daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,589 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

3733 Commits (264fad32de280c5bdf089877d15150f5dd12b96f)

Author SHA1 Message Date
pajoda c45934891f
Create CVE-2021-36748.yaml (#2446) 
* Create CVE-2021-36748.yaml

* Update indentation

* minor update

* Update CVE-2021-36748.yaml

* Additional unique matchers + easily readable syntax

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-04 17:23:56 +05:30
Prince Chaddha 08de914d33
Create CVE-2015-5531.yaml 2022-01-04 16:51:00 +05:30
Prince Chaddha 8615d9d9c8
Create CVE-2016-10134.yaml 2022-01-04 15:51:37 +05:30
ImNightmaree 760432c8e7
Update CVE-2017-11610.yaml 
Not all machines have HTTP connectivity, DNS is more reliable.
 2022-01-03 10:33:08 +00:00
sandeep 6f3591f920 rseenet tags update 2022-01-01 12:28:32 +05:30
sandeep 7eba1c5a0a added reference for rce 2021-12-31 17:53:27 +05:30
GitHub Action e238128b1c Auto Generated CVE annotations [Thu Dec 30 11:40:55 UTC 2021] 🤖 2021-12-30 11:40:55 +00:00
Sandeep Singh de7bef1300
Added CVE-2021-42567 (Apereo CAS Reflected XSS) (#3450) 
* Added CVE-2021-42567 (Apereo CAS Reflected XSS)

* Added login panel detection
 2021-12-30 17:09:29 +05:30
Prince Chaddha a94c5d62a1
Update CVE-2021-40859.yaml 2021-12-30 12:15:22 +05:30
Prince Chaddha f3deec4325
Update CVE-2021-40859.yaml 2021-12-30 12:15:02 +05:30
Sandeep Singh a10aff06e5
Merge branch 'master' into master 2021-12-29 21:28:30 +05:30
Sandeep Singh de9c4d605c
Apache Tomcat Template improvements (#3446) 
* Improved Tomcat matchers / extractors / paths

* removed duplicate detections / matchers

* removed duplicate template

* Added missing tomcat tags
 2021-12-29 19:10:59 +05:30
sandeep 8744282d5b removing matcher to avoid false negative result. 2021-12-29 12:10:51 +05:30
东方有鱼名为咸 7a05f1b538
add CVE-2021-45232.yaml (#3437) 
* Create CVE-2021-45232.yaml

* matcher fixes

* more reference

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-28 19:43:00 +05:30
sandeep 85956018f8 Added metadata 2021-12-28 18:16:23 +05:30
Sandeep Singh 5d7d4409a0
Added CVE-2020-11546 (#3436) 
Co-Authored-By: 0fficial_BlackHat13 <58517369+Official-BlackHat13@users.noreply.github.com>

Co-authored-by: 0fficial_BlackHat13 <58517369+Official-BlackHat13@users.noreply.github.com>
 2021-12-28 18:13:04 +05:30
Muhammad Daffa 5c800a4ef7
Seperate technologies and exposed-panels templates (#3424) 
* Edit magmi workflow

* Add some workflow template + edit some template

* Changing some templates

* minor update

* workflow matcher fixes

* tech update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-27 10:31:53 +05:30
Prince Chaddha ea0966877a
Merge pull request #3406 from Akokonunes/patch-95 
Create CVE-2018-14912.yaml
 2021-12-24 19:31:51 +05:30
Prince Chaddha ce4abd14ba
Update and rename CVE-2018-14912.yaml to cves/2018/CVE-2018-14912.yaml 2021-12-24 19:24:16 +05:30
GitHub Action c33766a93f Auto Generated CVE annotations [Fri Dec 24 13:38:52 UTC 2021] 🤖 2021-12-24 13:38:52 +00:00
Prince Chaddha 415f37a7a6
Update CVE-2021-27358.yaml 2021-12-24 19:02:18 +05:30
sandeep f892a053a2 Added Grafana unauthenticated snapshot creation 2021-12-24 17:47:55 +05:30
sandeep 54e064767d Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-12-23 21:46:10 +05:30
sandeep 99f5a47202 minor update 2021-12-23 21:40:28 +05:30
GitHub Action 132108f849 Auto Generated CVE annotations [Thu Dec 23 15:43:46 UTC 2021] 🤖 2021-12-23 15:43:46 +00:00
ImNightmaree a76a9baaf4
Create CVE-2021-45046 (#3378) 
* Create CVE-2021-45046

* Update and rename CVE-2021-45046 to CVE-2021-45046.yaml

* minor update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-23 21:11:50 +05:30
Mohamed Elbadry d2d47bfcb0
Update CVE-2021-44228.yaml - Extract DNS interaction IP (#3396) 
* Update CVE-2021-44228.yaml

* lint fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 18:17:30 +05:30
GitHub Action d253ff84ef Auto Generated CVE annotations [Wed Dec 22 06:47:35 UTC 2021] 🤖 2021-12-22 06:47:35 +00:00
pussycat0x 8a77db7919
unauthorized Puppet Node Manager (#3388) 
* Add files via upload

* Update unauthorized-puppet-node-manager-detect.yaml

* Add files via upload

* Add files via upload

* Update CVE-2021-40859.yaml

* misc updates

* minor updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 12:16:05 +05:30
sandeep df2418ce18 misc updates 2021-12-22 12:10:38 +05:30
pussycat0x 08d097a751
Update CVE-2021-40859.yaml 2021-12-22 09:33:06 +05:30
pussycat0x 4b6a46f06f
Add files via upload 2021-12-22 09:30:36 +05:30
GitHub Action 10ba4de0d7 Auto Generated CVE annotations [Tue Dec 21 12:32:40 UTC 2021] 🤖 2021-12-21 12:32:40 +00:00
Prince Chaddha b622f5145d
Merge pull request #3383 from projectdiscovery/princechaddha-patch-2 
Create CVE-2021-26085.yaml
 2021-12-21 18:00:47 +05:30
Prince Chaddha 0c1a5e2c23
Merge pull request #3386 from Akokonunes/patch-93 
Create CVE-2018-15138.yaml
 2021-12-21 17:32:38 +05:30
Prince Chaddha 97b4a8a0e8
Update and rename CVE-2018-15138.yaml to cves/2018/CVE-2018-15138.yaml 2021-12-21 17:25:16 +05:30
GitHub Action 19bfb84638 Auto Generated CVE annotations [Tue Dec 21 11:06:14 UTC 2021] 🤖 2021-12-21 11:06:14 +00:00
GitHub Action 7fe5c23627 Auto Generated CVE annotations [Mon Dec 20 14:33:22 UTC 2021] 🤖 2021-12-20 14:33:22 +00:00
Prince Chaddha b8ee43e27a
Create CVE-2021-26085.yaml 2021-12-20 15:20:14 +05:30
Prince Chaddha d40c6cbaa3
Merge pull request #3377 from daffainfo/patch-284 
Create CVE-2015-2166.yaml
 2021-12-20 13:04:30 +05:30
Prince Chaddha d5c43bb502
Update CVE-2015-2166.yaml 2021-12-20 13:02:41 +05:30
Prince Chaddha 9461383161
Update CVE-2015-0554.yaml 2021-12-20 13:01:11 +05:30
Prince Chaddha 2c279c7388
Update CVE-2015-2166.yaml 2021-12-20 12:56:36 +05:30
Muhammad Daffa bee031da45
Create CVE-2015-2166.yaml 2021-12-19 20:33:58 +07:00
Muhammad Daffa e3c0539174
Create CVE-2015-0554.yaml 2021-12-19 20:23:13 +07:00
Prince Chaddha ca6146a4af
Update CVE-2021-44228.yaml 2021-12-19 14:52:29 +05:30
Ganoes 5f271045d1
CVE-2016-6210 - Fix typo in the regex (#3365) 
* CVE-2016-6210 - Fix typo in the regex

