f60a9ed891
Update CVE-2020-13117.yaml
2021-07-23 15:06:51 +05:30
7298a0b35d
Create CVE-2020-13117.yaml
...
Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 11:14:31 +09:00
65bddf3e33
Create CVE-2020-29227.yaml
2021-07-20 20:08:18 +07:00
f7d4a642f1
Create CVE-2020-35580.yaml
2021-07-20 20:02:49 +07:00
ac39bd3284
Merge pull request #2100 from daffainfo/master
...
Renamed CVE-2020-8771.yaml
2021-07-20 11:38:35 +05:30
14beefec28
Update CVE-2020-8771.yaml
2021-07-20 11:35:57 +05:30
19fe96bc45
minor improvements and file name update
2021-07-20 11:33:16 +05:30
d27fb4c3b0
Renamed CVE-2020-8771.yaml
2021-07-20 12:49:16 +07:00
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
414883f719
Update CVE-2020-12054.yaml
2021-07-19 23:55:15 +05:30
7d9dbc4aad
Update CVE-2020-28188.yaml
2021-07-19 16:41:12 +05:30
edabf1e7ca
Create CVE-2020-28188.yaml
...
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-19 15:13:57 +09:00
75c5a8c68e
Update CVE-2020-17362.yaml
2021-07-19 11:35:47 +05:30
c22839b3fd
Update CVE-2020-12054.yaml
2021-07-19 11:35:24 +05:30
965e6fcc00
minor update
2021-07-18 23:24:55 +05:30
fb22fd40c5
Create CVE-2020-27866.yaml
...
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 10:03:38 +09:00
048cdff225
Additional matcher
2021-07-17 02:07:26 +05:30
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
4da4ebf224
Merge pull request #2020 from gy741/rule-add-v25
...
Create CVE-2020-35713.yaml
2021-07-16 17:31:26 +05:30
f4f05394e1
Update CVE-2020-35713.yaml
2021-07-16 17:30:35 +05:30
6aef970258
Update CVE-2020-17362.yaml
...
Added "nova-lite" matcher; massively reduce false positives.
2021-07-16 12:19:30 +01:00
94ae6ea0bf
Added tag
2021-07-15 23:47:05 +05:30
97dfd43f1e
Added tag and removed unsafe
2021-07-15 23:46:08 +05:30
b7d2ac2843
Merge pull request #2023 from daffainfo/patch-61
...
Create CVE-2020-12054.yaml
2021-07-15 17:27:05 +05:30
89112a18d6
Update CVE-2020-12054.yaml
2021-07-15 17:25:22 +05:30
93293c986a
Update CVE-2020-17362.yaml
2021-07-15 17:22:49 +05:30
cb364b16c5
Update CVE-2020-12054.yaml
2021-07-15 18:30:38 +07:00
dc2cf528bd
Create CVE-2020-12054.yaml
2021-07-15 18:27:45 +07:00
6d3e02ddc1
Create CVE-2020-17362.yaml
2021-07-15 18:14:59 +07:00
f8f9f539ea
Create CVE-2020-35713.yaml
...
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 18:10:11 +09:00
a3699d912a
Create CVE-2020-25506.yaml
...
The exploit targets a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:28:14 +09:00
67ae44be04
Create CVE-2020-26919.yaml
...
it was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 10:54:56 +09:00
89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148
2021-07-13 05:01:01 +05:30
a91516cbb5
Misplaced of CVE-2020-24148
2021-07-13 05:24:03 +07:00
7f0f8beff2
Update CVE-2020-29395.yaml
2021-07-11 10:14:56 +05:30
da45bdf0ef
Create CVE-2020-29395.yaml
2021-07-11 07:58:31 +07:00
8938010a7a
Add CVE-2020-6207.yaml
2021-07-05 20:36:55 +03:00
f21b239853
misc changes
2021-07-03 15:23:28 +05:30
52e0c861a1
Merge pull request #1733 from milo2012/master
...
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
e2a0f93f79
misc updates
2021-07-02 18:24:31 +05:30
96fc7bb341
more strict matchers
2021-06-30 03:26:01 +05:30
d1e4b5c510
minor updates
2021-06-25 10:51:00 +05:30
19d80d9d0a
Create CVE-2020-3580.yaml
2021-06-24 15:34:19 +00:00
3844df9fc8
misc changes
2021-06-21 18:09:16 +05:30
592b2e7222
Update CVE-2020-1938.yaml
2021-06-21 14:28:51 +05:30
cb4d12cc8c
Moved to cves/2018
2021-06-21 14:20:20 +05:30
8b43919211
Update CVE-2020-11930.yaml
2021-06-21 14:15:45 +05:30
216b484aec
Update CVE-2020-11930.yaml
2021-06-21 14:15:09 +05:30
ebc202adcb
Create CVE-2020-11930.yaml
2021-06-21 14:11:20 +05:30
55b89115aa
add CVE-2018-2628 - Oracle WebLogic Server Deserialization RCE
2021-06-21 06:24:33 +08:00
c7a11cd1b1
Added CVE-2020-11110
2021-06-20 20:00:19 +05:30
e8e5dd5c83
add CVE-2020-1938.yaml - Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability
2021-06-19 21:59:42 +08:00
55c1984a52
Template Moved to cves
2021-06-19 01:58:02 +05:30
d25869d764
Update CVE-2020-36289.yaml
2021-06-14 11:50:25 -04:00
5c80980915
Added CVE-2020-36289
2021-06-09 21:13:52 +05:30
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
14fa085d1b
more improvements
2021-06-05 12:15:32 +05:30
55c0e1b103
Improved matchers for CVE-2020-6287
2021-06-05 10:29:59 +05:30
c0103e0b8a
Merge pull request #1608 from Mad-robot/master
...
