Commit Graph

1249 Commits (42d09c853ac55d5b457904015e54c87a06c0e8a8)

Author SHA1 Message Date
Rahul Maini 438ecc5186 Added CraftCMS SEOMatic Plugin SSTI 2023-10-12 14:53:59 +04:00
Ritik Chaddha 310ae76f45
word matcher update 2023-10-12 02:01:05 +05:30
Dhiyaneshwaran 4d60c41b3e
Create CVE-2023-4451.yaml 2023-10-11 20:41:07 +05:30
Ritik Chaddha 17d3db3a62
Update CVE-2023-37474.yaml 2023-10-11 14:07:22 +05:30
Aman Rawat 57d5228626
Update CVE-2023-37474.yaml 2023-10-11 13:56:49 +05:30
Aman Rawat fa141157db
Create CVE-2023-37474.yaml 2023-10-11 13:52:27 +05:30
Ritik Chaddha dc3ea52a88
Merge pull request #8336 from projectdiscovery/updated-oast
updated oast matchers
2023-10-11 13:12:50 +05:30
Dhiyaneshwaran c97b868a5d
Create CVE-2022-25568.yaml 2023-10-11 02:31:40 +05:30
Dhiyaneshwaran 96885dc6e8
Create CVE-2023-35813.yaml (Sitecore - Remote Code Execution 🔥 ) (#8363)
* Create CVE-2023-35813.yaml

* Update CVE-2023-35813.yaml

* improved matcher

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-10 23:26:29 +05:30
sandeep 3bf6fce75a meta update 2023-10-10 20:28:10 +05:30
sandeep b09a224654 improved matcher + variables 2023-10-10 20:22:53 +05:30
sandeep 0471ab31c7 Added CVE-2023-22515 2023-10-10 18:50:42 +05:30
Prince Chaddha 583beed216
updated protocol name 2023-10-10 15:13:10 +05:30
Dhiyaneshwaran 9db41d5400
Merge pull request #8293 from gy741/rule-add-v145
Create CVE-2023-30013.yaml
2023-10-10 12:25:13 +05:30
pussycat0x 2a2cf9fe8d
minor - update 2023-10-10 12:14:27 +05:30
Dhiyaneshwaran 6e000d1c7c
Merge pull request #8342 from projectdiscovery/CVE-2023-31465
Create CVE-2023-31465.yaml
2023-10-10 10:42:41 +05:30
Dhiyaneshwaran 293264df1a
oast tag added 2023-10-10 10:39:53 +05:30
Ritik Chaddha 8898dafede
Create CVE-2023-31465.yaml 2023-10-09 14:48:51 +05:30
Ritik Chaddha 072802c4dc
Create CVE-2023-41642.yaml 2023-10-09 14:46:15 +05:30
Dhiyaneshwaran a07b5f8b38 Fix Matcher and Panel Move around 2023-10-09 13:48:46 +05:30
GwanYeong Kim 2565ddf6be Create CVE-2023-34259.yaml
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-08 17:57:09 +09:00
Prince Chaddha 213b63e42a updated oast matchers 2023-10-08 13:24:05 +05:30
Prince Chaddha d28c19efa6
Update CVE-2020-8813.yaml 2023-10-08 12:48:55 +05:30
Dhiyaneshwaran 419a1c6224
Merge pull request #8290 from 5hank4r/main
CVE-2023-33405.yaml
2023-10-08 12:45:01 +05:30
HuTa0 aea032a150
Fix: CVE-2022-4321 (#8330)
* Fix: CVE-2022-4321