* minor variable update

Co-authored-by: ganoes <karel.rozhon@etnetera.cz>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-18 14:58:35 +05:30
Prince Chaddha fc566d27a8
Create CVE-2021-45092.yaml (#3372) 
* Create CVE-2021-45092.yaml

* Added Thinfinity Iframe Injection

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* Added Thinfinity VirtualUI User Enumeration

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* added missing tag

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
 2021-12-18 14:32:44 +05:30
Abhiram V dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers (#3334) 
* Updated with common headers which can be exploited

Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part

* fix: lint update

* Update CVE-2021-44228.yaml

* Update CVE-2021-44228.yaml

* Updated changed matchers and extractors regex according to v8.7.3 update

* payload updates for CVE-2021-44228

- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points

Source - https://twitter.com/0xceba/status/1471664540542648322

Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
 2021-12-18 10:51:45 +05:30
sandeep b8fa0d5857 update: added more reference 2021-12-15 21:26:35 +05:30
Geeknik Labs 9c169bd682
Create CVE-2021-44528.yaml (#3342) 2021-12-15 20:43:07 +05:30
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
sandeep 34d4557dad update: making it compatible with self-hosted interactsh server 2021-12-14 03:21:47 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298) 
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
 2021-12-14 02:22:26 +05:30
Nicolas 1411edf332
Updated CVE-2021-44228.yaml (#3335) 
Co-authored-by: olacin <olacin@users.noreply.github.com>
 2021-12-13 20:24:06 +05:30
Prince Chaddha fe4ec9185f
Merge pull request #3325 from 5tr1x/patch-1 
Add X-Forwarded-For and Authentication headers
 2021-12-12 17:31:07 +05:30
Prince Chaddha 1824aef5f5
Update and rename CVE-2018-7467.yaml to cves/2018/CVE-2018-7467.yaml 2021-12-12 16:53:17 +05:30
5tr1x 5dc71681c5
Add X-Forwarded-For and Authentication headers 2021-12-11 15:43:22 -06:00
Mohamed Elbadry 33fbe53930
Create CVE-2021-44228.yaml (#3319) 
* Create CVE-2021-44228.yaml

* fix: syntax fix

* update: added additional path based payload

* update: strict matcher + pulling hostname information of the system

* update: added path based payload

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-12 00:56:50 +05:30
Muhammad Daffa 18d54f5204
Edit magmi workflow (#3312) 2021-12-09 23:28:33 +05:30
GitHub Action a19b941193 Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖 2021-12-08 11:18:20 +00:00
Sandeep Singh 2521cb62bf
Added CVE-2021-43798 (#3296) 
* Added CVE-2021-43798

* updated with default plugin list

* Update grafana-file-read.yaml
 2021-12-08 16:46:47 +05:30
Prince Chaddha 548980ae5b
Update CVE-2021-40856.yaml 2021-12-08 10:25:18 +05:30
GwanYeong Kim 48c6834de6 Create CVE-2021-40856.yaml 
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-08 09:54:30 +09:00
Prince Chaddha 7905d1dfd7
Merge pull request #3281 from daffainfo/master 
Add 10 templates and edit 1 workflows netsweeper
 2021-12-07 13:59:14 +05:30
Prince Chaddha 684abeb93e
Update CVE-2014-9618.yaml 2021-12-07 13:42:19 +05:30
Prince Chaddha 2fcb784fcf
Update CVE-2014-9617.yaml 2021-12-07 13:38:32 +05:30
Prince Chaddha 6d73776e5d
Update CVE-2014-9615.yaml 2021-12-07 13:25:57 +05:30
Prince Chaddha 7bee8bedd9
Update CVE-2014-9614.yaml 2021-12-07 13:13:49 +05:30
Prince Chaddha ac1439c40f
Update CVE-2014-9608.yaml 2021-12-07 13:05:50 +05:30
Prince Chaddha 891a922592
Update CVE-2014-9609.yaml 2021-12-07 12:56:58 +05:30
Prince Chaddha c3f2e61e48
Update CVE-2014-9608.yaml 2021-12-07 12:55:09 +05:30
Prince Chaddha 881ea5dd3c
Update CVE-2014-9607.yaml 2021-12-07 12:48:33 +05:30
Prince Chaddha d38243621e
Update CVE-2014-9606.yaml 2021-12-07 12:43:19 +05:30
Prince Chaddha 7983f04c51
Update and rename CVE-2014-3110.yaml to CVE-2014-2908.yaml 2021-12-07 10:28:21 +05:30
Prince Chaddha f0fbe930f6
Update CVE-2014-3110.yaml 2021-12-07 10:23:35 +05:30
Muhammad Daffa 04dc5d7532
Update CVE-2014-9614.yaml 2021-12-06 23:49:04 +07:00
Muhammad Daffa b24b6e8fa1
Update CVE-2014-9614.yaml 2021-12-06 23:48:38 +07:00
GitHub Action 3bf8c4f4b4 Auto Generated CVE annotations [Mon Dec 6 16:40:52 UTC 2021] 🤖 2021-12-06 16:40:52 +00:00
daffainfo b90d0b7e3e Add 10 templates and edit 1 workflows 2021-12-06 23:38:54 +07:00
Muhammad Daffa f8771cea8f
Create CVE-2014-3110.yaml 2021-12-06 22:13:40 +07:00
Prince Chaddha 3d7060f0d2
Update and rename CVE-2018-8727.yaml to cves/2018/CVE-2018-8727.yaml 2021-12-06 18:31:06 +05:30
Prince Chaddha c92010033b
Update CVE-2020-8497.yaml 2021-12-06 10:39:43 +05:30
GwanYeong Kim b76c1d20f3 Create CVE-2020-8497.yaml 
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-06 08:36:14 +09:00
sandeep b8d068416f update: added reference for CVE-2021-38314 2021-12-04 22:17:25 +05:30
sandeep f64926808d Added missing tag 2021-12-04 12:50:04 +05:30
GitHub Action 01cb3156ce Auto Generated CVE annotations [Sat Dec 4 07:17:12 UTC 2021] 🤖 2021-12-04 07:17:12 +00:00
sandeep d2d0d4bf8d minor update to description 2021-12-04 12:44:08 +05:30
alph4byt3 09468dc0f8 Create CVE-2021-29490.yaml 2021-12-04 12:40:47 +05:30
alph4byt3 5180d138bf Delete CVE-2021-29490 2021-12-04 12:40:47 +05:30
alph4byt3 41148c9f86 Create CVE-2021-29490 2021-12-04 12:40:47 +05:30
Prince Chaddha a04590433f
Merge pull request #3193 from Akokonunes/patch-78 
Create CVE-2018-7719.yaml
 2021-12-03 14:56:42 +05:30
GitHub Action ee1c16543d Auto Generated CVE annotations [Fri Dec 3 09:17:18 UTC 2021] 🤖 2021-12-03 09:17:18 +00:00
Prince Chaddha 7a32fc3941
Update and rename CVE-2021-27310.yaml to cves/2021/CVE-2021-27310.yaml 2021-12-03 14:43:25 +05:30
Prince Chaddha 7bd27557d8
Merge pull request #3253 from projectdiscovery/pr-fix-1 
Update CVE-2021-30213.yaml
 2021-12-03 14:32:47 +05:30
Prince Chaddha 0ac3b4da59
Merge pull request #3252 from projectdiscovery/pr-fix 
Update CVE-2021-27931.yaml
 2021-12-03 14:32:06 +05:30
Prince Chaddha 10c0f1b22f
Update CVE-2021-30213.yaml 2021-12-03 14:31:08 +05:30
Prince Chaddha 04bb340596
Update CVE-2021-27931.yaml 2021-12-03 14:30:44 +05:30
Prince Chaddha 5a36367340
Merge branch 'master' into pr-fix-1 2021-12-03 13:49:27 +05:30
Prince Chaddha 3cade85cc8
Merge branch 'master' into pr-fix 2021-12-03 13:23:33 +05:30
GitHub Action 6731cb176b Auto Generated CVE annotations [Fri Dec 3 07:23:34 UTC 2021] 🤖 2021-12-03 07:23:34 +00:00
Prince Chaddha ccca1add3f
Update CVE-2021-30213.yaml 2021-12-03 12:53:01 +05:30
Prince Chaddha e53cdde0c0
Merge pull request #3199 from alph4byt3/alph4byt3-patch-1 
Create CVE-2021-30213.yaml
 2021-12-03 12:52:11 +05:30
GitHub Action 5afe45cba5 Auto Generated CVE annotations [Fri Dec 3 07:19:34 UTC 2021] 🤖 2021-12-03 07:19:34 +00:00
Prince Chaddha 636a82effd
Update CVE-2021-27931.yaml 2021-12-03 12:48:47 +05:30
Prince Chaddha 025475d950
Merge pull request #3251 from projectdiscovery/pr-fix 
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml
 2021-12-03 12:48:01 +05:30
Prince Chaddha bac5f0f843
Merge pull request #3206 from alph4byt3/patch-1 
Create CVE-2021-27931.yaml
 2021-12-03 12:47:18 +05:30
Prince Chaddha 0457cbd6b2
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml 2021-12-03 12:42:37 +05:30
Prince Chaddha 91f667044c
Update CVE-2018-16133.yaml 2021-12-03 10:52:45 +05:30
sandeep df69e7e4e3 minor template update 2021-12-03 10:45:57 +05:30
Prince Chaddha 53182fa956
Merge pull request #3195 from Akokonunes/patch-80 
Create CVE-2015-1503.yaml
 2021-12-02 12:50:16 +05:30
Prince Chaddha 8a23858b71
Update and rename CVE-2015-1503.yaml to cves/2015/CVE-2015-1503.yaml 2021-12-02 12:48:57 +05:30
Prince Chaddha 78e5e52cd8
Merge pull request #3194 from Akokonunes/patch-79 
Create CVE-2018-10201.yaml
 2021-12-02 12:46:03 +05:30
Prince Chaddha cc24ef4880
Update CVE-2018-10201.yaml 2021-12-02 12:43:43 +05:30
sandeep 1dabef2e6f Revert "CVE update - CVE-2021-22049" 
This reverts commit 70128c2587.
 2021-12-02 01:34:29 +05:30
sandeep 70128c2587 CVE update - CVE-2021-22049 2021-12-02 01:31:41 +05:30
sandeep 814bf92a00 File name update - CVE-2021-39226 2021-12-02 01:14:10 +05:30
Sandeep Singh 19fcafa546
CVE-2021-39226 (#3241) 
* Added CVE-39226

