:30
bauthard
6c961a5604
Update and rename Oracle WebCenter Sites XSS.yaml to CVE-2018-2791.yaml
2020-04-08 21:44:09 +05:30
bauthard
18c4ff7705
Delete Discourse XSS.yaml
2020-04-08 21:41:02 +05:30
bauthard
706f08e57f
Rename Atlassian Confluence Status-List XSS.yaml to CVE-2018-5230.yaml
2020-04-08 21:38:57 +05:30
bauthard
dc7a07563d
Merge pull request #19 from Mad-robot/master
...
new modules
2020-04-08 21:26:50 +05:30
OK
3d3ea4c66b
Merge pull request #1 from projectdiscovery/master
...
pull
2020-04-08 18:29:07 +03:00
OK
fa5055bee9
Rename cve-2019-5418.yaml to CVE-2019-5418.yaml
2020-04-08 18:07:38 +03:00
OK
e7ef65b4b2
Create cve-2019-5418.yaml
2020-04-08 18:07:10 +03:00
SaN ThosH
7a689dbdb8
Merge branch 'master' into master
2020-04-08 20:22:57 +05:30
bauthard
494b356f8c
updating this to avoid f/p result.
2020-04-08 20:12:57 +05:30
SaN ThosH
84fc5f1257
Update Revive Adserver XSS.yaml
2020-04-08 18:55:45 +05:30
SaN ThosH
9dff8ab9d3
Update Discourse XSS.yaml
2020-04-08 18:55:30 +05:30
SaN ThosH
e12987548f
Update CVE-2020-2096.yaml
2020-04-08 18:55:23 +05:30
SaN ThosH
2b54b5149b
Update CVE-2019-19908.yaml
2020-04-08 18:54:57 +05:30
SaN ThosH
b676c85a9d
Update CVE-2019-19368.yaml
2020-04-08 18:54:48 +05:30
SaN ThosH
1c5528d28c
Update CVE-2019-14974.yaml
2020-04-08 18:54:36 +05:30
SaN ThosH
9087aaabce
Update CVE-2019-10475.yaml
2020-04-08 18:54:27 +05:30
SaN ThosH
c23384528b
Update Atlassian Confluence Status-List XSS.yaml
2020-04-08 18:54:03 +05:30
SaN ThosH
317d2d2b5d
Delete CVE-2019-19781.yaml
2020-04-08 18:53:20 +05:30
SaN ThosH
40fa1d414f
Update Revive Adserver XSS.yaml
2020-04-08 18:51:47 +05:30
SaN ThosH
891a6385dc
Update Discourse XSS.yaml
2020-04-08 18:51:22 +05:30
SaN ThosH
b295325f72
Update CVE-2020-2096.yaml
2020-04-08 18:51:01 +05:30
SaN ThosH
8784b1c431
Update CVE-2019-19908.yaml
2020-04-08 18:50:50 +05:30
SaN ThosH
95f0d1e114
Update CVE-2019-19368.yaml
2020-04-08 18:50:31 +05:30
SaN ThosH
bd0f906da3
Update CVE-2019-14974.yaml
2020-04-08 18:50:23 +05:30
SaN ThosH
9ab630ae08
Update CVE-2019-10475.yaml
2020-04-08 18:47:20 +05:30
SaN ThosH
47385eceb7
Update Atlassian Confluence Status-List XSS.yaml
2020-04-08 18:46:19 +05:30
SaN ThosH
144f20ed64
Create CVE-2019-19368.yaml
2020-04-08 18:35:45 +05:30
SaN ThosH
0e1b6cf9d5
Create CVE-2019-19908.yaml
2020-04-08 18:34:46 +05:30
SaN ThosH
88a12cad86
Create CVE-2019-19781.yaml
2020-04-08 18:26:47 +05:30
SaN ThosH
8f82a06c68
Create CVE-2019-14974.yaml
2020-04-08 18:19:45 +05:30
SaN ThosH
77137877b3
Create CVE-2019-10475.yaml
2020-04-08 18:11:36 +05:30
SaN ThosH
4b18712ba2
Update CVE-2018-14728.yaml
2020-04-08 18:05:22 +05:30
SaN ThosH
803b5441a8
Create CVE-2018-14728.yaml
2020-04-08 18:04:50 +05:30
SaN ThosH
a8e4e44c87
Create uWSGI PHP Plugin Directory Traversal.yaml
2020-04-08 17:24:50 +05:30
SaN ThosH
e612c868c8
Create Discourse XSS.yaml
2020-04-08 17:17:44 +05:30
SaN ThosH
167f73c177
Update Twig PHP <2.4.4 template engine - SSTI.yaml
2020-04-08 17:14:13 +05:30
SaN ThosH
aafd628da5
Update Oracle WebCenter Sites XSS.yaml
2020-04-08 17:13:51 +05:30
SaN ThosH
b5d0cbbe02
Create Twig PHP <2.4.4 template engine - SSTI.yaml
2020-04-08 17:12:17 +05:30
SaN ThosH
f6661aa84c
Create Oracle WebCenter Sites XSS.yaml
2020-04-08 17:07:09 +05:30
SaN ThosH
15000e1738
Create Wavemaker Studio 6.6 LFI&SSRF.yaml
2020-04-08 17:04:01 +05:30
SaN ThosH
f8b1bb4db8
Create RSA Authentication Manager XSS.yaml
2020-04-08 16:58:58 +05:30
SaN ThosH
7965a3c544
Create Revive Adserver XSS.yaml
2020-04-08 16:57:13 +05:30
SaN ThosH
bf7b49b974
Create Atlassian Confluence Status-List XSS.yaml
2020-04-08 16:55:25 +05:30
SaN ThosH
d4363e6937
Update totaljs-CVE-2019-8903.yaml
2020-04-08 16:47:49 +05:30
SaN ThosH
5eda31240e
Create CVE-2020-2096.yaml
2020-04-08 16:29:57 +05:30
SaN ThosH
afc0c707e3
Update totaljs-CVE-2019-8903.yaml
2020-04-08 14:15:44 +05:30
SaN ThosH
21f9a8685e
Create CVE-2019-12314.yaml
2020-04-08 14:03:39 +05:30
SaN ThosH
dbd54bb413
Create totaljs-CVE-2019-8903.yaml
2020-04-08 13:06:36 +05:30
organiccrap
86208273d7
citrix cve-2019-19781
2020-04-06 06:27:04 +08:00
Harsh Jaiswal
b1cc565e40
Update nextjs-cve-2020-5284.yaml
2020-04-06 00:04:33 +05:30
rootxharsh
91ace5dba0
Nextjs CVE-2020-5284
2020-04-05 18:24:33 +00:00
$root: Whoami
3c22372fe2
Update CVE-2018-3760.yaml
2020-04-05 23:44:41 +05:30
$root: Whoami
d20aaae0fd
CVE-2018-3760 Rails
...
Sprockets<=3.7.1
2020-04-05 23:31:09 +05:30
Ice3man543
229ea11e8b
Added templates
2020-04-04 23:49:48 +05:30