Rahul Maini
438ecc5186
Added CraftCMS SEOMatic Plugin SSTI
2023-10-12 14:53:59 +04:00
Ritik Chaddha
310ae76f45
word matcher update
2023-10-12 02:01:05 +05:30
Dhiyaneshwaran
4d60c41b3e
Create CVE-2023-4451.yaml
2023-10-11 20:41:07 +05:30
Ritik Chaddha
17d3db3a62
Update CVE-2023-37474.yaml
2023-10-11 14:07:22 +05:30
Aman Rawat
57d5228626
Update CVE-2023-37474.yaml
2023-10-11 13:56:49 +05:30
Aman Rawat
fa141157db
Create CVE-2023-37474.yaml
2023-10-11 13:52:27 +05:30
Ritik Chaddha
dc3ea52a88
Merge pull request #8336 from projectdiscovery/updated-oast
...
updated oast matchers
2023-10-11 13:12:50 +05:30
Dhiyaneshwaran
c97b868a5d
Create CVE-2022-25568.yaml
2023-10-11 02:31:40 +05:30
Dhiyaneshwaran
96885dc6e8
Create CVE-2023-35813.yaml (Sitecore - Remote Code Execution 🔥 ) ( #8363 )
...
* Create CVE-2023-35813.yaml
* Update CVE-2023-35813.yaml
* improved matcher
---------
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-10 23:26:29 +05:30
sandeep
3bf6fce75a
meta update
2023-10-10 20:28:10 +05:30
sandeep
b09a224654
improved matcher + variables
2023-10-10 20:22:53 +05:30
sandeep
0471ab31c7
Added CVE-2023-22515
2023-10-10 18:50:42 +05:30
Prince Chaddha
583beed216
updated protocol name
2023-10-10 15:13:10 +05:30
Dhiyaneshwaran
9db41d5400
Merge pull request #8293 from gy741/rule-add-v145
...
Create CVE-2023-30013.yaml
2023-10-10 12:25:13 +05:30
pussycat0x
2a2cf9fe8d
minor - update
2023-10-10 12:14:27 +05:30
Dhiyaneshwaran
6e000d1c7c
Merge pull request #8342 from projectdiscovery/CVE-2023-31465
...
Create CVE-2023-31465.yaml
2023-10-10 10:42:41 +05:30
Dhiyaneshwaran
293264df1a
oast tag added
2023-10-10 10:39:53 +05:30
Ritik Chaddha
8898dafede
Create CVE-2023-31465.yaml
2023-10-09 14:48:51 +05:30
Ritik Chaddha
072802c4dc
Create CVE-2023-41642.yaml
2023-10-09 14:46:15 +05:30
Dhiyaneshwaran
a07b5f8b38
Fix Matcher and Panel Move around
2023-10-09 13:48:46 +05:30
GwanYeong Kim
2565ddf6be
Create CVE-2023-34259.yaml
...
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-08 17:57:09 +09:00
Prince Chaddha
213b63e42a
updated oast matchers
2023-10-08 13:24:05 +05:30
Prince Chaddha
d28c19efa6
Update CVE-2020-8813.yaml
2023-10-08 12:48:55 +05:30
Dhiyaneshwaran
419a1c6224
Merge pull request #8290 from 5hank4r/main
...
CVE-2023-33405.yaml
2023-10-08 12:45:01 +05:30
HuTa0
aea032a150
Fix: CVE-2022-4321 ( #8330 )
...
* Fix: CVE-2022-4321
* added metadata
---------
Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 11:56:49 +05:30
Luis Felipe
9b1d7f3b71
Add files via upload
2023-10-05 15:36:49 -03:00
pussycat0x
e48b398bf3
Merge pull request #8315 from ctflearner/CVE-2023-38501
...
Create CVE-2023-38501.YAML
2023-10-05 23:38:26 +05:30
Ritik Chaddha
b479f9abb6
Update and rename CVE-2023-38501.YAML to CVE-2023-38501.yaml
2023-10-05 20:38:15 +05:30
Dhiyaneshwaran
aec030bdaa
Merge pull request #8308 from luisfelipe146/main
...
Create CVE-2023-2224.yaml
2023-10-05 17:29:16 +05:30
GitHub Action
00e5276685
TemplateMan Update [Thu Oct 5 11:56:54 UTC 2023] 🤖
2023-10-05 11:56:55 +00:00
Dhiyaneshwaran
a84dfa160c
Merge pull request #8316 from ctflearner/CVE-2022-48197
...