Co-Authored-By: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>

Co-authored-by: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>
 2021-12-02 01:07:40 +05:30
sullo 854b464b1d
Add remediation information to CVE-2021-40539 and CVE-2021-44427 (#3237) 
* Added remediation to CVE-2021-40539

* Added remediation to CVE-2021-44427

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2021-12-01 22:23:24 +05:30
Prince Chaddha 40d7678327
Merge pull request #3233 from Akokonunes/patch-83 
Create CVE-2018-16133.yaml
 2021-12-01 19:21:26 +05:30
Prince Chaddha c9b6c8e463
Merge pull request #3235 from cckuailong/master 
add CVE-2021-43778.yaml
 2021-12-01 19:21:08 +05:30
Prince Chaddha 93f9f3ccac
Update CVE-2021-43778.yaml 2021-12-01 19:19:10 +05:30
Prince Chaddha ec4360339e
Merge pull request #3232 from Akokonunes/patch-82 
Create CVE-2018-18323.yaml
 2021-12-01 19:16:06 +05:30
Prince Chaddha c77356d541
Update and rename CVE-2018-16133.yaml to cves/2018/CVE-2018-16133.yaml 2021-12-01 19:15:56 +05:30
GitHub Action d3649d4f43 Auto Generated CVE annotations [Wed Dec 1 13:42:24 UTC 2021] 🤖 2021-12-01 13:42:24 +00:00
Prince Chaddha 80df18b062
Update and rename CVE-2018-18323.yaml to cves/2018/CVE-2018-18323.yaml 2021-12-01 19:10:27 +05:30
Prince Chaddha a265f86133
Rename CVE-2018-19753.yaml to cves/2018/CVE-2018-19753.yaml 2021-12-01 19:08:50 +05:30
cckuailong 2a8ca5d836 add CVE-2021-43778.yaml 2021-12-01 15:04:29 +08:00
GitHub Action fb048c7972 Auto Generated CVE annotations [Tue Nov 30 18:51:32 UTC 2021] 🤖 2021-11-30 18:51:32 +00:00
Sandeep Singh eb5a6ab341
Added CVE-2021-41266 (#3229) 
Co-Authored-By: Lenin Alevski <1795553+Alevsk@users.noreply.github.com>
 2021-12-01 00:19:41 +05:30
Prince Chaddha d484fed316
Merge pull request #3224 from xShuden/master 
Create  CVE-2021-44427.yaml
 2021-11-30 21:55:47 +04:00
Prince Chaddha f6a952d4be
Update CVE-2021-44427.yaml 2021-11-30 23:23:31 +05:30
Prince Chaddha ae078ecd51
Merge pull request #3223 from gy741/rule-add-v74 
Create CVE-2021-41653.yaml
 2021-11-30 20:54:55 +04:00
Prince Chaddha 0b82e570d1
Update CVE-2021-41653.yaml 2021-11-30 22:22:16 +05:30
Aaron Chen 38f147a716
create CVE-2021-41951 (#3202) 
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2021-11-30 22:19:12 +05:30
Sandeep Singh 949cd0d5a6
CVE 2021 41951 (#3226) 
* create CVE-2021-41951