* added metadata

---------

Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 11:56:49 +05:30
Luis Felipe 9b1d7f3b71
Add files via upload 2023-10-05 15:36:49 -03:00
pussycat0x e48b398bf3
Merge pull request #8315 from ctflearner/CVE-2023-38501
Create CVE-2023-38501.YAML
2023-10-05 23:38:26 +05:30
Ritik Chaddha b479f9abb6
Update and rename CVE-2023-38501.YAML to CVE-2023-38501.yaml 2023-10-05 20:38:15 +05:30
Dhiyaneshwaran aec030bdaa
Merge pull request #8308 from luisfelipe146/main
Create CVE-2023-2224.yaml
2023-10-05 17:29:16 +05:30
GitHub Action 00e5276685 TemplateMan Update [Thu Oct 5 11:56:54 UTC 2023] 🤖 2023-10-05 11:56:55 +00:00
Dhiyaneshwaran a84dfa160c
Merge pull request #8316 from ctflearner/CVE-2022-48197
Create CVE-2022-48197.yaml
2023-10-05 17:24:51 +05:30
Ritik Chaddha b40c62549b
matchers & info update 2023-10-05 13:15:20 +05:30
Ritik Chaddha 0f42303065
lint & format fix 2023-10-05 12:57:16 +05:30
Ritik Chaddha 7a7a867b7b
Update CVE-2023-2224.yaml 2023-10-05 11:35:30 +05:30
ctflearner 26d3cf0a94
Create CVE-2022-48197.yaml 2023-10-04 07:19:16 +05:30
ctflearner 6f37e9b554
Create CVE-2023-38501.YAML 2023-10-04 06:56:45 +05:30
Dhiyaneshwaran 751ddc980a
Create CVE-2023-33405.yaml 2023-10-03 18:33:29 +05:30
Ritik Chaddha ac6bb1823c
Merge pull request #8272 from projectdiscovery/CVE-2023-22432
Create CVE-2023-22432.yaml
2023-10-03 13:40:06 +05:30
Ritik Chaddha 568b53ef70
Merge pull request #8295 from gy741/rule-add-v146
Create CVE-2023-30625.yaml
2023-10-03 13:33:19 +05:30
Ritik Chaddha 22c0b5891d
updated matcher & req 2023-10-03 13:32:34 +05:30
Ritik Chaddha a334550a21
Merge pull request #8286 from jainiresh/patch-1
Update CVE-2019-6802.yaml
2023-10-03 13:19:37 +05:30
Ritik Chaddha 43fc4f3795
added status matcher 2023-10-03 13:18:23 +05:30
GitHub Action 172150f538 TemplateMan Update [Tue Oct 3 06:50:17 UTC 2023] 🤖 2023-10-03 06:50:18 +00:00
pussycat0x e13ab6cfdd
Merge pull request #8301 from gy741/rule-add-v148
Create CVE-2023-33831.yaml
2023-10-03 12:18:01 +05:30
pussycat0x 1e956367e0
Update CVE-2023-33831.yaml 2023-10-03 12:13:22 +05:30
Luis Felipe 63dcb68b75
Create CVE-2023-2224.yaml 2023-10-02 08:57:09 -03:00
gy741 fef8a38e22
Create CVE-2023-43261 (#8300)
* Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖

* Create CVE-2023-43261.yaml

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* Revert "Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖"

This reverts commit ceb38c80b0.

* added metadata

---------

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2023-10-02 13:51:12 +05:30
Dhiyaneshwaran ffa4a84ba9
added metadata and updated matcher 2023-10-02 00:47:23 +05:30
GwanYeong Kim 06674c9bca Create CVE-2023-33831.yaml
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-02 01:19:18 +09:00
Prince Chaddha 48b3253a7e added additional matcher 2023-10-01 13:59:50 +05:30
GwanYeong Kim 208ff38843 Create CVE-2023-30013.yaml
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-30 13:15:00 +09:00
sandeep ff450a65ba strict matcher 2023-09-29 19:04:39 +05:30
sandeep fd69046097 Added CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass) 2023-09-29 18:51:23 +05:30
sandeep 6784a9d2c1 format fix 2023-09-29 14:24:46 +05:30
jainiresh 5574a26f60
Update CVE-2019-6802.yaml
Updated to remove false positives.
As the previous change matches the words "Set-Cookie: crlfinjection=1" even if the words are present in the Location header too.

