daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,194 Commits
12 Branches
0 Tags
148 MiB
Commit Graph

205 Commits (56af312e250265fb02590ea718cab1d4a2f5ca46)

Author SHA1 Message Date
John Jackson 56af312e25
Added an additional check 
Hello, when you get the change, please check the changes. I removed some of the methods and cleaned it up + made a matcher for /etc/passwd. Thanks!
 2021-09-02 22:48:24 -06:00
sandeep 59199ad35e Update CVE-2021-28918.yaml 
Removed version as multiple reference includes multiple versions.
 2021-07-06 12:45:50 +05:30
sandeep 7fb23a24b9 minor update 2021-07-06 12:41:16 +05:30
John Jackson ede7ca07d0
Fixing Trailing Spaces 
As stated.
 2021-07-06 01:05:03 -06:00
John Jackson 5d74f7e2e4
Update CVE-2021-28918.yaml 
Fixing trailing spaces.
 2021-07-06 01:03:18 -06:00
John Jackson 7dd0795296
Create Netmask SSRF Template 
The basic test to fuzz for the netmask SSRF vulnerability would be to use an Octal payload that resolves to the localhost. I limited it to 4 basic testing payloads as to not slow down the speed of a full-length CVE directories test.
 2021-07-06 00:50:43 -06:00
Prince Chaddha 56ccb9f3a4
Merge pull request #1822 from Akokonunes/patch-13 
Create CVE-2021-24210.yaml
 2021-07-01 00:00:03 +05:30
Prince Chaddha f44c3e597f
Update and rename CVE-2021-24210.yaml to cves/2021/CVE-2021-24210.yaml 2021-06-30 23:45:27 +05:30
Prince Chaddha 87a1d1acce
Merge pull request #1823 from Akokonunes/patch-14 
Create CVE-2021-24406.yaml
 2021-06-30 23:44:03 +05:30
Prince Chaddha 6a6607c282
Update and rename CVE-2021-24406.yaml to cves/2021/CVE-2021-24406.yaml 2021-06-30 23:43:06 +05:30
Sandeep Singh dbcdbe907e
Merge pull request #1797 from Mad-robot/patch-2 
Create CVE-2021-29203.yaml
 2021-06-30 21:27:35 +05:30
sandeep 2d63ddfa20 minor update 2021-06-30 21:27:06 +05:30
Sandeep Singh 3602eebf6c
Merge pull request #1780 from wwilson83H3/master 
The default request never flagged druid in my env. Replaced with MSF …
 2021-06-30 20:32:14 +05:30
Sandeep Singh d1f47657a9
Update CVE-2021-25646.yaml 2021-06-30 20:31:15 +05:30
Sandeep Singh cfcb739fbc
more changes 2021-06-30 20:28:41 +05:30
sandeep 498586e854 Added additional matcher and full exploit chain details 2021-06-30 03:01:13 +05:30
SaN ThosH 8b0b2a169d
Update CVE-2021-35464.yaml 2021-06-29 18:02:33 +05:30
SaN ThosH 2d4c8cb434
Create CVE-2021-35464.yaml 2021-06-29 17:26:37 +05:30
Prince Chaddha 8ae56492d8
Update CVE-2021-29203.yaml 2021-06-29 10:13:41 +05:30
Sandeep Singh 40782db039
Merge pull request #1771 from gy741/rule-add-v7 
Create CVE-2021-3223.yaml
 2021-06-28 21:43:59 +05:30
sandeep b97811a143 Update CVE-2021-3223.yaml 2021-06-28 21:43:04 +05:30
SaN ThosH cb5c53aef3
Create CVE-2021-29203.yaml 2021-06-26 13:40:30 +05:30
Prince Chaddha bae4998f81
Merge pull request #1766 from gy741/rule-add-v6 
Create CVE-2021-21234.yaml
 2021-06-25 16:50:36 +05:30
Prince Chaddha 2d40d90715
Update CVE-2021-21234.yaml 2021-06-25 12:53:22 +05:30
sandeep 426abedcfa severity updates as per CVE database 2021-06-25 00:05:59 +05:30
Sandeep Singh e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187 
Create CVE-2021-28169.yaml
 2021-06-25 00:02:51 +05:30
sandeep a736120dc0 minor updates 2021-06-25 00:02:05 +05:30
Sandeep Singh e84c784fa2
Merge pull request #1689 from nrathaus/master 
CVE-2021-28164 and some fixes
 2021-06-24 23:58:29 +05:30
sandeep a9a161f8c6 Update CVE-2021-28164.yaml 2021-06-24 23:56:33 +05:30
sandeep 809668943f minor changes 2021-06-24 23:54:29 +05:30
wyatt 16e5ad7fad The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now 2021-06-24 13:37:45 -04:00
PikPikcU b97d012636
Create CVE-2021-28169.yaml 2021-06-24 16:00:02 +00:00
GwanYeong Kim e7bb4bff23 Create CVE-2021-3223.yaml 
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-06-24 21:07:17 +09:00
GwanYeong Kim cc0dd04ac2 Create CVE-2021-21234.yaml 
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-06-24 14:36:45 +09:00
sandeep 416bafe2fa misc changes 2021-06-24 02:24:58 +05:30
lulz 04a7fda94a
Update CVE-2021-21389.yaml 2021-06-22 19:12:35 +07:00
lulz 014ca91e15
hmm just simple check... 
sorry i just know little bit english...
 2021-06-22 19:07:00 +07:00
Sandeep Singh dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml 2021-06-22 04:05:42 +05:30
lulz 0d5a57bc23
Create CVE-2021-21389 2021-06-21 12:33:14 +07:00
Noam Rathaus bb6fa66dd9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-20 13:56:54 +03:00
Sandeep Singh 9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API 
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
 2021-06-18 15:08:33 +05:30
sandeep b301c830a3 final improvements 2021-06-18 15:02:17 +05:30
sandeep 27d67855e8 misc changes 2021-06-18 14:42:13 +05:30
Sandeep Singh 4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854 
Added CVE-2021-28854
 2021-06-18 12:52:42 +05:30
Prince Chaddha bfa70bacf5
Update CVE-2021-21975.yaml 2021-06-17 22:55:10 +05:30
Noam Rathaus 01b77a7ed2 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-17 16:54:18 +03:00
Dwi Siswanto 8a1d7bd7d2 Hotfix FP of CVE-2021-24146 2021-06-17 08:16:54 +07:00
Sandeep Singh bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4 
Create CVE-2021-24237.yaml
 2021-06-16 01:56:39 +05:30
sandeep 5cff973564 Added tags 2021-06-16 01:02:21 +05:30
sandeep c36419c94c Added CVE-2021-28854 2021-06-16 01:01:01 +05:30