Co-authored-by: Aaron Chen <aaronchen.lisp@gmail.com>
 2021-11-30 22:15:32 +05:30
Furkan Sayım 3ae4c1b484
Create CVE-2021-44427.yaml 2021-11-30 16:56:38 +01:00
GwanYeong Kim 3dd0c78fff Create CVE-2021-41653.yaml 
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-11-30 14:35:25 +09:00
GitHub Action 2f6733c202 Auto Generated CVE annotations [Mon Nov 29 14:34:36 UTC 2021] 🤖 2021-11-29 14:34:36 +00:00
Sandeep Singh 38839cfbbc
Added Commvault CommCell Directory Traversal (CVE-2020-25780) (#3182) 2021-11-29 20:02:59 +05:30
forgedhallpass 7ef4f90cf0
feat: CVE-2021-22053 (#3220) 
* feat: CVE-2021-22053
 2021-11-29 18:42:08 +05:30
GitHub Action bcb798df8b Auto Generated CVE annotations [Sun Nov 28 20:49:07 UTC 2021] 🤖 2021-11-28 20:49:07 +00:00
sandeep b7cb6a63cb moving template into cves 2021-11-29 02:17:27 +05:30
GitHub Action 302227a09d Auto Generated CVE annotations [Sun Nov 28 20:31:30 UTC 2021] 🤖 2021-11-28 20:31:30 +00:00
Sandeep Singh 90b18a504e
Merge pull request #3217 from projectdiscovery/CVE-2021-38540 
Apache Airflow - Unauthenticated variable Import (CVE-2021-38540)
 2021-11-29 01:59:54 +05:30
sandeep 682db62431 Fixed CVE-2020-14882 payload + matcher 2021-11-29 01:15:05 +05:30
sandeep d00dea3f6b removed unwanted headers 2021-11-29 00:05:36 +05:30
sandeep 685c46640e Added Apache Airflow - Unauthenticated variable Import 2021-11-28 23:47:12 +05:30
Sandeep Singh b07189e3d1
Merge pull request #3216 from projectdiscovery/CVE-2014-8682-fix 
Added missing condition for CVE-2014-8682
 2021-11-28 17:24:24 +05:30
sandeep 63b23a4848 Added additional reference 2021-11-28 17:22:02 +05:30
sandeep e108fe7df8 Added missing condition 2021-11-28 00:08:05 +05:30
sandeep 7345869864 Added additional matcher 2021-11-27 10:04:24 +05:30
rotemr 0595a1dcf1 Add template for CVE-2021-24278 2021-11-27 01:32:48 +02:00
sandeep 9aad440f05 lint fixing 2021-11-26 22:25:58 +05:30
Sandeep Singh 45319b2571
Merge pull request #3191 from r3naissance/master 
Adding a 2000 cve because I tragically came across it today...
 2021-11-26 22:18:36 +05:30
sandeep e7c68469e0 Added additional path 2021-11-26 22:17:35 +05:30
sandeep 325d8de2fe added addition tag 2021-11-26 22:14:43 +05:30
alph4byt3 3c1ae20146
Create CVE-2021-27931.yaml 2021-11-25 17:39:09 +02:00
Prince Chaddha 62b3e7e9d0
Update and rename CVE-2018-7719.yaml to cves/2018/CVE-2018-7719.yaml 2021-11-25 10:45:10 +04:00
GitHub Action 1f46d1653d Auto Generated CVE annotations [Wed Nov 24 21:58:12 UTC 2021] 🤖 2021-11-24 21:58:12 +00:00
sandeep 566361897c moving template of cves folder 2021-11-25 03:21:36 +05:30
alph4byt3 f2ff7a1a7e
Create CVE-2021-30213.yaml 2021-11-24 17:43:59 +02:00
Prince Chaddha 168db8a984
Update CVE-2020-2096.yaml 2021-11-24 11:58:52 +04:00
Chapman Schleiss ea78c078d8 Fixed Title 2021-11-23 16:53:00 -07:00
Chapman Schleiss 45521a075f Adding a 2000 cve because I tragically came across it today... 2021-11-23 16:46:22 -07:00
yuan 641ffd4e93 update CVE-2020-2096 2021-11-23 19:01:24 +08:00
GitHub Action 65ec414ae7 Auto Generated CVE annotations [Tue Nov 23 04:08:40 UTC 2021] 🤖 2021-11-23 04:08:40 +00:00
Prince Chaddha 13204529fa
Merge pull request #3181 from pikpikcu/patch-301 
Create CVE-2020-20982
 2021-11-23 09:37:04 +05:30
GitHub Action 2e3c57379f Auto Generated CVE annotations [Tue Nov 23 03:59:46 UTC 2021] 🤖 2021-11-23 03:59:46 +00:00
Prince Chaddha f632abce33
Merge pull request #3178 from ImNightmaree/patch-4 
Minor updates to grammar
 2021-11-23 09:28:28 +05:30
Prince Chaddha 1c569d76cb
Update CVE-2020-20982.yaml 2021-11-23 07:57:11 +04:00
Prince Chaddha e787e67010
Update CVE-2021-43495.yaml 2021-11-23 07:46:15 +04:00
PikPikcU 05a366d141
Create CVE-2021-43495.yaml 2021-11-23 08:30:30 +07:00
PikPikcU 8463cfd824
Create CVE-2020-20982.yaml 2021-11-22 22:56:22 +07:00
ImNightmaree 9febb14f78
Minor updates to grammar 
Capitalization adjustment to "unrestricted file upload"
 2021-11-22 00:00:53 +00:00
sandeep eff91b0dfa removed extra headers 2021-11-21 15:27:06 +05:30
Sandeep Singh 3fb2bf4644
Merge pull request #3174 from DhiyaneshGeek/master 
Version Control Templates
 2021-11-21 14:55:24 +05:30
sandeep d16fb02b21 minor updates to template 2021-11-21 14:53:15 +05:30
GitHub Action 71fce6b5ea Auto Generated CVE annotations [Sat Nov 20 12:32:16 UTC 2021] 🤖 2021-11-20 12:32:16 +00:00
Dhiyaneshwaran bb4f329f15
Update CVE-2008-5587.yaml 2021-11-20 18:00:35 +05:30
Dhiyaneshwaran 8cfe1a59af
Create CVE-2008-5587.yaml 2021-11-20 18:00:04 +05:30
GitHub Action f21ffcf1d6 Auto Generated CVE annotations [Sat Nov 20 12:29:14 UTC 2021] 🤖 2021-11-20 12:29:14 +00:00
Dhiyaneshwaran 7ea0ec8fc0
Create CVE-2007-5728.yaml 2021-11-20 17:57:41 +05:30
GitHub Action 623fe7ee15 Auto Generated CVE annotations [Sat Nov 20 11:56:31 UTC 2021] 🤖 2021-11-20 11:56:31 +00:00
Dhiyaneshwaran fb105fdb39
Create CVE-2014-8682.yaml 2021-11-20 17:24:58 +05:30
sandeep a175effdc4 Added few additional information 2021-11-20 17:19:24 +05:30
GitHub Action 440a0e7114 Auto Generated CVE annotations [Thu Nov 18 20:31:47 UTC 2021] 🤖 2021-11-18 20:31:47 +00:00
sandeep a7594322a3 removed spaces 2021-11-19 01:40:36 +05:30
sandeep cf34d5b0ee Added Apache ShenYu Admin JWT authentication bypass (CVE-2021-37580) 2021-11-19 01:38:23 +05:30
Prince Chaddha aa603d592e
Update CVE-2017-11610.yaml 2021-11-17 18:49:32 +05:30
GitHub Action b79769c756 Auto Generated CVE annotations [Wed Nov 17 13:10:53 UTC 2021] 🤖 2021-11-17 13:10:53 +00:00
Prince Chaddha 2ee77e2270
Merge pull request #3147 from notnotnotveg/CVE-2017-11610 
Added CVE-2017-11610.yaml template
 2021-11-17 18:39:06 +05:30
Prince Chaddha 829f25b2a5
Update CVE-2017-11610.yaml 2021-11-17 18:36:30 +05:30
Bourne Haber ff16039083