The updated code, will match only if the "Set-Cookie: crlfinjection=1" is actually a header, by verifying that it actually starts in the beginning of a response header.
2023-09-29 13:46:22 +05:30
GitHub Action 77bfd17949 TemplateMan Update [Fri Sep 29 05:57:07 UTC 2023] 🤖 2023-09-29 05:57:07 +00:00
pussycat0x 30217297c2
Merge pull request #8271 from projectdiscovery/CVE-2014-9180
Create CVE-2014-9180.yaml
2023-09-29 11:24:52 +05:30
Ritik Chaddha e616bb0ec7
protocol update 2023-09-27 23:35:44 +05:30
Ritik Chaddha bc957cd1a4
Update CVE-2023-42793.yaml 2023-09-27 23:35:06 +05:30
sandeep f0ba24afa1 JetBrains TeamCity - Remote Code Execution (CVE-2023-42793) 2023-09-27 23:25:18 +05:30
Dhiyaneshwaran dc6b9c1e73
metadata update 2023-09-27 14:39:20 +05:30
Dhiyaneshwaran 334c3be057
Create CVE-2023-22432.yaml 2023-09-27 14:38:24 +05:30
Dhiyaneshwaran 082966e07a
Create CVE-2014-9180.yaml 2023-09-27 14:13:02 +05:30
pussycat0x e47239d4df
Merge pull request #8267 from projectdiscovery/CVE-2023-5074
Create CVE-2023-5074.yaml (Authentication Bypass in D-Link D-View 8 🔥 )
2023-09-26 21:24:12 +05:30
pussycat0x 17669c7fd8
lint -fix 2023-09-26 21:21:03 +05:30
pussycat0x 5f4f590e7f
Update CVE-2023-5074.yaml 2023-09-26 21:16:55 +05:30
pussycat0x 3b789d908b
Update CVE-2023-5074.yaml 2023-09-26 21:13:29 +05:30
GitHub Action eec309f75f TemplateMan Update [Tue Sep 26 15:42:15 UTC 2023] 🤖 2023-09-26 15:42:16 +00:00
pussycat0x 85868d5802
Merge pull request #8216 from zn9988/main
Create CVE-2023-2479.yaml
2023-09-26 21:09:57 +05:30
Dhiyaneshwaran e48aa75f0f
fix-trail-spacing 2023-09-26 20:09:49 +05:30
Dhiyaneshwaran 52c9d36132
Create CVE-2023-5074.yaml 2023-09-26 20:05:39 +05:30
pussycat0x 634eb6f24f
Merge pull request #8225 from projectdiscovery/CVE-2023-36845
Create CVE-2023-36845.yaml (Juniper J-Web - Remote Code Execution 🔥 )
2023-09-26 18:57:53 +05:30
Dhiyaneshwaran 6d40f1256d
fix trail space 2023-09-26 12:42:57 +05:30
Dhiyaneshwaran ae67cf87ba
minor update 2023-09-26 12:33:31 +05:30
GitHub Action c79554fd80 TemplateMan Update [Tue Sep 26 05:47:05 UTC 2023] 🤖 2023-09-26 05:47:06 +00:00
Dhiyaneshwaran 2c1392e423
Merge pull request #8260 from kazet/zzzcms-rce-fp
ZZZCMS RCE is a false positive if we see phpinfo() without posting any data
2023-09-26 11:14:55 +05:30
Ritik Chaddha 59151619bc
req and matcher update 2023-09-26 10:19:09 +05:30
Krzysztof Zając f188fcbe2f more precise status code match 2023-09-25 16:28:43 +02:00
Krzysztof Zając 8e3d9c97ce ZZZCMS RCE is a false positive if we see phpinfo() without posting any data 2023-09-25 16:24:23 +02:00
GwanYeong Kim 463f722ad7 Create CVE-2023-30625.yaml
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-24 18:15:00 +09:00
pentesttools-com d549599606
fix: typo in cve-2023-23492 template name (#8250) 2023-09-23 15:12:58 +05:30
pentesttools-com 8c3ccf581b
fix: typo in template CVE-2023-24735 name 2023-09-21 11:10:50 +03:00
Ritik Chaddha 47f97458af
Create CVE-2023-42442.yaml 2023-09-20 16:14:04 +05:30
pussycat0x 3115469524
Merge pull request #8224 from projectdiscovery/CVE-2023-4568
Create CVE-2023-4568.yaml (PaperCut NG Unauthenticated XMLRPC Functionality 🔥 )
2023-09-19 13:50:04 +05:30
Dhiyaneshwaran 4dc094fffa
