e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00
bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4
...
Create CVE-2021-24237.yaml
2021-06-16 01:56:39 +05:30
5cff973564
Added tags
2021-06-16 01:02:21 +05:30
c36419c94c
Added CVE-2021-28854
2021-06-16 01:01:01 +05:30
b5bdac494b
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates
2021-06-13 09:54:52 +03:00
3779eb70e0
Moved template to cves folder
2021-06-11 16:48:05 +05:30
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
ccdb667d3b
YML to YAML
2021-06-09 14:42:14 +05:30
1299ae621f
Update CVE-2021-28164.yml
2021-06-09 14:39:19 +05:30
eef5158207
Update CVE-2021-28164.yml
2021-06-09 14:38:12 +05:30
23cb4c4d9f
moving files around
2021-06-09 14:37:40 +05:30
0cdfd0468f
Update CVE-2021-24285.yaml
2021-06-09 04:01:21 +05:30
2953942c3c
Added CVE-2021-24285
2021-06-09 03:13:23 +05:30
8e13733d34
moving files around
2021-06-04 16:30:31 +05:30
5269cc1c87
Update CVE-2021-22122.yaml
2021-06-02 13:17:00 +05:30
2678721174
Added new path for CVE-2021-22122.yaml
2021-06-02 00:06:20 +01:00
19b73df6be
Update CVE-2021-21985.yaml
2021-05-31 19:44:44 +05:30
633644b159
Added CVE-2021-21985
2021-05-31 19:20:59 +05:30
0d8c5607cb
CVE-2021-33564.yaml
2021-05-29 02:33:38 +05:30
26fc5c2dfa
Added CVE-2021-27850
2021-05-21 09:04:16 +05:30
67bf4fab3c
Update CVE-2021-29622.yaml
2021-05-20 13:14:28 +00:00
dde1e5e736
Create CVE-2021-29622.yaml
2021-05-20 13:13:18 +00:00
78abf0d8a2
Merge pull request #1480 from nrathaus/master
...
Changes to reference and description
2021-05-17 21:54:41 +05:30
0cf6e5507e
Update and rename cves/2021/CVE-2021-31800.yaml to cves/2014/CVE-2014-3744.yaml
2021-05-17 13:18:10 +00:00
c0d13a6def
Merge pull request #1475 from Ganofins/patch-3
...
Create CVE-2021-24176.yaml
2021-05-16 22:15:39 +05:30
1d9cdf949b
Update CVE-2021-24176.yaml
2021-05-16 22:12:33 +05:30
dbdf6e8b6e
Better description
2021-05-16 15:53:51 +03:00
e46fcb9e9a
Adding CVE-2021-27651
2021-05-16 15:10:08 +05:30
4170b2d3e3
Create CVE-2021-24176.yaml
2021-05-16 12:59:32 +05:30
5e2eaaf7a7
Update CVE-2021-31800.yaml
2021-05-16 02:16:34 +05:30
4e1c4986f8
Create CVE-2021-31800.yaml
2021-05-15 18:56:07 +00:00
7b4d736b94
Adding additional matcher
2021-05-14 22:15:50 +05:30
77b95af240
Update CVE-2021-31537.yaml
2021-05-12 20:27:33 +00:00
8365697de4
Update CVE-2021-31537.yaml
2021-05-12 20:25:22 +00:00
7dcfccff74
Create CVE-2021-31537.yaml
2021-05-12 20:23:19 +00:00
988d09e2de
Added CVE-2021-28073
2021-05-07 20:30:23 +05:30
c56111663f
Added CVE-2021-30461
2021-05-07 18:00:10 +05:30
cee291e366
Merge pull request #1419 from dwisiswant0/add/GHSL-2020-325
...
Hotfix: Update operator
2021-05-07 16:46:43 +05:30
1f5cbe507c
Update operator
2021-05-06 16:24:08 +07:00
1198c7e724
Merge pull request #1382 from dwisiswant0/add/GHSL-2020-325
...