Change word -> regex for type 'regex' 2021-11-16 23:51:30 +05:30
Prince Chaddha cacf934f38
Merge pull request #3144 from DhiyaneshGeek/master 
Axigen Mail Server & Squirrel Server
 2021-11-16 16:09:21 +05:30
Prince Chaddha 029b8f05fe
Update CVE-2006-2842.yaml 2021-11-16 15:43:43 +05:30
Prince Chaddha cad1f66030
Update CVE-2004-0519.yaml 2021-11-16 15:43:03 +05:30
Prince Chaddha 98621de740
Update CVE-2002-1131.yaml 2021-11-16 15:40:56 +05:30
Prince Chaddha 525a2855a1
Merge pull request #3149 from Akokonunes/patch-73 
Create CVE-2019-18922.yaml
 2021-11-16 15:24:23 +05:30
Prince Chaddha f420bb6052
Update and rename CVE-2019-18922.yaml to cves/2019/CVE-2019-18922.yaml 2021-11-16 15:11:16 +05:30
Prince Chaddha 2f272f85a1
Update and rename CVE-2018-14916.yaml to cves/2018/CVE-2018-14916.yaml 2021-11-16 15:07:38 +05:30
notnotnotveg 92f82dd083 Added CVE-2017-11610.yaml template 2021-11-15 18:27:25 -05:00
Dhiyaneshwaran 1ad9dc577c
Update CVE-2006-2842.yaml 2021-11-16 00:07:46 +05:30
GitHub Action ea8b5134ba Auto Generated CVE annotations [Mon Nov 15 18:16:11 UTC 2021] 🤖 2021-11-15 18:16:11 +00:00
Dhiyaneshwaran 89501ea414
Create CVE-2004-0519.yaml 2021-11-15 23:44:18 +05:30
GitHub Action 8b4f86274d Auto Generated CVE annotations [Mon Nov 15 18:12:13 UTC 2021] 🤖 2021-11-15 18:12:13 +00:00
Dhiyaneshwaran fc2f0a0ea3
Create CVE-2006-2842.yaml 2021-11-15 23:40:49 +05:30
Dhiyaneshwaran a0ce5a2918
Create CVE-2002-1131.yaml 2021-11-15 23:39:04 +05:30
sandeep 4f88a66890 misc update 2021-11-15 23:05:21 +05:30
sandeep 4b4d7fc7c3 misc fix 2021-11-15 22:31:08 +05:30
GitHub Action 8f0c36f036 Auto Generated CVE annotations [Mon Nov 15 15:49:39 UTC 2021] 🤖 2021-11-15 15:49:39 +00:00
Dhiyaneshwaran 0f5ae5efba
Update CVE-2012-4940.yaml 2021-11-15 21:18:14 +05:30
Dhiyaneshwaran c89128eaea
Create CVE-2012-4940.yaml 2021-11-15 21:17:27 +05:30
Prince Chaddha 7566a563cd
Update CVE-2019-19824.yaml 2021-11-15 17:11:47 +05:30
GwanYeong Kim 451366d33e Create CVE-2019-19824.yaml 
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-11-14 13:17:27 +09:00
Prince Chaddha 8d7a317512
Merge pull request #3132 from Akokonunes/patch-72 
Create CVE-2020-19360.yaml
 2021-11-13 23:37:43 +05:30
Prince Chaddha 26a9bbc797
Update and rename CVE-2020-19360.yaml to cves/2020/CVE-2020-19360.yaml 2021-11-13 23:34:22 +05:30
sandeep b2aa8f9f5b misc updates 2021-11-13 23:01:53 +05:30
GitHub Action 19f522f9e5 Auto Generated CVE annotations [Sat Nov 13 14:29:44 UTC 2021] 🤖 2021-11-13 14:29:44 +00:00
sandeep 2809a60004 Added Pre-authenticated SQL injection in GLPI <= 9.3.3 (CVE-2019-10232) 2021-11-13 19:56:16 +05:30
sandeep b0860f2275 Template update to confirm RCE 2021-11-13 16:36:43 +05:30
sandeep 0e9faf2419 misc updates 2021-11-13 00:37:40 +05:30
GitHub Action d77afde6f2 Auto Generated CVE annotations [Fri Nov 12 19:00:28 UTC 2021] 🤖 2021-11-12 19:00:28 +00:00
sandeep e649bcc493 template fix 2021-11-13 00:29:04 +05:30
Sandeep Singh e50e82d61b
Merge pull request #3129 from httpvoid/master 
Add CVE-2021-41349
 2021-11-13 00:28:42 +05:30
rootxharsh 29bcd6b821 Add CVE-2021-41349 2021-11-12 23:55:15 +05:30
sandeep 65ce478c0e misc updates 2021-11-11 22:59:29 +05:30
GitHub Action f47fca558a Auto Generated CVE annotations [Thu Nov 11 11:06:36 UTC 2021] 🤖 2021-11-11 11:06:36 +00:00
Prince Chaddha 24f8dbaf9f
Merge pull request #3120 from ImNightmaree/master 
CVE-2018-15961 (Adobe ColdFusion Unrestricted file upload RCE)
 2021-11-11 16:34:47 +05:30
sandeep 33a733d4f6 misc updates 2021-11-11 15:05:31 +05:30
sandeep ca0b7890dc misc update 2021-11-11 14:35:58 +05:30
Sandeep Singh c0d875c623
Update CVE-2021-42237.yaml 2021-11-11 14:32:24 +05:30
Prince Chaddha 6b896965a1
Update CVE-2018-15961.yaml 2021-11-11 11:51:24 +05:30
Prince Chaddha e396e30ac5
Merge branch 'master' into master 2021-11-11 11:19:57 +05:30
Prince Chaddha a6039654a1
Update CVE-2021-31602.yaml 2021-11-11 11:17:25 +05:30
Prince Chaddha 7a08bde65d
Update CVE-2021-42237.yaml 2021-11-11 11:16:37 +05:30
GitHub Action 206b056506 Auto Generated CVE annotations [Thu Nov 11 05:29:39 UTC 2021] 🤖 2021-11-11 05:29:39 +00:00
ImNightmaree 8f8888481d
Linting 2021-11-10 18:14:05 +00:00
ImNightmaree 40e6c30e0d
Linting 2021-11-10 18:08:18 +00:00
ImNightmaree 3852eedb46
Linting 2021-11-10 18:05:59 +00:00
ImNightmaree 03c24bd12d
Linting 2021-11-10 18:02:59 +00:00
ImNightmaree 90c265672f
Linting 2021-11-10 18:00:26 +00:00
Sandeep Singh 866bcfa0f6
Rename CVE-2018-15961 to CVE-2018-15961.yaml 2021-11-10 23:23:11 +05:30
ImNightmaree 136fd744c9
Missed a space on author. 2021-11-10 17:51:54 +00:00
ImNightmaree 9017c8af45
Merge branch 'projectdiscovery:master' into master 2021-11-10 17:48:17 +00:00
ImNightmaree 7e10c6eb42
Creates CVE-2018-15961 
Closes #3119 with minor updates to ensure the file isn't accessible predictably
 2021-11-10 17:46:34 +00:00
GitHub Action 2cfad99d03 Auto Generated CVE annotations [Wed Nov 10 16:04:38 UTC 2021] 🤖 2021-11-10 16:04:38 +00:00
GitHub Action 33fccd20b3 Auto Generated CVE annotations [Tue Nov 9 16:55:13 UTC 2021] 🤖 2021-11-09 16:55:13 +00:00
Prince Chaddha fa2cad22f0
Merge pull request #3097 from projectdiscovery/CVE-2019-1821 
Create CVE-2019-1821.yaml
 2021-11-09 22:23:45 +05:30
Prince Chaddha 58d84e7557
Merge pull request #3112 from Akokonunes/patch-68 
Create CVE-2017-15363.yaml
 2021-11-09 22:21:49 +05:30
Prince Chaddha d165a9fe33
Update and rename CVE-2017-15363.yaml to cves/2017/CVE-2017-15363.yaml 2021-11-09 22:20:29 +05:30
Prince Chaddha 0328b4bd5d
Update and rename CVE-2017-10974.yaml to cves/2017/CVE-2017-10974.yaml 2021-11-09 22:13:59 +05:30
sandeep cb74944f43 misc updates 2021-11-08 15:45:54 +05:30
Prince Chaddha 23b9517674