Create CVE-2023-36845.yaml 2023-09-19 07:24:05 +05:30
Ritik Chaddha 835179f9be
Merge pull request #8203 from projectdiscovery/CVE-2023-2766
Create CVE-2023-2766.yaml
2023-09-18 23:51:03 +05:30
Ritik Chaddha 6335a4e3a0
matcher and info update 2023-09-18 23:47:32 +05:30
Dhiyaneshwaran 681a1b3263
Create CVE-2023-4568.yaml 2023-09-18 23:06:47 +05:30
Dhiyaneshwaran 18f37d9226
Update CVE-2022-0342.yaml 2023-09-18 18:51:11 +05:30
Prince Chaddha 8e38345f0d
Merge pull request #7997 from SleepingBag945/some_tps
Added 124 Templates
2023-09-18 18:13:14 +05:30
Ritik Chaddha d5dfd3302c template update 2023-09-18 18:07:42 +05:30
Ritik Chaddha 601100cd0f
Merge pull request #8215 from projectdiscovery/princechaddha-patch-2
Create CVE-2023-41892.yaml
2023-09-18 15:20:42 +05:30
Dhiyaneshwaran 823e1b1f49
Merge pull request #8113 from harsh2403/patch-18
Create CVE-2023-37629.yaml
2023-09-18 15:18:37 +05:30
Prince Chaddha 716c8ddfce
updated matcher 2023-09-18 15:17:31 +05:30
Prince Chaddha b6550ca831
updated matcher 2023-09-18 14:31:39 +05:30
Prince Chaddha 274c14e763 updated-templates-p 2023-09-17 14:21:38 +05:30
pussycat0x 0e4f7b0565
Update CVE-2023-2813.yaml 2023-09-17 13:41:16 +05:30
pussycat0x 1baa17c029 Fix FP -CVE-2023-2813 2023-09-17 13:37:19 +05:30
Prince Chaddha 88153faaf8
Merge branch 'main' into some_tps 2023-09-17 13:03:38 +05:30
pussycat0x 4ace2254fa
Merge pull request #8218 from projectdiscovery/CVE-2023-2813
Create CVE-2023-2813.yaml (48 Wordpress Themes Affected 🔥 )
2023-09-16 23:21:00 +05:30
Ritik Chaddha 0f037e9860
request update 2023-09-15 22:39:22 +05:30
GitHub Action 86659ff1f4 TemplateMan Update [Fri Sep 15 17:04:28 UTC 2023] 🤖 2023-09-15 17:04:28 +00:00
Ritik Chaddha 8f3dfab992
Merge pull request #8178 from meme-lord/phpinfo_template
Added template for CVE-2023-39677 MyPrestaModules PHPInfo
2023-09-15 22:32:31 +05:30
Ritik Chaddha 03eb0dedc8
Merge pull request #8204 from projectdiscovery/CVE-2023-22463
Create CVE-2023-22463.yaml (KubePi JwtSigKey - Login Bypass 🔥 )
2023-09-15 22:31:29 +05:30
Ritik Chaddha 89683e2c2b
info update 2023-09-15 22:24:13 +05:30
Ritik Chaddha af6f3e0897
Merge pull request #8210 from projectdiscovery/CVE-2023-4714
Create CVE-2023-4714.yaml
2023-09-15 22:16:15 +05:30
Ritik Chaddha 428b82492d
matcher & info update 2023-09-15 22:16:06 +05:30
Ritik Chaddha 753e4e5af7
matcher update 2023-09-15 22:12:25 +05:30
Ritik Chaddha b665b1b0e8
info update 2023-09-15 22:11:27 +05:30
Dhiyaneshwaran f122fc3ec9
Create CVE-2023-2813.yaml 2023-09-15 18:19:17 +05:30
pussycat0x c84e4ef64c Templates - update 2023-09-15 17:53:57 +05:30
Dhiyaneshwaran 1353a5c204
added metadata 2023-09-15 15:54:32 +05:30
Prince Chaddha d405588ec1
Create CVE-2023-41892.yaml 2023-09-15 12:44:48 +05:30
zn9988 a711c0cc04
Create CVE-2023-2479.yaml 2023-09-15 15:11:13 +08:00
Ritik Chaddha 67bf15b8cb
Update CVE-2023-25573.yaml 2023-09-14 23:02:41 +05:30
Dhiyaneshwaran 3d99f465a6
Update CVE-2023-4714.yaml 2023-09-14 20:41:26 +05:30
Dhiyaneshwaran a35edf9795
Create CVE-2023-4714.yaml 2023-09-14 20:38:32 +05:30
Dhiyaneshwaran 9e2b1fa698
Update CVE-2023-25573.yaml 2023-09-14 20:34:56 +05:30
Dhiyaneshwaran 646084dced
Create CVE-2023-25573.yaml 2023-09-14 20:29:27 +05:30