Add CVE-2021-29441
2021-05-05 18:26:10 +05:30
22f123ff79
template update
2021-05-05 18:23:07 +05:30
d2ea9d2da0
Using Get configurations open API endpoint
2021-05-04 13:18:55 +07:00
3a51f45be5
Update description
2021-04-28 21:01:25 +07:00
56d09dda92
Update CVE-2021-29442.yaml
2021-04-28 18:30:55 +05:30
64a45f2439
Add CVE-2021-29442
2021-04-28 12:01:34 +07:00
486103e0d4
Add CVE-2021-29441
2021-04-28 11:54:36 +07:00
ee74145a98
template update
2021-04-23 15:38:41 +05:30
76c08284ce
Adding more references
2021-04-23 14:21:15 +05:30
c539514cdd
Update CVE-2021-27905.yaml
2021-04-23 14:18:51 +05:30
33c9b30143
Template fix and minor updates
2021-04-23 14:14:49 +05:30
6ca4f1c5d2
Create CVE-2021-27905
2021-04-23 12:53:49 +05:30
2f434d0440
Update CVE-2021-24146.yaml
2021-04-23 08:50:02 +05:30
6cd5b9d35c
CVE update
2021-04-23 08:47:52 +05:30
65b6c57e9f
Temporarily removing this template
2021-04-22 09:46:29 +05:30
6cb0b89738
minor update
2021-04-21 12:46:44 +05:30
f91c579fb3
Update CVE-2021-28480.yaml
2021-04-21 12:24:19 +05:30
beb1ac700e
Update CVE-2021-28480.yaml
2021-04-21 02:51:05 +05:30
8e8ef1a0dd
Update CVE-2021-28480.yaml
2021-04-21 02:42:50 +05:30
5a8949554c
Create CVE-2021-28480.yaml
2021-04-21 02:34:10 +05:30
954fe60b85
Merge pull request #1286 from geeknik/patch-66
...
Create CVE-2021-3374.yaml
2021-04-17 20:45:29 +05:30
6bf828d61d
Update CVE-2021-28937.yaml
2021-04-16 02:21:48 +05:30
aa2ac6471d
Update CVE-2021-28937.yaml
2021-04-15 20:31:01 +00:00
e7a1fde388
Update CVE-2021-28937.yaml
2021-04-15 20:24:24 +00:00
6edf8c3a8b
Create CVE-2021-28937.yaml
2021-04-15 20:20:27 +00:00
a6417c6fa5
Update CVE-2021-3374.yaml
2021-04-14 23:54:48 +00:00
de7321344f
Create CVE-2021-3374.yaml
2021-04-14 20:56:03 +00:00
b0b45dd599
Update CVE-2021-30151.yaml
2021-04-11 17:51:41 +05:30
43e59a577e
Update CVE-2021-30151.yaml
2021-04-11 01:00:49 +05:30
4c9cbc1692
Update CVE-2021-30151.yaml
2021-04-11 00:57:38 +05:30
1692ef1821
Update CVE-2021-30151.yaml
2021-04-10 23:47:02 +05:30
1e0b6ea383
Update CVE-2021-30151.yaml
2021-04-10 23:43:37 +05:30
3e3db1c972
Update CVE-2021-30151.yaml
2021-04-10 23:37:38 +05:30
e87a0671ee
Create CVE-2021-30151.yaml
2021-04-10 22:58:27 +05:30
989ee9d9dd
Spelling
2021-04-06 13:38:03 +03:00
c2c7c9b0c2
Add header matcher
2021-04-02 07:17:18 +07:00
efae3ccd11
Update vulnerable paths
2021-04-02 07:11:37 +07:00
bb33d0597b
Update routes
2021-04-02 05:28:27 +07:00
029706a939
Add more vulnerable path
2021-04-02 05:17:29 +07:00
79c0046596
Update severity
2021-04-02 05:17:07 +07:00
ad69b05f11
🔥 Add CVE-2021-21402
2021-04-02 05:16:53 +07:00
570cc1a220
Update CVE-2021-21975.yaml
2021-03-31 22:45:42 +05:30
063d685ac5
Update CVE-2021-21975.yaml
2021-03-31 06:27:33 +05:30
94a4c87c3f
safe matcher
2021-03-31 06:22:10 +05:30
8f7e7cba24
Add CVE-2021-21975
2021-03-31 02:43:36 +03:00
66f141f733
Better reference
2021-03-25 12:08:15 +02:00
5d8bf70470
Merge pull request #1137 from nrathaus/master
...