Create CVE-2022-48197.yaml
2023-10-05 17:24:51 +05:30
Ritik Chaddha
b40c62549b
matchers & info update
2023-10-05 13:15:20 +05:30
Ritik Chaddha
0f42303065
lint & format fix
2023-10-05 12:57:16 +05:30
Ritik Chaddha
7a7a867b7b
Update CVE-2023-2224.yaml
2023-10-05 11:35:30 +05:30
ctflearner
26d3cf0a94
Create CVE-2022-48197.yaml
2023-10-04 07:19:16 +05:30
ctflearner
6f37e9b554
Create CVE-2023-38501.YAML
2023-10-04 06:56:45 +05:30
Dhiyaneshwaran
751ddc980a
Create CVE-2023-33405.yaml
2023-10-03 18:33:29 +05:30
Ritik Chaddha
ac6bb1823c
Merge pull request #8272 from projectdiscovery/CVE-2023-22432
...
Create CVE-2023-22432.yaml
2023-10-03 13:40:06 +05:30
Ritik Chaddha
568b53ef70
Merge pull request #8295 from gy741/rule-add-v146
...
Create CVE-2023-30625.yaml
2023-10-03 13:33:19 +05:30
Ritik Chaddha
22c0b5891d
updated matcher & req
2023-10-03 13:32:34 +05:30
Ritik Chaddha
a334550a21
Merge pull request #8286 from jainiresh/patch-1
...
Update CVE-2019-6802.yaml
2023-10-03 13:19:37 +05:30
Ritik Chaddha
43fc4f3795
added status matcher
2023-10-03 13:18:23 +05:30
GitHub Action
172150f538
TemplateMan Update [Tue Oct 3 06:50:17 UTC 2023] 🤖
2023-10-03 06:50:18 +00:00
pussycat0x
e13ab6cfdd
Merge pull request #8301 from gy741/rule-add-v148
...
Create CVE-2023-33831.yaml
2023-10-03 12:18:01 +05:30
pussycat0x
1e956367e0
Update CVE-2023-33831.yaml
2023-10-03 12:13:22 +05:30
Luis Felipe
63dcb68b75
Create CVE-2023-2224.yaml
2023-10-02 08:57:09 -03:00
gy741
fef8a38e22
Create CVE-2023-43261 ( #8300 )
...
* Auto WordPress Plugins Update [Sun Oct 1 04:12:23 UTC 2023] 🤖
* Create CVE-2023-43261.yaml
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
* Revert "Auto WordPress Plugins Update [Sun Oct 1 04:12:23 UTC 2023] 🤖 "
This reverts commit ceb38c80b0
.
* added metadata
---------
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2023-10-02 13:51:12 +05:30
Dhiyaneshwaran
ffa4a84ba9
added metadata and updated matcher
2023-10-02 00:47:23 +05:30
GwanYeong Kim
06674c9bca
Create CVE-2023-33831.yaml
...
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-02 01:19:18 +09:00
Prince Chaddha
48b3253a7e
added additional matcher
2023-10-01 13:59:50 +05:30
GwanYeong Kim
208ff38843
Create CVE-2023-30013.yaml
...
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-30 13:15:00 +09:00
sandeep
ff450a65ba
strict matcher
2023-09-29 19:04:39 +05:30
sandeep
fd69046097
Added CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass)
2023-09-29 18:51:23 +05:30
sandeep
6784a9d2c1
format fix
2023-09-29 14:24:46 +05:30
jainiresh
5574a26f60
Update CVE-2019-6802.yaml
...
Updated to remove false positives.
As the previous change matches the words "Set-Cookie: crlfinjection=1" even if the words are present in the Location header too.
The updated code, will match only if the "Set-Cookie: crlfinjection=1" is actually a header, by verifying that it actually starts in the beginning of a response header.
2023-09-29 13:46:22 +05:30
GitHub Action
77bfd17949
TemplateMan Update [Fri Sep 29 05:57:07 UTC 2023] 🤖
2023-09-29 05:57:07 +00:00
pussycat0x
30217297c2
Merge pull request #8271 from projectdiscovery/CVE-2014-9180
...