Update CVE-2019-1821.yaml 2021-11-08 12:54:34 +05:30
Prince Chaddha bde7d5243b
Update CVE-2019-1821.yaml 2021-11-08 12:45:04 +05:30
GitHub Action 268f6c7c86 Auto Generated CVE annotations [Mon Nov 8 06:51:55 UTC 2021] 🤖 2021-11-08 06:51:55 +00:00
GitHub Action 2f7b3d7e00 Auto Generated CVE annotations [Sat Nov 6 22:43:41 UTC 2021] 🤖 2021-11-06 22:43:41 +00:00
sandeep 2beb8767ff Added CVE-2021-41174 2021-11-07 04:08:43 +05:30
GitHub Action 56c9fb7a7b Auto Generated CVE annotations [Sat Nov 6 17:09:47 UTC 2021] 🤖 2021-11-06 17:09:47 +00:00
Sandeep Singh 037d974e8b
Merge pull request #3095 from projectdiscovery/CVE-2020-26413 
Create CVE-2020-26413.yaml
 2021-11-06 22:38:14 +05:30
sandeep dbbb08e40c misc updates 2021-11-06 22:36:37 +05:30
Prince Chaddha 57b4425e52
Create CVE-2019-1821.yaml 2021-11-06 20:34:10 +05:30
Prince Chaddha 0e27f24138
Update CVE-2020-26413.yaml 2021-11-06 20:18:27 +05:30
Prince Chaddha b1d7f6087c
Update CVE-2016-3088.yaml 2021-11-06 20:08:10 +05:30
Prince Chaddha 5aeb4de8c8
Create CVE-2020-26413.yaml 2021-11-06 18:22:50 +05:30
GitHub Action ca57c815da Auto Generated CVE annotations [Sat Nov 6 12:47:58 UTC 2021] 🤖 2021-11-06 12:47:58 +00:00
Prince Chaddha 070628000c
Merge pull request #3088 from projectdiscovery/CVE-2016-3088 
Create CVE-2016-3088.yaml
 2021-11-06 18:16:10 +05:30
Sandeep Singh cd59d38e3d
Merge pull request #3083 from pussycat0x/master 
Pentaho <= 9.1 Authentication Bypass of Spring APIs
 2021-11-06 16:52:44 +05:30
sandeep 0963b5f289 Added stop-at-first-match 2021-11-06 16:52:33 +05:30
sandeep 1d4ff44b88 misc update 2021-11-06 16:51:03 +05:30
GitHub Action 21cf51bea9 Auto Generated CVE annotations [Sat Nov 6 10:59:41 UTC 2021] 🤖 2021-11-06 10:59:41 +00:00
Sandeep Singh b52d878f9a
Update CVE-2016-3088.yaml 2021-11-06 16:13:58 +05:30
sandeep ce2212b6d4 Added CVE-2019-2579 2021-11-06 16:10:58 +05:30
GitHub Action 6f0c6a043b Auto Generated CVE annotations [Sat Nov 6 08:18:29 UTC 2021] 🤖 2021-11-06 08:18:29 +00:00
Sandeep Singh 4b3172c754
Merge pull request #3091 from Leovalcante/cve-2019-2578 
create check for cve-2019-2578
 2021-11-06 13:46:53 +05:30
GitHub Action 3a9fcc7cc0 Auto Generated CVE annotations [Sat Nov 6 08:15:35 UTC 2021] 🤖 2021-11-06 08:15:35 +00:00
Sandeep Singh 721f2fce99
Merge pull request #3090 from Leovalcante/cve-2018-3238 
create check for cve-2018-3238
 2021-11-06 13:43:56 +05:30
Sandeep Singh 55e21f68f7
Merge pull request #3089 from Leovalcante/fix-cve-2018-2791 
improve cve-2018-2791 vulnerability check
 2021-11-06 13:43:34 +05:30
sandeep e4cda81745 misc updates 2021-11-06 13:41:08 +05:30
sandeep c474434ab2 improved matchers 2021-11-06 13:17:42 +05:30
sandeep 2b38dce99c updated with improved matchers 2021-11-06 12:51:30 +05:30
sandeep 5fa10c4b64 cves update 2021-11-06 12:34:04 +05:30
Valerio Preti 41464ac737 create check for cve-2019-2578 2021-11-06 01:24:41 +01:00
Valerio Preti fe5385e932 create check for cve-2018-3238 2021-11-06 00:51:54 +01:00
Valerio Preti 69fc4c04c2 improve wcs cve-2018-2791 vulnerability check 2021-11-06 00:48:10 +01:00
sandeep 3e12441f6d matcher update 2021-11-06 03:56:14 +05:30
Prince Chaddha 371d3354b9
Create CVE-2016-3088.yaml 2021-11-06 00:42:00 +05:30
Prince Chaddha 46a1ecd36a
Merge pull request #3075 from Akokonunes/patch-67 
Create CVE-2017-5982.yaml
 2021-11-05 21:31:39 +05:30
Prince Chaddha e1cbedaaff
Rename CVE-2017-5982.yaml to cves/2017/CVE-2017-5982.yaml 2021-11-05 21:29:06 +05:30
Prince Chaddha 7558d674de
Merge pull request #3079 from pradeepch99/master 
Update CVE-2021-36260.yaml
 2021-11-05 21:28:35 +05:30
Prince Chaddha c1e8682918
Update CVE-2021-31602.yaml 2021-11-05 21:20:29 +05:30
GitHub Action c7baa07310 Auto Generated CVE annotations [Fri Nov 5 15:44:13 UTC 2021] 🤖 2021-11-05 15:44:13 +00:00
Prince Chaddha eef71d5cb8
Update CVE-2019-3929.yaml 2021-11-05 21:07:40 +05:30
Prince Chaddha 3c7d239415
Update CVE-2019-3929.yaml 2021-11-05 20:59:47 +05:30
Prince Chaddha 626b97e368
Create CVE-2019-3929.yaml 2021-11-05 20:58:18 +05:30
pussycat0x 70425f1be2
Update CVE-2021-31602.yaml 2021-11-05 14:11:44 +05:30
pussycat0x 802607241d
Update CVE-2021-31602.yaml 2021-11-05 13:59:09 +05:30
pussycat0x 153a00af52
Add files via upload 2021-11-05 13:45:21 +05:30
Pradeepch99 8c5987b2b2
Update CVE-2021-36260.yaml 2021-11-05 08:44:19 +05:30
sandeep 8eb67ca3f7 additional matcher 2021-11-05 04:48:10 +05:30
ImNightmaree 2fc9a1f850
Updates CVE-2017-10271 
Partially resolves #609 - not all machines have HTTP connectivity, nslookup is native to Windows and Linux, and a good alternative.
 2021-11-04 13:44:56 +00:00
Huy Nguyen 78189af295
Fix for potential false positives 
See also following issue: https://github.com/projectdiscovery/nuclei-templates/issues/3065
 2021-11-04 12:07:38 +01:00
ImNightmaree acc8d46849
Updates "whoami" regex 
Fixes #3060
 2021-11-03 17:43:48 +00:00
GitHub Action e70531ebca Auto Generated CVE annotations [Wed Nov 3 06:21:45 UTC 2021] 🤖 2021-11-03 06:21:45 +00:00
Prince Chaddha fd9e89e0db
Create CVE-2018-18570.yaml 2021-11-03 11:36:30 +05:30
GitHub Action ba5d199dbb Auto Generated CVE annotations [Tue Nov 2 20:23:01 UTC 2021] 🤖 2021-11-02 20:23:01 +00:00
sandeep 36bda42c27 misc update 2021-11-03 01:49:51 +05:30
Prince Chaddha 94c49907ce
Update CVE-2021-38704.yaml 2021-11-02 23:35:14 +05:30
Prince Chaddha 3541fb5754
Update CVE-2021-38704.yaml 2021-11-02 23:25:17 +05:30
Prince Chaddha 19ca42a3d6
Update CVE-2021-38704.yaml 2021-11-02 23:23:11 +05:30
Prince Chaddha 5e774b4e9b
Create CVE-2021-38704.yaml 2021-11-02 23:16:22 +05:30
forgedhallpass 5c3bbbb740 Update SSH user enum templates 
SSH header structure:
SSH-protoversion-softwareversion[SPcomments]CRLF

