a511dac237
Merge pull request #3354 from DhiyaneshGeek/master
...
Create wordpress-ssrf-oembed.yaml
2021-12-21 18:48:42 +05:30
6e6349205d
Update and rename pacsone-server-6-6-2-lfi.yaml to vulnerabilities/other/pacsone-server-lfi.yaml
2021-12-21 17:32:19 +05:30
7a5cdc2bc3
Added ServiceNow Helpdesk Credential Exposure ( #3371 )
...
* Added ServiceNow Helpdesk Credential Exposure
Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com>
* matcher update
Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com>
2021-12-19 23:42:01 +05:30
4af3a04b3c
Apache OFBiz Log4j JNDI RCE ( #3374 )
...
* Added Apache OFBiz Log4j JNDI RCE
* fixed matcher to match hostname in both cases
2021-12-18 15:46:49 +05:30
dcf3f57bdf
Merge pull request #3373 from projectdiscovery/princechaddha-patch-2
...
Create global-domains-xss.yaml
2021-12-18 15:02:06 +05:30
71027cbc79
Merge pull request #3357 from Akokonunes/patch-90
...
Create global-domains-lfi.yaml
2021-12-18 14:52:35 +05:30
3b067a1aca
Create global-domains-xss.yaml
2021-12-18 14:51:08 +05:30
0f40857119
Update and rename global-domains-lfi.yaml to vulnerabilities/other/global-domains-lfi.yaml
2021-12-18 14:43:28 +05:30
9a4941d995
Merge pull request #3356 from Akokonunes/patch-89
...
Create groupoffice-lfi.yaml
2021-12-18 14:33:42 +05:30
7b39972bfd
Merge pull request #3367 from gy741/rule-add-v80
...
Create oliver-library-server-lfi.yaml
2021-12-18 14:33:23 +05:30
d911551318
Merge pull request #3358 from Akokonunes/patch-91
...
Create asanhamayesh-cms-lfi.yaml
2021-12-18 14:32:12 +05:30
c6521085b7
Update groupoffice-lfi.yaml
2021-12-18 14:32:09 +05:30
4747277a4e
Update and rename asanhamayesh-cms-lfi.yaml to vulnerabilities/other/asanhamayesh-lfi.yaml
2021-12-18 14:28:39 +05:30
35faabd29f
Update and rename groupoffice-lfi.yaml to vulnerabilities/other/groupoffice-lfi.yaml
2021-12-18 14:26:46 +05:30
8afbfdc8dc
Update and rename oliver-library-server-lfi.yaml to oliver-library-lfi.yaml
2021-12-18 14:23:57 +05:30
4fdb934da0
Create oliver-library-server-lfi.yaml
...
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-18 10:55:28 +09:00
09324d1be7
Added MobileIron log4j template ( #3355 )
...
* Added MobileIron log4j
* misc updates
Co-authored-by: meme-lord <17912559+meme-lord@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-16 22:37:32 +05:30
fdeb2b8500
Merge branch 'master' of https://github.com/DhiyaneshGeek/nuclei-templates into pr/3354
2021-12-16 14:32:14 +05:30
7670d1d6b8
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:28:12 +05:30
1cfc899a27
update: lint fix
2021-12-16 14:25:00 +05:30
77441c0d81
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:24:56 +05:30
0047b611cf
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:21:53 +05:30
499fe055bf
Create wordpress-ssrf-oembed.yaml
2021-12-16 13:48:34 +05:30
39a71c641a
update: added more reference
2021-12-15 21:20:18 +05:30
11fe2fdfee
Added apache-solr-log4j RCE ( #3336 )
...
* update: added apache-solr-log4j-rce
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
2021-12-15 21:15:43 +05:30
d9ed21458f
Added VMware VCenter Log4j JNDI RCE ( #3340 )
...
* Added VMware VCenter Log4j JNDI RCE
Co-Authored-By: FQ Hsu <fanqxu@gmail.com>
* update: removed static UA
Co-Authored-By: FQ Hsu <fanqxu@gmail.com>
Co-authored-by: FQ Hsu <fanqxu@gmail.com>
2021-12-14 21:27:30 +05:30
c9ddd7a0ae
update: id + reference update
2021-12-14 21:07:46 +05:30
dddb0bbb82
Added CVE-2021-24997 ( #3298 )
...