Create CVE-2014-9180.yaml
2023-09-29 11:24:52 +05:30
Ritik Chaddha
e616bb0ec7
protocol update
2023-09-27 23:35:44 +05:30
Ritik Chaddha
bc957cd1a4
Update CVE-2023-42793.yaml
2023-09-27 23:35:06 +05:30
sandeep
f0ba24afa1
JetBrains TeamCity - Remote Code Execution (CVE-2023-42793)
2023-09-27 23:25:18 +05:30
Dhiyaneshwaran
dc6b9c1e73
metadata update
2023-09-27 14:39:20 +05:30
Dhiyaneshwaran
334c3be057
Create CVE-2023-22432.yaml
2023-09-27 14:38:24 +05:30
Dhiyaneshwaran
082966e07a
Create CVE-2014-9180.yaml
2023-09-27 14:13:02 +05:30
pussycat0x
e47239d4df
Merge pull request #8267 from projectdiscovery/CVE-2023-5074
...
Create CVE-2023-5074.yaml (Authentication Bypass in D-Link D-View 8 🔥 )
2023-09-26 21:24:12 +05:30
pussycat0x
17669c7fd8
lint -fix
2023-09-26 21:21:03 +05:30
pussycat0x
5f4f590e7f
Update CVE-2023-5074.yaml
2023-09-26 21:16:55 +05:30
pussycat0x
3b789d908b
Update CVE-2023-5074.yaml
2023-09-26 21:13:29 +05:30
GitHub Action
eec309f75f
TemplateMan Update [Tue Sep 26 15:42:15 UTC 2023] 🤖
2023-09-26 15:42:16 +00:00
pussycat0x
85868d5802
Merge pull request #8216 from zn9988/main
...
Create CVE-2023-2479.yaml
2023-09-26 21:09:57 +05:30
Dhiyaneshwaran
e48aa75f0f
fix-trail-spacing
2023-09-26 20:09:49 +05:30
Dhiyaneshwaran
52c9d36132
Create CVE-2023-5074.yaml
2023-09-26 20:05:39 +05:30
pussycat0x
634eb6f24f
Merge pull request #8225 from projectdiscovery/CVE-2023-36845
...
Create CVE-2023-36845.yaml (Juniper J-Web - Remote Code Execution 🔥 )
2023-09-26 18:57:53 +05:30
Dhiyaneshwaran
6d40f1256d
fix trail space
2023-09-26 12:42:57 +05:30
Dhiyaneshwaran
ae67cf87ba
minor update
2023-09-26 12:33:31 +05:30
GitHub Action
c79554fd80
TemplateMan Update [Tue Sep 26 05:47:05 UTC 2023] 🤖
2023-09-26 05:47:06 +00:00
Dhiyaneshwaran
2c1392e423
Merge pull request #8260 from kazet/zzzcms-rce-fp
...
ZZZCMS RCE is a false positive if we see phpinfo() without posting any data
2023-09-26 11:14:55 +05:30
Ritik Chaddha
59151619bc
req and matcher update
2023-09-26 10:19:09 +05:30
Krzysztof Zając
f188fcbe2f
more precise status code match
2023-09-25 16:28:43 +02:00
Krzysztof Zając
8e3d9c97ce
ZZZCMS RCE is a false positive if we see phpinfo() without posting any data
2023-09-25 16:24:23 +02:00
GwanYeong Kim
463f722ad7
Create CVE-2023-30625.yaml
...
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-24 18:15:00 +09:00
pentesttools-com
d549599606
fix: typo in cve-2023-23492 template name ( #8250 )
2023-09-23 15:12:58 +05:30
pentesttools-com
8c3ccf581b
fix: typo in template CVE-2023-24735 name
2023-09-21 11:10:50 +03:00
Ritik Chaddha
47f97458af
Create CVE-2023-42442.yaml
2023-09-20 16:14:04 +05:30
pussycat0x
3115469524
Merge pull request #8224 from projectdiscovery/CVE-2023-4568
...
Create CVE-2023-4568.yaml (PaperCut NG Unauthenticated XMLRPC Functionality 🔥 )
2023-09-19 13:50:04 +05:30
Dhiyaneshwaran
4dc094fffa
Create CVE-2023-36845.yaml
2023-09-19 07:24:05 +05:30
Ritik Chaddha
835179f9be
Merge pull request #8203 from projectdiscovery/CVE-2023-2766
...
Create CVE-2023-2766.yaml
2023-09-18 23:51:03 +05:30
Ritik Chaddha
6335a4e3a0
matcher and info update
2023-09-18 23:47:32 +05:30
Dhiyaneshwaran
681a1b3263
Create CVE-2023-4568.yaml
2023-09-18 23:06:47 +05:30
Dhiyaneshwaran
18f37d9226
Update CVE-2022-0342.yaml
2023-09-18 18:51:11 +05:30
Prince Chaddha
8e38345f0d
Merge pull request #7997 from SleepingBag945/some_tps
...