Description and References on some templates were missing
2021-03-24 23:02:15 +05:30
bc5ab99237
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
8e781f97d0
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
7a8d56ee65
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
635cc7fae7
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
9987dc0c36
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
33e3fac8da
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
c55a72a168
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
38daf751a3
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
3876cb6b55
Create CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
93bc3a76b1
Better references and description
2021-03-24 08:48:11 +02:00
ca66fa321b
Update CVE-2021-22986.yaml
2021-03-22 18:21:42 +05:30
339077ff43
misc fixes
2021-03-22 01:19:30 +05:30
d021e2084e
Update CVE-2021-22986.yml
2021-03-21 21:48:27 +05:30
71886cb8ca
Adding F5 BIG-IP iControl REST Pre-Auth RCE
2021-03-21 20:08:00 +04:00
ad84ecb792
tag improvements
2021-03-18 13:24:36 +05:30
110617aa03
Merge pull request #961 from Mad-robot/master
...
CVE-2021-25281 wheel_async unauth access
2021-03-13 21:19:16 +05:30
06945d56a8
fixing typos
2021-03-10 19:33:49 +05:30
d6c3028f60
Spelling mistake
2021-03-10 13:49:34 +02:00
0161c03b65
Merge pull request #1027 from dwisiswant0/add/cves/2021/CVE-2021-21978
...
Add CVE-2021-21978
2021-03-10 01:56:23 +05:30
d04f747147
Spelling mistake in the parameter
2021-03-08 16:17:59 +02:00
3f840d0783
minor update
2021-03-08 19:41:41 +05:30
3c01c4df56
minor fix
2021-03-08 13:43:06 +05:30
0c761a2e85
No need for internet connection and leak to burp
2021-03-08 08:55:22 +01:00
855da4abcd
Additional references
2021-03-06 16:25:24 +05:30
c6deb0c2fc
misc changes
2021-03-06 13:04:26 +05:30
61327f4d96
Update CVE-2021-26855.yaml
2021-03-06 13:02:30 +05:30
9ac013952d
Update CVE-2021-26855.yaml
2021-03-06 12:46:45 +05:30
d12120355c
Update CVE-2021-26855.yaml
2021-03-06 12:37:41 +05:30
55e4c5d32e
Create CVE-2021-26855.yaml
2021-03-06 12:30:59 +05:30
df24aca916
✏️ Fix misspelling of 'image' in content-type
2021-03-05 15:29:13 +07:00
b2e4914f98
🔥 Add CVE-2021-21978
2021-03-05 15:27:05 +07:00
1a652283db
Update CVE-2021-21315.yaml
2021-03-04 20:28:32 +05:30
db15888b10
Merge pull request #998 from pikpikcu/patch-102
...
Create CVE-2021-21315
2021-03-04 20:27:55 +05:30
7c32ecd13e
improved matcher
2021-03-04 20:25:34 +05:30
6f9c901ca7
misc updates
2021-03-03 11:58:28 +05:30
a236c53d68
Update CVE-2021-21315.yaml
2021-03-03 00:43:48 +07:00
883bfacbdd
Merge pull request #993 from geeknik/patch-43
...