see: https://datatracker.ietf.org/doc/html/rfc4253#section-4.2
 2021-11-01 20:34:47 +02:00
Prince Chaddha c26924f7d8
Merge pull request #3037 from Akokonunes/patch-65 
Create CVE-2019-16123.yaml
 2021-11-01 14:34:18 +05:30
Prince Chaddha 95b6237e37
Update and rename CVE-2019-16123.yaml to cves/2019/CVE-2019-16123.yaml 2021-11-01 14:28:28 +05:30
Sandeep Singh c2a167939e
Merge pull request #3031 from gy741/rule-add-v70 
Create CVE-2021-31682.yaml
 2021-10-31 17:09:29 +05:30
sandeep fe6dbc8b4d misc update 2021-10-31 16:56:16 +05:30
sandeep 107679bd9a matcher + added version extractors 2021-10-30 19:26:12 +05:30
GitHub Action 4cc2a7a205 Auto Generated CVE annotations [Sat Oct 30 11:41:59 UTC 2021] 🤖 2021-10-30 11:41:59 +00:00
sandeep 8c3f98c767 fixed invalid template syntax 2021-10-30 16:47:35 +05:30
GwanYeong Kim 43629d5f49 Create CVE-2021-31682.yaml 
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-30 19:36:29 +09:00
sandeep 9a7111c936 updating author details 2021-10-29 22:16:25 +05:30
sandeep 1fdf1ce10a name update 2021-10-29 21:36:05 +05:30
sandeep d6fbf8b35c misc updates 2021-10-29 21:33:59 +05:30
GitHub Action 4236ca70b5 Auto Generated CVE annotations [Fri Oct 29 12:45:06 UTC 2021] 🤖 2021-10-29 12:45:07 +00:00
Dhiyaneshwaran afbd8f0448
Create CVE-2021-20837.yaml 2021-10-29 18:13:32 +05:30
Sandeep Singh ba04bc0d3a
Merge pull request #3022 from projectdiscovery/CVE-2021-36260 
Added Hikvision RCE (CVE-2021-36260)
 2021-10-29 17:09:01 +05:30
GitHub Action b46d572636 Auto Generated CVE annotations [Fri Oct 29 10:29:18 UTC 2021] 🤖 2021-10-29 10:29:18 +00:00
Sandeep Singh fe19393cb0
Merge pull request #3011 from meme-lord/master 
Added CVE-2017-0929 (DNN SSRF)
 2021-10-29 15:57:35 +05:30
sandeep 4024822ddf misc updates 2021-10-29 15:56:24 +05:30
sandeep f635c80512 Adding metadata 2021-10-29 14:49:58 +05:30
sandeep a451cfb48a misc update 2021-10-29 14:24:20 +05:30
sandeep 8f4a90f33a Added Hikvision RCE (CVE-2021-36260) 2021-10-29 13:47:09 +05:30
Prince Chaddha 3aadf53a95
Merge pull request #3014 from Mad-robot/patch-2 
Create CVE-2021-42566.yaml
 2021-10-29 00:29:05 +05:30
Prince Chaddha e58e1ef96d
Update CVE-2021-42566.yaml 2021-10-29 00:25:45 +05:30
Prince Chaddha 7f9490d762
Update CVE-2021-42565.yaml 2021-10-29 00:25:12 +05:30
Prince Chaddha 263fb400e9
Update CVE-2021-42566.yaml 2021-10-29 00:22:29 +05:30
SaN ThosH ca73e75974
Create CVE-2021-42566.yaml 2021-10-27 20:13:56 +05:30
SaN ThosH 0675ba8c67
Update and rename CVE-2021-42566.yaml to CVE-2021-42565.yaml 2021-10-27 20:10:59 +05:30
SaN ThosH bbe3e7b542
Create CVE-2021-42566.yaml 2021-10-27 20:08:59 +05:30
Sandeep Singh 8ac7370a79
Merge pull request #3010 from nrathaus/master 
Add description
 2021-10-27 18:36:55 +05:30
sandeep 2d19236680 misc update 2021-10-27 18:21:06 +05:30
sandeep 6490a968b3 Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 18:01:04 +05:30
GitHub Action 46321e321c Auto Generated CVE annotations [Wed Oct 27 12:05:42 UTC 2021] 🤖 2021-10-27 12:05:42 +00:00
meme-lord 70c90bba84 Added CVE-2017-0929 (DNN SSRF) 2021-10-27 13:03:45 +01:00
Noam Rathaus 376c63189d Add description 2021-10-27 14:07:22 +03:00
Chill3d e6d40037c5
Typo on rocketchat tag 2021-10-27 10:30:43 +02:00
GitHub Action 7ccaf4c07a Auto Generated CVE annotations [Tue Oct 26 18:33:18 UTC 2021] 🤖 2021-10-26 18:33:18 +00:00
Prince Chaddha c72328203a
Merge pull request #2994 from Akokonunes/patch-62 
Create CVE-2015-5471.yaml
 2021-10-27 00:01:40 +05:30
GitHub Action 2c6367720e Auto Generated CVE annotations [Tue Oct 26 18:30:55 UTC 2021] 🤖 2021-10-26 18:30:55 +00:00
Prince Chaddha 8178635b45
Update CVE-2015-5471.yaml 2021-10-26 23:58:12 +05:30
Prince Chaddha 4b3c46a773
Update CVE-2016-1000136.yaml 2021-10-26 23:51:04 +05:30
sandeep 1e9218db98 moving files around 2021-10-26 15:13:55 +05:30
sandeep 41e0b65e79 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2990 2021-10-26 15:03:54 +05:30
sandeep 2fa9791bdc misc update 2021-10-26 14:32:23 +05:30
sandeep 1986e1211d Adding condition between word matcher 2021-10-26 14:25:37 +05:30
Dwi Siswanto 9773130879 Remove blank lines 2021-10-26 15:31:41 +07:00
Dwi Siswanto bf7070dbc7 Add CVE-2021-42258 2021-10-26 15:26:22 +07:00
Muhammad Daffa f37ac4f60b
Create CVE-2016-1000136.yaml 2021-10-25 20:05:08 +07:00
Prince Chaddha 1db2405c25
Create CVE-2021-36749.yaml 2021-10-25 17:30:48 +05:30
GitHub Action ed4d1afd12 Auto Generated CVE annotations [Fri Oct 22 09:40:47 UTC 2021] 🤖 2021-10-22 09:40:47 +00:00
sandeep 41be58c633 misc update 2021-10-22 15:09:15 +05:30
Sandeep Singh b8aaf28eb6
Merge pull request #2901 from lethargynavigator/master 
CVE-2020-24589 template
 2021-10-21 22:27:25 +05:30
sandeep e7768bb348 misc update 2021-10-21 22:25:42 +05:30
lethargynavigator 15a8208fc6 full poc 2021-10-21 11:02:55 -04:00
GitHub Action 7cfaf6c7dd Auto Generated CVE annotations [Thu Oct 21 10:43:47 UTC 2021] 🤖 2021-10-21 10:43:47 +00:00
Prince Chaddha 9d80a9d0d9
Merge pull request #2929 from daffainfo/patch-239 
Create CVE-2016-1000143.yaml
 2021-10-21 16:12:25 +05:30
Prince Chaddha b39200b8e4
Update CVE-2021-33044.yaml 2021-10-21 15:47:46 +05:30
Philippe Delteil 56b0f60d5a
Update CVE-2021-41773.yaml 
Fixes false positive due to IPS/ 