Added 124 Templates
2023-09-18 18:13:14 +05:30
Ritik Chaddha
d5dfd3302c
template update
2023-09-18 18:07:42 +05:30
Ritik Chaddha
601100cd0f
Merge pull request #8215 from projectdiscovery/princechaddha-patch-2
...
Create CVE-2023-41892.yaml
2023-09-18 15:20:42 +05:30
Dhiyaneshwaran
823e1b1f49
Merge pull request #8113 from harsh2403/patch-18
...
Create CVE-2023-37629.yaml
2023-09-18 15:18:37 +05:30
Prince Chaddha
716c8ddfce
updated matcher
2023-09-18 15:17:31 +05:30
Prince Chaddha
b6550ca831
updated matcher
2023-09-18 14:31:39 +05:30
Prince Chaddha
274c14e763
updated-templates-p
2023-09-17 14:21:38 +05:30
pussycat0x
0e4f7b0565
Update CVE-2023-2813.yaml
2023-09-17 13:41:16 +05:30
pussycat0x
1baa17c029
Fix FP -CVE-2023-2813
2023-09-17 13:37:19 +05:30
Prince Chaddha
88153faaf8
Merge branch 'main' into some_tps
2023-09-17 13:03:38 +05:30
pussycat0x
4ace2254fa
Merge pull request #8218 from projectdiscovery/CVE-2023-2813
...
Create CVE-2023-2813.yaml (48 Wordpress Themes Affected 🔥 )
2023-09-16 23:21:00 +05:30
Ritik Chaddha
0f037e9860
request update
2023-09-15 22:39:22 +05:30
GitHub Action
86659ff1f4
TemplateMan Update [Fri Sep 15 17:04:28 UTC 2023] 🤖
2023-09-15 17:04:28 +00:00
Ritik Chaddha
8f3dfab992
Merge pull request #8178 from meme-lord/phpinfo_template
...
Added template for CVE-2023-39677 MyPrestaModules PHPInfo
2023-09-15 22:32:31 +05:30
Ritik Chaddha
03eb0dedc8
Merge pull request #8204 from projectdiscovery/CVE-2023-22463
...
Create CVE-2023-22463.yaml (KubePi JwtSigKey - Login Bypass 🔥 )
2023-09-15 22:31:29 +05:30
Ritik Chaddha
89683e2c2b
info update
2023-09-15 22:24:13 +05:30
Ritik Chaddha
af6f3e0897
Merge pull request #8210 from projectdiscovery/CVE-2023-4714
...
Create CVE-2023-4714.yaml
2023-09-15 22:16:15 +05:30
Ritik Chaddha
428b82492d
matcher & info update
2023-09-15 22:16:06 +05:30
Ritik Chaddha
753e4e5af7
matcher update
2023-09-15 22:12:25 +05:30
Ritik Chaddha
b665b1b0e8
info update
2023-09-15 22:11:27 +05:30
Dhiyaneshwaran
f122fc3ec9
Create CVE-2023-2813.yaml
2023-09-15 18:19:17 +05:30
pussycat0x
c84e4ef64c
Templates - update
2023-09-15 17:53:57 +05:30
Dhiyaneshwaran
1353a5c204
added metadata
2023-09-15 15:54:32 +05:30
Prince Chaddha
d405588ec1
Create CVE-2023-41892.yaml
2023-09-15 12:44:48 +05:30
zn9988
a711c0cc04
Create CVE-2023-2479.yaml
2023-09-15 15:11:13 +08:00
Ritik Chaddha
67bf15b8cb
Update CVE-2023-25573.yaml
2023-09-14 23:02:41 +05:30
Dhiyaneshwaran
3d99f465a6
Update CVE-2023-4714.yaml
2023-09-14 20:41:26 +05:30
Dhiyaneshwaran
a35edf9795
Create CVE-2023-4714.yaml
2023-09-14 20:38:32 +05:30
Dhiyaneshwaran
9e2b1fa698
Update CVE-2023-25573.yaml
2023-09-14 20:34:56 +05:30
Dhiyaneshwaran
646084dced
Create CVE-2023-25573.yaml
2023-09-14 20:29:27 +05:30
Dhiyaneshwaran
db0ac300f5
Create CVE-2023-22463.yaml
2023-09-13 18:30:12 +05:30
Dhiyaneshwaran
82d46bb11d
Create CVE-2023-2766.yaml
2023-09-13 18:07:55 +05:30
pussycat0x
a14aed0579
Merge pull request #8197 from pphuahua/patch-1
...