Create CVE-2020-6308.yaml
2021-06-05 00:04:56 +05:30
83d359f6cf
updating tags
2021-06-05 00:02:33 +05:30
11cb8b3106
Update CVE-2020-6308.yaml
2021-06-05 00:00:50 +05:30
0e3ed049ae
misc changes
2021-06-03 23:00:47 +05:30
bdc803fd4b
Added CVE-2020-13927
2021-06-03 14:23:34 +05:30
4a0e83037d
Update CVE-2020-11978.yaml
2021-06-03 13:58:41 +05:30
6652b2ddb6
Added CVE-2020-11978
2021-06-03 13:57:09 +05:30
e3f42066bf
Spelling
2021-06-02 09:39:35 +03:00
f28fdf610b
Create CVE-2020-6308.yaml
2021-06-02 11:39:27 +05:30
01995c82ab
misc changes
2021-05-28 09:26:30 +05:30
830a187e0d
Update CVE-2020-35736.yaml
2021-05-27 15:02:32 +00:00
ddf6bcb7ca
Update CVE-2020-35736.yaml
2021-05-27 14:51:03 +00:00
f981074e3f
Update CVE-2020-35736.yaml
2021-05-27 13:03:59 +00:00
b7d8536a01
Create CVE-2020-35736.yaml
2021-05-27 12:56:22 +00:00
633b9c39ee
Update CVE-2020-19625.yaml
2021-05-26 16:39:57 +05:30
cad836d34e
Added CVE-2020-15227
2021-05-22 17:22:45 +05:30
a320fd7720
Merge pull request #1494 from Techbrunch/magento-stuff
...
Security Checks for Magento - Templates and workflow
2021-05-20 20:04:25 +05:30
74449f98ed
Removing additional requests
2021-05-19 06:50:49 +05:30
0c6a3051e8
Create CVE-2020-36112.yaml
2021-05-18 22:56:54 +00:00
776776621a
Added a few Magento related templates
2021-05-18 15:53:10 +02:00
ce200510a6
changed for testing locally, reverting it back
2021-05-17 21:45:53 +05:30
fa73765221
regex update
2021-05-17 21:42:41 +05:30
ae6b2b42bf
Shorter check
2021-05-16 16:12:59 +03:00
6df4482c23
Make description more managable
2021-05-16 15:46:17 +03:00
f659e820b7
Much better description and references
2021-05-16 15:44:54 +03:00
fdec804118
Template fix
2021-05-15 19:25:57 +05:30
d63b9e1cb8
Adding missing tags
2021-05-13 00:54:59 +05:30
20eae78810
improved matcher
2021-05-12 00:32:16 +05:30
ce680a546c
Improved matcher
2021-05-12 00:25:14 +05:30
682b9fbbc3
Adding status matcher
2021-05-11 02:48:45 +05:30
bfddeccb31
path update
2021-05-11 02:42:34 +05:30
c0f5cf03ab
tags update
2021-05-09 20:41:52 +05:30
5fca66c2a5
Added CVE-2020-9490
2021-05-07 19:24:44 +05:30
a14c1ce233
Added strict matcher
2021-05-05 17:26:14 +05:30
931f8833bf
removing weak matcher
2021-05-05 17:13:51 +05:30
1d2a7b370f
Adding strict matcher
2021-05-05 17:04:46 +05:30
c2c381787f
updating condition
2021-05-05 16:58:40 +05:30
68a9a5f954
Merge pull request #1302 from projectdiscovery/CVE-2020-7247
...
Adding CVE-2020-7247 🔥 🔥
2021-05-05 00:02:23 +05:30
f838747ec1
Merge pull request #1393 from DhiyaneshGeek/master
...
