c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
fc0085797b
Merge pull request #2321 from daffainfo/patch-129
...
Create CVE-2015-2807.yaml
2021-08-04 14:10:46 +05:30
ca92425071
Update CVE-2015-2807.yaml
2021-08-04 14:07:35 +05:30
2dec4a0326
Merge pull request #2320 from daffainfo/patch-128
...
Create CVE-2015-9414.yaml
2021-08-04 14:06:00 +05:30
80f52746e3
Update CVE-2015-9414.yaml
2021-08-04 14:03:38 +05:30
325c8a53f6
Merge pull request #2322 from gy741/rule-add-v51
...
Create CVE-2018-15745.yaml, CVE-2018-15517.yaml
2021-08-04 13:46:10 +05:30
0b3a307294
Update CVE-2018-15517.yaml
2021-08-04 13:44:42 +05:30
8cc213cec1
Update CVE-2018-15745.yaml
2021-08-04 13:42:14 +05:30
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
812d4faca2
Create CVE-2018-15517.yaml
...
Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:25:54 +09:00
adce7d2c39
Create CVE-2018-15745.yaml
...
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:16:24 +09:00
1d888e8b4e
Create CVE-2015-2807.yaml
2021-08-04 00:09:09 +07:00
e9313b15be
Create CVE-2015-9414.yaml
2021-08-04 00:07:14 +07:00
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
a4628d1f58
Merge pull request #2195 from daffainfo/patch-107
...
Create CVE-2016-1000153.yaml
2021-08-03 20:34:28 +05:30
cc715bd005
Merge pull request #2196 from daffainfo/patch-108
...
Create CVE-2016-1000155.yaml
2021-08-03 20:33:18 +05:30
a5f74e0484
Update CVE-2016-1000153.yaml
2021-08-03 20:33:02 +05:30
e6ea819b9c
Update CVE-2016-1000155.yaml
2021-08-03 20:31:20 +05:30
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
b927288f30
Update CVE-2020-6637.yaml
2021-08-03 19:25:06 +05:30
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
107c3594bf
Update CVE-2020-6637.yaml
2021-08-03 13:24:31 +05:30
41b06a2ed7
Merge pull request #2216 from pikpikcu/patch-223
...
Add Zimbra XSS
2021-08-03 13:22:42 +05:30
c4acd62307
Update CVE-2018-14013.yaml
2021-08-03 13:13:57 +05:30
1c83792023
Merge pull request #2314 from daffainfo/patch-126
...
Create CVE-2018-20470.yaml
2021-08-03 13:08:36 +05:30
3c03e28e55
Update CVE-2020-7796.yaml
2021-08-03 12:50:22 +05:30
d8007437ae
Update CVE-2020-7796.yaml
2021-08-03 12:50:10 +05:30
b02ea3266b
Update CVE-2020-7796.yaml
2021-08-03 12:47:55 +05:30
9620f4616e
Update CVE-2020-7796.yaml
2021-08-03 12:42:56 +05:30
9c16967fa5
Create CVE-2020-7796.yaml
...
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 09:31:23 +09:00
6e13d833ef
Create CVE-2018-19458.yaml
2021-08-03 06:20:58 +07:00
02d3258f2a
Create CVE-2018-20470.yaml
2021-08-03 06:19:42 +07:00
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
1939842ab6
Merge pull request #2219 from pikpikcu/patch-225
...
Add Dolibarr xss
2021-08-02 22:32:24 +05:30
f924e58b8e
Update CVE-2018-10095.yaml
2021-08-02 22:31:01 +05:30
dca1dd56b1
Merge pull request #2220 from pikpikcu/patch-226
...
Add Grav CMS XSS
2021-08-02 22:26:37 +05:30
e359b030f2
Update CVE-2018-5233.yaml
2021-08-02 22:25:21 +05:30
df1348ee5c
Merge pull request #2232 from daffainfo/patch-112
...
Create CVE-2014-8799.yaml
2021-08-02 22:00:52 +05:30
f93858622d
Update CVE-2014-8799.yaml
2021-08-02 21:59:27 +05:30
18722cd4f4
Merge pull request #2311 from gy741/rule-add-v48
...
Create CVE-2020-27361.yaml
2021-08-02 21:56:57 +05:30
347a850911
Merge pull request #2233 from pikpikcu/patch-232
...
Add Tiki Wiki CMS Groupware XSS
2021-08-02 21:48:20 +05:30
8627aadce0
Create CVE-2020-27361.yaml
...
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 01:17:48 +09:00
Prince Chaddha
Prince Chaddha
sandeep
GwanYeong Kim
Muhammad Daffa
Dwi Siswanto
Harsh Jaiswal