* Added CVE-39226
* Added CVE-39226
* Delete CVE-39226.yaml
* Renamed CVE-39226 to CVE-2021-39226
Fixed naming error
* Added Wp-Guppy-Information-Disclosure template
* Removed File
Found better descriptor
* Added CVE-2021-24997
Added WordPress Guppy Information Disclosure CVE
* Fixed CVE-2021-24997
Fixed YAML formatting
* Fixed Typo
URL Path had an extra double quote
* Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] 🤖
* Deleted Blank Space
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Added CVE-2021-43496
* Update CVE-2021-43496.yaml
* fix: syntax update
* Added New Vuln
* Update CVE-2021-24997.yaml
* Update CVE-2021-43496.yaml
* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml
* fix: lints update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
8cac8b5a36
Update open-redirect.yaml ( #3333 )
2021-12-13 20:42:06 +05:30
b76dbf91c6
Add Another Redirect Payload and Extend the Regex to Recognize it ( #3299 )
...
* Fix Open Redirect Header Regex
The regex was missing the correct escaping for special char `/`
* Add New General Open Redirect
There's another option for open redirects. I tested it in FF and Chrome.
* Update Location Redirect Regex
* update: mix changes
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-13 20:38:21 +05:30
79a95a56d7
Update and rename pieregister-plugin-open-redirect.yaml to vulnerabilities/wordpress/pieregister-open-redirect.yaml
2021-12-12 16:59:16 +05:30
6a4bbdf93a
Update Grafana Arbitrary File Read ( #3321 )
...
* Add Grafana plugins wordlist
* Using payloads instead
* fix: updated variable name
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-11 11:07:55 +05:30
0e94557017
Merge pull request #3248 from pikpikcu/patch-307
...
added thruk-xss
2021-12-09 22:01:56 +05:30
f476c5ff5b
Update thruk-xss.yaml
2021-12-09 21:58:15 +05:30
d35a55f7b4
Update and rename watchguard-fireware-ad-helper-component-credentials-disclosure.yaml to watchguard-credentials-disclosure.yaml
2021-12-09 21:05:13 +05:30
bde4e1815a
Create watchguard-fireware-ad-helper-component-credentials-disclosure.yaml
...
a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-09 16:02:48 +09:00
2521cb62bf
Added CVE-2021-43798 ( #3296 )
...
* Added CVE-2021-43798
* updated with default plugin list
* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
d79b085051
add grafana file read ( #3286 )
...
* add grafana file read
* update: more reference
Co-authored-by: dev <z0ne>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-07 15:42:59 +05:30
fdcccb5938
Update and rename netsweeper-reflected-xss.yaml to netsweeper-rxss.yaml
2021-12-07 13:56:30 +05:30
ba8bad94c4
Update netsweeper-open-redirect.yaml
2021-12-07 13:43:29 +05:30
b90d0b7e3e
Add 10 templates and edit 1 workflows
2021-12-06 23:38:54 +07:00
9da0d768a1
fix: syntax + lint
2021-12-03 10:37:42 +05:30
83f6b2a153
Update thruk-xss.yaml
2021-12-02 19:07:50 +07:00
435eeca764
Create thruk-xss.yaml
2021-12-02 19:02:40 +07:00
1dabef2e6f
Revert "CVE update - CVE-2021-22049"
...
This reverts commit 70128c2587
2021-12-02 01:34:29 +05:30
70128c2587
CVE update - CVE-2021-22049
2021-12-02 01:31:41 +05:30
7ea7da8d4b
Added VMware vCenter SSRF/LFI/XSS ( #3240 )
2021-12-02 00:53:47 +05:30
71143da193
Added missing tags
2021-11-28 04:13:45 +05:30
e7e8c33d64
fixed matcher + added additional matcher
2021-11-27 10:20:04 +05:30
5080276f31
Update flow-flow-social-stream-xss.yaml
2021-11-26 09:48:04 +02:00
Prince Chaddha
Sandeep Singh
GwanYeong Kim
meme-lord
Dhiyaneshwaran
Evan Rubinstein
pudsec
S Bani
Dwi Siswanto
Prince Chaddha
z0ne
daffainfo
PikPikcU
alph4byt3