76a82eba55
Create php-scanner.yaml
2021-08-04 19:18:37 -05:00
d669c81dcd
Create perl-scanner.yaml
2021-08-04 19:17:11 -05:00
977ee39529
Merge pull request #2080 from pratikkhalane/master
...
Tieline Default Credentials - Create CVE-2021-35336
2021-08-05 00:05:48 +05:30
2ad4805bcd
Add files via upload
2021-08-04 22:43:45 +05:30
ed8ba1451d
Update springboot-metrics.yaml
2021-08-04 22:17:33 +05:30
cb63ec5176
Update springboot-dump.yaml
2021-08-04 22:17:01 +05:30
255fe969b5
Update tieline.yaml
2021-08-04 22:11:10 +05:30
4715314c2b
Add files via upload
2021-08-04 22:08:47 +05:30
cb0483267a
Create qdpm-info-leak.yaml
...
The password and connection string for the database are stored in a yml file. To access the yml file you can go to http://<website>/core/config/databases.yml file and download.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-05 01:36:27 +09:00
878508b887
Update tieline.yaml
2021-08-04 22:05:51 +05:30
3dc1196970
Update and rename default-logins/Tieline/Tieline.yaml to default-logins/tieline/tieline.yaml
2021-08-04 22:04:06 +05:30
41dfa0e69e
Merge pull request #2190 from meme-lord/master
...
Added Prestashop module fuzz template
2021-08-04 21:59:34 +05:30
d50fc14b74
Update prestashop-module-fuzz.yaml
2021-08-04 21:58:54 +05:30
3c9b6e955c
Additional matchers
2021-08-04 21:55:59 +05:30
6d04bd3757
Update favicon-detection.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-05 01:21:36 +09:00
40f3693456
Added page specific matcher
2021-08-04 21:32:50 +05:30
3ba7cb6221
misc update
2021-08-04 20:44:32 +05:30
c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
fc0085797b
Merge pull request #2321 from daffainfo/patch-129
...
Create CVE-2015-2807.yaml
2021-08-04 14:10:46 +05:30
ca92425071
Update CVE-2015-2807.yaml
2021-08-04 14:07:35 +05:30
2dec4a0326
Merge pull request #2320 from daffainfo/patch-128
...
Create CVE-2015-9414.yaml
2021-08-04 14:06:00 +05:30
80f52746e3
Update CVE-2015-9414.yaml
2021-08-04 14:03:38 +05:30
325c8a53f6
Merge pull request #2322 from gy741/rule-add-v51
...
Create CVE-2018-15745.yaml, CVE-2018-15517.yaml
2021-08-04 13:46:10 +05:30
0b3a307294
Update CVE-2018-15517.yaml
2021-08-04 13:44:42 +05:30
8cc213cec1
Update CVE-2018-15745.yaml
2021-08-04 13:42:14 +05:30
c90fad00cc
Merge pull request #2323 from projectdiscovery/CVE-2021-28151-fix
...
CVE-2021-28151 Fix
2021-08-04 12:12:49 +05:30
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
812d4faca2
Create CVE-2018-15517.yaml
...
Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:25:54 +09:00
adce7d2c39
Create CVE-2018-15745.yaml
...
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:16:24 +09:00
1d888e8b4e
Create CVE-2015-2807.yaml
2021-08-04 00:09:09 +07:00
e9313b15be
Create CVE-2015-9414.yaml
2021-08-04 00:07:14 +07:00
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
a4628d1f58
Merge pull request #2195 from daffainfo/patch-107
...
Create CVE-2016-1000153.yaml
2021-08-03 20:34:28 +05:30
cc715bd005
Merge pull request #2196 from daffainfo/patch-108
...
Create CVE-2016-1000155.yaml
2021-08-03 20:33:18 +05:30
a5f74e0484
Update CVE-2016-1000153.yaml
2021-08-03 20:33:02 +05:30
e6ea819b9c
Update CVE-2016-1000155.yaml
2021-08-03 20:31:20 +05:30
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
2e95c0a74f
Revert "Auto Generated Templates Stats [Tue Jul 27 00:25:35 UTC 2021] 🤖 "
...
This reverts commit 44c0757a23
2021-08-03 19:59:39 +05:30
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
c581a94bf4
Merge pull request #2318 from gy741/rule-add-v50
...
Create longjing-technology-bems-api-lfi.yaml
2021-08-03 19:56:57 +05:30
28d568b88c
Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml
2021-08-03 19:55:25 +05:30
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
a4ad3b2d43
Update opensis-detect.yaml
2021-08-03 19:26:06 +05:30
b927288f30
Update CVE-2020-6637.yaml
2021-08-03 19:25:06 +05:30
5fb6332bd9
Create longjing-technology-bems-api-lfi.yaml
...
The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 21:52:14 +09:00
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
Geeknik Labs
Prince Chaddha
pussycat0x
Prince Chaddha
GwanYeong Kim
Sandeep Singh
Muhammad Daffa
Dwi Siswanto