 'Request denied by WatchGuard Firewall.</p><p><b> Reason: </b> IPS detected for "WEB Apache HTTP Server Path traversal (CVE-2021-41773)"'
 2021-10-21 00:57:23 -03:00
Sandeep Singh a21cec6362
Merge pull request #2844 from projectdiscovery/more-fixes 
Changes to adopt v2.5.3 engine
 2021-10-21 07:21:20 +05:30
Sandeep Singh df54ed28f7
Merge pull request #2942 from projectdiscovery/CVE-2019-2729 
Added CVE-2019-2729 (Oracle WebLogic  RCE)
 2021-10-21 05:42:29 +05:30
sandeep 323da341b2 Added CVE-2019-2729 (Oracle WebLogic RCE) 2021-10-21 05:37:30 +05:30
GitHub Action f05e7364ca Auto Generated CVE annotations [Wed Oct 20 22:40:20 UTC 2021] 🤖 2021-10-20 22:40:20 +00:00
Muhammad Daffa 8ac553e844
Create CVE-2016-1000143.yaml 2021-10-19 22:21:58 +07:00
Prince Chaddha 10ebb22fb8
Merge pull request #2910 from gy741/rule-add-v65 
Create CVE-2021-20031.yaml
 2021-10-19 18:23:40 +05:30
Prince Chaddha 181dda73ec
Update CVE-2021-33044.yaml 2021-10-19 17:44:06 +05:30
GwanYeong Kim 02655a9f22 Create CVE-2021-33044.yaml 
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-19 12:50:07 +09:00
sandeep 3175b12b22 Additional matcher 2021-10-19 03:19:32 +05:30
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
Prince Chaddha 2d83f055b4
Merge pull request #2908 from DhiyaneshGeek/master 
CVE-2020-10770
 2021-10-18 21:06:32 +05:30
Prince Chaddha fc81dd3b24
Update CVE-2020-10770.yaml 2021-10-18 21:03:29 +05:30
Prince Chaddha 9e37e202bd
Update CVE-2021-20031.yaml 2021-10-18 20:55:47 +05:30
Prince Chaddha 6346c6e93a
Update CVE-2021-20031.yaml 2021-10-18 20:52:36 +05:30
GitHub Action d2d4d01846 Auto Generated CVE annotations [Mon Oct 18 15:19:41 UTC 2021] 🤖 2021-10-18 15:19:41 +00:00
Prince Chaddha 09d4e1ea28
Merge pull request #2912 from wisnupramoedya/patch-2 
Create CVE-2018-10823.yaml
 2021-10-18 20:48:20 +05:30
Prince Chaddha 1753507a39
Merge pull request #2911 from wisnupramoedya/patch-1 
Create CVE-2018-10093.yaml
 2021-10-18 20:47:51 +05:30
GitHub Action 0762d645fb Auto Generated CVE annotations [Mon Oct 18 15:16:57 UTC 2021] 🤖 2021-10-18 15:16:57 +00:00
Prince Chaddha 868264f839
Update CVE-2018-10823.yaml 2021-10-18 20:46:01 +05:30
Prince Chaddha 9f30aa203b
Merge pull request #2913 from wisnupramoedya/patch-3 
Create CVE-2018-13980.yaml
 2021-10-18 20:45:06 +05:30
GitHub Action 79656346cd Auto Generated CVE annotations [Mon Oct 18 15:14:58 UTC 2021] 🤖 2021-10-18 15:14:58 +00:00
Wisnu Pramoedya cf1b818d5b
Create CVE-2018-12054.yaml 2021-10-18 20:04:38 +07:00
Wisnu Pramoedya 89f9d65d7d
Create CVE-2018-13980.yaml 2021-10-18 20:00:57 +07:00
Wisnu Pramoedya 7d007d29f0
Create CVE-2018-10823.yaml 2021-10-18 19:56:22 +07:00
Wisnu Pramoedya 98d8a15123
Create CVE-2018-10093.yaml 2021-10-18 19:44:09 +07:00
GwanYeong Kim c7fc202ef1 Create CVE-2021-20031.yaml 
A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-18 08:24:29 +09:00
sandeep a614391d3f Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into more-fixes 2021-10-18 03:14:44 +05:30
GitHub Action e8218febf5 Auto Generated CVE annotations [Sun Oct 17 16:03:20 UTC 2021] 🤖 2021-10-17 16:03:20 +00:00
Dhiyaneshwaran a9eca98f7f
Update CVE-2020-10770.yaml 2021-10-17 21:31:55 +05:30
Dhiyaneshwaran 9c8d006dbe
Create CVE-2020-10770.yaml 2021-10-17 21:29:45 +05:30
GitHub Action dfc4a64fdc Auto Generated CVE annotations [Sun Oct 17 11:26:16 UTC 2021] 🤖 2021-10-17 11:26:16 +00:00
Prince Chaddha bd2e856174
Merge pull request #2902 from Akokonunes/patch-57 
Create CVE-2015-4694.yaml
 2021-10-17 16:55:03 +05:30