daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,458 Commits
17 Branches
0 Tags
160 MiB
Commit Graph

1636 Commits (2393dd07a957dc3a18217b133b01c2022000b299)

Author SHA1 Message Date
Sandeep Singh 89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148 2021-07-13 05:01:01 +05:30
Dwi Siswanto a91516cbb5 Misplaced of CVE-2020-24148 2021-07-13 05:24:03 +07:00
Sandeep Singh e23f378fe8
Merge pull request #1943 from gy741/rule-add-v21 
Create CVE-2021-30497.yaml
 2021-07-13 01:00:59 +05:30
Sandeep Singh dec41b5631
Merge pull request #1950 from dwisiswant0/add/CVE-2020-24148 
Add CVE-2020-24148
 2021-07-13 00:52:08 +05:30
Dwi Siswanto 4ea2c71a3d Add CVE-2020-24148 2021-07-12 09:24:50 +07:00
GwanYeong Kim c0f5105dcf Create CVE-2021-30497.yaml 
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-11 18:31:18 +09:00
sandeep 25dcb930ad Added CVE-2021-29156 2021-07-11 14:39:41 +05:30
sandeep 3bbcb23cd0 Severity update as this directly doesn't pose any risk. 2021-07-11 13:39:21 +05:30
Prince Chaddha aa63d1afb7
Merge pull request #1925 from daffainfo/patch-10 
Create CVE-2020-29395.yaml
 2021-07-11 10:25:06 +05:30
Prince Chaddha bca05d61d6
Merge pull request #1926 from daffainfo/patch-11 
Create CVE-2019-14470.yaml
 2021-07-11 10:15:11 +05:30
Prince Chaddha 7f0f8beff2
Update CVE-2020-29395.yaml 2021-07-11 10:14:56 +05:30
Prince Chaddha 7c19ca873d
Update CVE-2019-14470.yaml 2021-07-11 10:12:41 +05:30
Prince Chaddha 7c0c5033e9
Update CVE-2019-14470.yaml 2021-07-11 10:11:11 +05:30
Prince Chaddha a3c2fdee36
Merge pull request #1928 from daffainfo/patch-13 
Create CVE-2019-15889.yaml
 2021-07-11 10:09:58 +05:30
Prince Chaddha 0bae5e975e
Update CVE-2019-15889.yaml 2021-07-11 10:09:51 +05:30
Prince Chaddha 70930af523
Merge pull request #1929 from daffainfo/patch-14 
Create CVE-2014-9094.yaml
 2021-07-11 10:09:00 +05:30
Prince Chaddha a04341ae20
Update CVE-2014-9094.yaml 2021-07-11 10:08:53 +05:30
Prince Chaddha 92e1a5feeb
Update CVE-2013-3526.yaml 2021-07-11 10:05:10 +05:30
Muhammad Daffa 53c2c47099
Create CVE-2013-3526.yaml 2021-07-11 09:00:15 +07:00
Muhammad Daffa 4773149878
Create CVE-2014-9094.yaml 2021-07-11 08:43:01 +07:00
Muhammad Daffa 009e68c627
Create CVE-2019-15889.yaml 2021-07-11 08:20:03 +07:00
Muhammad Daffa 4889efb117
Create CVE-2019-14470.yaml 2021-07-11 08:06:14 +07:00
Muhammad Daffa da45bdf0ef
Create CVE-2020-29395.yaml 2021-07-11 07:58:31 +07:00
sandeep 01ae482fe8 Added CVE-2021-34621 2021-07-10 22:31:08 +05:30
Sandeep Singh 97023903a0
Merge pull request #1918 from gy741/rule-add-v19 
Create Hongdian Vulnerability
 2021-07-10 21:24:56 +05:30
Sandeep Singh 5ca472b43e
Merge pull request #1880 from gy741/rule-add-v13 
Create CVE-2021-1497.yaml
 2021-07-10 20:55:14 +05:30
sandeep 1cd29628aa more reference 2021-07-10 20:54:04 +05:30
sandeep 7f37050361 Added HTTP check 2021-07-10 20:53:23 +05:30
sandeep dd9e85a29c Added missing condition 2021-07-10 20:47:20 +05:30
sandeep 1e8aa5288f Update CVE-2021-1497.yaml 2021-07-10 20:45:00 +05:30
sandeep 767f173f88 minor updates 2021-07-10 18:45:09 +05:30
GwanYeong Kim 3bf1c929ed Create Hongdian Vulnerability 
CVE-2021-28149 : Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.

CVE-2021-28150 : Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

CVE-2021-28151 : Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-10 21:16:35 +09:00
sandeep c2f87a94c6 Added complete RCE chain 2021-07-10 13:42:09 +05:30
Sandeep Singh bff63b673d
Merge pull request #1896 from geeknik/patch-109 
Create CVE-2017-16806.yaml
 2021-07-07 18:40:15 +05:30
Sandeep Singh 5d034716ac
Merge pull request #1895 from geeknik/patch-108 
Create CVE-2015-6477.yaml
 2021-07-07 18:37:48 +05:30
Sandeep Singh 6963c0d669
Update CVE-2015-6477.yaml 2021-07-07 18:37:21 +05:30
Sandeep Singh 36a13094ef
Merge pull request #1894 from geeknik/patch-105 
Create CVE-2009-4223.yaml
 2021-07-07 18:35:27 +05:30
Geeknik Labs d5cbcec079
Update CVE-2021-22214.yaml 
dns interaction doesn't prove exploitability
 2021-07-07 03:50:13 +00:00
Geeknik Labs c8ba8e13ce
Create CVE-2017-16806.yaml 2021-07-06 19:50:32 +00:00
Geeknik Labs 6874823632
Create CVE-2015-6477.yaml 2021-07-06 19:47:44 +00:00
Geeknik Labs 1fba6ae882
Create CVE-2009-4223.yaml 2021-07-06 19:44:02 +00:00
Sandeep Singh deab6ba62c
Merge pull request #1887 from skar4444/nrouter 
CVE-2016-5649 - Netgear Router - Admin Password Disclosure
 2021-07-06 21:36:01 +05:30
sandeep 5a818f62b8 name and template update 2021-07-06 21:34:28 +05:30
Sandeep Singh 2aa91bbf24
Rename cve-2021-24387.yaml to CVE-2021-24387.yaml 2021-07-06 20:29:47 +05:30
Suman Kar 78617f6012 Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS 2021-07-06 19:51:53 +05:30
sandeep 6dd96ede94 Added additional reference 2021-07-06 12:12:09 +05:30
sandeep fc68a95803 Template Name/ID update as per assigned CVE 2021-07-06 12:07:53 +05:30
GwanYeong Kim 71dd0de29d Create CVE-2021-1497.yaml 
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-06 09:30:13 +09:00
sandeep 36a0918092 fixes 2021-07-04 16:02:51 +05:30
sandeep 13a5215bda Update CVE-2017-9841.yaml 2021-07-04 15:50:15 +05:30