Dhiyaneshwaran db0ac300f5
Create CVE-2023-22463.yaml 2023-09-13 18:30:12 +05:30
Dhiyaneshwaran 82d46bb11d
Create CVE-2023-2766.yaml 2023-09-13 18:07:55 +05:30
pussycat0x a14aed0579
Merge pull request #8197 from pphuahua/patch-1
Fixed CVE-2022-23854.yaml
2023-09-13 11:36:11 +05:30
pussycat0x b4b8015c73
Merge pull request #8173 from meme-lord/main
Added template for CVE-2023-39676 FieldPopupNewsletter XSS
2023-09-12 17:27:58 +05:30
pussycat0x f9fe314b2c name - update 2023-09-12 17:15:08 +05:30
Dhiyaneshwaran b9b992446b
Update CVE-2022-23854.yaml 2023-09-12 15:41:24 +05:30
GitHub Action 78e1d30ab4 TemplateMan Update [Tue Sep 12 10:04:40 UTC 2023] 🤖 2023-09-12 10:04:40 +00:00
Dhiyaneshwaran 38048e3023
Merge pull request #8120 from projectdiscovery/CVE-2023-30943
Create CVE-2023-30943.yaml
2023-09-12 15:32:40 +05:30
Ritik Chaddha 74eff31e1d
info update 2023-09-12 12:50:58 +05:30
Ritik Chaddha 8508734893
added classification 2023-09-12 12:49:44 +05:30
Ritik Chaddha 5a9459d0fd
updated template 2023-09-12 12:44:40 +05:30
Dhiyaneshwaran 7f13992675
added content-type 2023-09-12 11:44:58 +05:30
pphua 14c8f415d5
Update CVE-2022-23854.yaml
Due to version differences, sometimes there is no "EricomSecureGateway" in the http response.
2023-09-12 14:01:48 +08:00
Prince Chaddha f9cf8a303a
Merge pull request #8169 from projectdiscovery/remediations
Updating remediation for CVEs
2023-09-11 20:03:59 +05:30
pussycat0x 921a06f483
Merge pull request #8187 from muthumohanprasath/muthumohanprasath-patch-1
Create CVE-2023-39598.yaml
2023-09-11 15:41:20 +05:30
Dhiyaneshwaran e6912e6342
corrected description 2023-09-11 13:09:49 +05:30
Dhiyaneshwaran d888ca0d4b
Update CVE-2023-39677.yaml 2023-09-11 12:27:02 +05:30
Dhiyaneshwaran 5da357447f
Update CVE-2023-39676.yaml 2023-09-11 12:14:30 +05:30
Prince Chaddha cf900022f5
Merge branch 'main' into remediations 2023-09-11 12:02:51 +05:30
Dhiyaneshwaran b71a7bb05c
Merge pull request #8188 from muthumohanprasath/muthumohanprasath-patch-2
Create CVE-2023-39600.yaml
2023-09-10 22:28:58 +05:30
Ritik Chaddha 8bb91fcd4f
Rename CVE-2023-38433.yaml to CVE-2023-38433.yaml 2023-09-10 20:06:14 +05:30
Ritik Chaddha 4471d442e0
matcher update 2023-09-10 20:04:42 +05:30
Ritik Chaddha 3ea7388fa2
Rename CVE-2023-39598.yaml to CVE-2023-39598.yaml 2023-09-10 20:03:49 +05:30
Ritik Chaddha 8196867c7a
Update and rename CVE-2023-39600.yaml to CVE-2023-39600.yaml 2023-09-10 20:02:16 +05:30
Ritik Chaddha 2b0d68f7e7
matcher update 2023-09-10 20:01:33 +05:30
J4vaovo 356c07ccdc
add matchers-condition: and 2023-09-10 21:44:34 +08:00
GitHub Action 63bcb69d6f TemplateMan Update [Sat Sep 9 17:06:23 UTC 2023] 🤖 2023-09-09 17:06:24 +00:00
Dhiyaneshwaran 216236de8c
Merge pull request #8157 from projectdiscovery/princechaddha-patch-3
Update CVE-2019-11580.yaml
2023-09-09 22:34:13 +05:30
meme-lord c36a419cac added myprestamodules phpinfo template 2023-09-08 12:30:28 +01:00
meme-lord dad997b818 added template for CVE-2023-39676 FieldPopupNewsletter XSS 2023-09-07 10:43:17 +01:00
Prince Chaddha e418b30d19 Merge branch 'remediations' of https://github.com/projectdiscovery/nuclei-templates into remediations 2023-09-06 18:53:19 +05:30