Fixed CVE-2022-23854.yaml
2023-09-13 11:36:11 +05:30
pussycat0x
b4b8015c73
Merge pull request #8173 from meme-lord/main
...
Added template for CVE-2023-39676 FieldPopupNewsletter XSS
2023-09-12 17:27:58 +05:30
pussycat0x
f9fe314b2c
name - update
2023-09-12 17:15:08 +05:30
Dhiyaneshwaran
b9b992446b
Update CVE-2022-23854.yaml
2023-09-12 15:41:24 +05:30
GitHub Action
78e1d30ab4
TemplateMan Update [Tue Sep 12 10:04:40 UTC 2023] 🤖
2023-09-12 10:04:40 +00:00
Dhiyaneshwaran
38048e3023
Merge pull request #8120 from projectdiscovery/CVE-2023-30943
...
Create CVE-2023-30943.yaml
2023-09-12 15:32:40 +05:30
Ritik Chaddha
74eff31e1d
info update
2023-09-12 12:50:58 +05:30
Ritik Chaddha
8508734893
added classification
2023-09-12 12:49:44 +05:30
Ritik Chaddha
5a9459d0fd
updated template
2023-09-12 12:44:40 +05:30
Dhiyaneshwaran
7f13992675
added content-type
2023-09-12 11:44:58 +05:30
pphua
14c8f415d5
Update CVE-2022-23854.yaml
...
Due to version differences, sometimes there is no "EricomSecureGateway" in the http response.
2023-09-12 14:01:48 +08:00
Prince Chaddha
f9cf8a303a
Merge pull request #8169 from projectdiscovery/remediations
...
Updating remediation for CVEs
2023-09-11 20:03:59 +05:30
pussycat0x
921a06f483
Merge pull request #8187 from muthumohanprasath/muthumohanprasath-patch-1
...
Create CVE-2023-39598.yaml
2023-09-11 15:41:20 +05:30
Dhiyaneshwaran
e6912e6342
corrected description
2023-09-11 13:09:49 +05:30
Dhiyaneshwaran
d888ca0d4b
Update CVE-2023-39677.yaml
2023-09-11 12:27:02 +05:30
Dhiyaneshwaran
5da357447f
Update CVE-2023-39676.yaml
2023-09-11 12:14:30 +05:30
Prince Chaddha
cf900022f5
Merge branch 'main' into remediations
2023-09-11 12:02:51 +05:30
Dhiyaneshwaran
b71a7bb05c
Merge pull request #8188 from muthumohanprasath/muthumohanprasath-patch-2
...
Create CVE-2023-39600.yaml
2023-09-10 22:28:58 +05:30
Ritik Chaddha
8bb91fcd4f
Rename CVE-2023-38433.yaml to CVE-2023-38433.yaml
2023-09-10 20:06:14 +05:30
Ritik Chaddha
4471d442e0
matcher update
2023-09-10 20:04:42 +05:30
Ritik Chaddha
3ea7388fa2
Rename CVE-2023-39598.yaml to CVE-2023-39598.yaml
2023-09-10 20:03:49 +05:30
Ritik Chaddha
8196867c7a
Update and rename CVE-2023-39600.yaml to CVE-2023-39600.yaml
2023-09-10 20:02:16 +05:30
Ritik Chaddha
2b0d68f7e7
matcher update
2023-09-10 20:01:33 +05:30
J4vaovo
356c07ccdc
add matchers-condition: and
2023-09-10 21:44:34 +08:00
GitHub Action
63bcb69d6f
TemplateMan Update [Sat Sep 9 17:06:23 UTC 2023] 🤖
2023-09-09 17:06:24 +00:00
Dhiyaneshwaran
216236de8c
Merge pull request #8157 from projectdiscovery/princechaddha-patch-3
...
Update CVE-2019-11580.yaml
2023-09-09 22:34:13 +05:30
meme-lord
c36a419cac
added myprestamodules phpinfo template
2023-09-08 12:30:28 +01:00
meme-lord
dad997b818
added template for CVE-2023-39676 FieldPopupNewsletter XSS
2023-09-07 10:43:17 +01:00
Prince Chaddha
e418b30d19
Merge branch 'remediations' of https://github.com/projectdiscovery/nuclei-templates into remediations
2023-09-06 18:53:19 +05:30