ZyXEL NAS RCE,Oracle iPlanet Improper Authorization,NetScalar AAA Login Panel,ShareCenter Login Page
2021-05-02 17:18:15 +05:30
534fcc8964
Update CVE-2020-9315.yaml
2021-05-02 17:14:03 +05:30
837ca10f23
minor updates
2021-05-02 17:07:30 +05:30
e76d10a3c7
Make reference visible
2021-05-02 08:51:18 +03:00
3ec1a82d82
Create CVE-2020-9315.yaml
2021-05-01 16:38:36 +05:30
3012822716
Create CVE-2020-9054.yaml
2021-05-01 16:15:03 +05:30
bfc959a5a6
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-04-30 20:11:38 +03:00
dad40cadfc
Temporarily moving to branch
2021-04-30 21:45:18 +05:30
1f2b2d05c1
False positive in the matcher, the content of the file has: "= 5.3.1 =" in it, not just a number on its own in addition, it has "1. ... something" in it causing FP
2021-04-27 16:09:27 +03:00
8b7fbeb786
Added hostname
2021-04-25 13:02:41 +05:30
5af8fe5e34
Moving into draft for better matching
2021-04-23 12:45:49 +05:30
0e2a270a11
minor update
2021-04-21 22:08:46 +05:30
5b598fb291
Add files via upload
2021-04-21 21:05:47 +05:30
3a8edbffe6
I think the 'words' were placed in the wrong place
2021-04-19 09:32:33 +03:00
af3905d2db
Update CVE-2020-7247.yaml
2021-04-18 20:18:32 +05:30
dad0d1b3a4
Adding CVE-2020-7247
2021-04-18 20:15:41 +05:30
8652ce2262
minor update
2021-04-17 21:24:29 +05:30
d4e78af66b
Update CVE-2020-19625.yaml
2021-04-15 23:37:47 +05:30
3ebf76685a
Create CVE-2020-19625.yaml
2021-04-15 13:16:11 +00:00
3eea755de1
Adding status matcher
2021-04-14 01:37:04 +05:30
eed5fb11da
Add CVE-2020-35846
2021-04-14 02:45:06 +07:00
8ab8a1d53e
Add CVE-2020-35848
2021-04-14 02:30:08 +07:00
65a7eae942
Add CVE-2020-35847
2021-04-14 02:19:41 +07:00
b05c8f402b
Added CVE-2020-15500
2021-04-11 16:12:21 +05:30
2d3051aea1
Merge pull request #1207 from nrathaus/master
...
Fixed some template issues
2021-04-07 14:27:19 +05:30
7b44702946
Remove duplicated CVE-2020-26073 template
2021-04-06 15:40:01 +02:00
b6b0b3dfda
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-04-06 13:19:07 +03:00
8fdfc64e54
misc tag updates
2021-04-06 12:16:11 +05:30
1790babdd4
Better reference
2021-04-04 12:49:07 +03:00
3f8303a1de
Update CVE-2020-24550.yaml
2021-04-02 14:31:43 +05:30
7111fb4bbe
Create CVE-2020-24550.yaml
2021-04-02 14:11:43 +05:30
15aba2ca14
improved matcher
2021-04-01 14:31:34 +05:30
5df627a909
Update CVE-2020-25078.yaml
2021-04-01 12:53:55 +05:30
052c61ba31
Update CVE-2020-25078.yaml
2021-04-01 03:49:46 +00:00
3735db2221
Create CVE-2020-25078.yaml
2021-04-01 03:35:06 +00:00
c6bb3b0151
Merge pull request #1164 from geeknik/patch-34
...
Create CVE-2020-23517.yaml
2021-03-31 15:39:35 +05:30
fd763a3d69
Update CVE-2020-15148.yaml
2021-03-31 15:35:43 +05:30
4d1addb6f1
Create CVE-2020-15148.yaml
2021-03-29 20:47:04 +00:00
4363fcded1
Update CVE-2020-23517.yaml
2021-03-29 19:37:59 +00:00
8ec0053387
Create CVE-2020-23517.yaml
2021-03-29 15:52:28 +00:00
4f7faf94ff
Create CVE-2020-28208.yaml
2021-03-29 17:09:45 +05:30
351167e91f
removing redundant boolean check
2021-03-25 00:28:50 +01:00
4bbbd79b70
Merge pull request #1124 from alanbriangh/master
...
Add CVE-2020-35489 Detection
2021-03-25 01:29:36 +05:30
904c9666d1
matcher and workflow update
2021-03-25 01:28:03 +05:30
5d8bf70470
Merge pull request #1137 from nrathaus/master
...
Description and References on some templates were missing
2021-03-24 23:02:15 +05:30
423be58952
Update CVE-2020-17453.yaml
2021-03-24 22:42:56 +05:30
92cda223eb
Create CVE-2020-17453.yaml
2021-03-24 21:05:32 +05:30
be600fd099
References
2021-03-24 09:01:00 +02:00
f56f240951
Descriptions and references
2021-03-24 09:00:21 +02:00
314a487512
Description
2021-03-24 08:56:49 +02:00
4d7b0396ae
Description
2021-03-24 08:54:09 +02:00
6e7314ac41
Better description
2021-03-24 08:51:54 +02:00
532c5373a1
Missing description
2021-03-24 08:50:41 +02:00
904f156121
Missing description
2021-03-24 08:50:31 +02:00
Prince Chaddha
GwanYeong Kim
Muhammad Daffa
Sandeep Singh
Prince Chaddha
Regala
Dwi Siswanto
Ivanov Vladimir
sandeep
PikPikcU
Dhiyaneshwaran
Keith
Philippe Delteil
Noam Rathaus
SaN ThosH
Geeknik Labs
Techbrunch
jeyaseelan8
Julian Vilas
Mzack9999