Create CVE-2021-27132.yaml
2021-03-02 21:45:35 +05:30
723ea55285
Create CVE-2021-21315.yaml
2021-03-02 11:02:08 +00:00
c56ba05165
Update CVE-2021-27330.yaml
2021-03-02 14:20:19 +05:30
5b690a9003
improving matcher
2021-03-02 12:36:11 +05:30
15f52ad586
Update CVE-2021-27132.yaml
...
omg typo
2021-03-01 20:34:15 +00:00
9a598c5335
Update CVE-2021-27132.yaml
2021-03-01 14:17:25 +00:00
a07d7bca4e
Create CVE-2021-27132.yaml
2021-03-01 14:15:30 +00:00
da44a0face
Create CVE-2021-27330.yaml
2021-03-01 11:46:14 +00:00
2b1c3aa29c
Merge pull request #985 from dwisiswant0/add/cves/2021/CVE-2021-3378
...
Add FortiLogger Unauthenticated Arbitrary File Upload
2021-03-01 14:20:36 +05:30
bea2bfee01
Added complete poc
2021-03-01 14:15:16 +05:30
f0e0bcfd04
Update CVE-2021-3378.yaml
2021-03-01 12:50:00 +05:30
4a4c9c3437
misc update
2021-03-01 12:27:18 +05:30
bb60b70454
🔨 Add missing matchers-condition
2021-03-01 07:33:25 +07:00
998216b8c0
🔥 Add CVE-2021-3378
2021-03-01 07:32:59 +07:00
530658c9da
Update CVE-2021-3129.yaml
2021-02-27 23:56:53 +05:30
6cb87158a7
improved matcher
2021-02-27 23:54:39 +05:30
705b0d05f3
Update CVE-2021-3129.yaml
2021-02-27 18:31:48 +05:30
dcd939ad97
Update CVE-2021-3129.yaml
2021-02-27 18:30:16 +05:30
d6e5c4df85
Update CVE-2021-3129.yaml
2021-02-27 18:27:42 +05:30
0781aa3d66
Adding CVE-2021-3129
2021-02-27 18:26:57 +05:30
586d4c7e8d
Update CVE-2021-25281.yaml
2021-02-26 18:12:25 +05:30
125f592c47
adding condition
2021-02-26 17:55:38 +05:30
c11420de46
Update CVE-2021-25281.yaml
2021-02-26 14:35:50 +05:30
d308f8734d
Update CVE-2021-25281.yaml
2021-02-26 14:32:59 +05:30
d719d890a0
Create CVE-2021-25281.yaml
2021-02-26 14:32:30 +05:30
6d514eee84
🔥 Add CVE-2021-21972
2021-02-25 07:37:02 +07:00
e1768ccede
Added CVE-2021-26710 ( #822 )
...
* Created CVE-2021-26710 🔥
2021-02-09 18:28:32 +05:30
cb926dc3b9
Added CVE-2021-26722 🔥 ( #821 )
2021-02-08 01:39:58 +05:30
316f0d5daa
Added CVE-2021-26723 🔥 ( #819 )
2021-02-07 21:11:09 +05:30
00d26c0608
Added tags to cves 😎 ( #813 )
...
* Added tags to cves 😎
2021-02-06 01:14:41 +05:30
33ae9284e2
Update CVE-2021-22122.yaml
2021-02-04 19:43:13 +05:30
2cae0785ca
🔥 Add CVE-2021-22122
2021-02-04 20:33:19 +07:00
b33a15f3e2
Update CVE-2021-25646.yaml
2021-02-03 21:42:03 +05:30
85db9df19d
CVE-2021-25646
2021-02-03 09:24:49 +00:00
aa7420713b
Create CVE-2021-3019.yaml
2021-01-30 12:22:35 +00:00
865c778d4b
few updates
2021-01-29 23:35:27 +05:30
5e7ae851f1
Added CVE-2021-22873
2021-01-24 19:37:25 +08:00
GwanYeong Kim
sandeep
lulz
Sandeep Singh
Noam Rathaus
Prince Chaddha
Dwi Siswanto
Prince Chaddha
root
0xsapra
Geeknik Labs
Ganesh Bagaria
Dhiyaneshwaran
SaN ThosH
daemonum
Rahul Maini
aron
sandeep
PikPikcU
pudsec