daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,761 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

11761 Commits (5ea92bcb0f023ab12c04020125d2a3d6560a3fe5)

Author SHA1 Message Date
Muhammad Daffa 5ea92bcb0f
Update tags woocommerce (#3531) 2022-01-13 10:49:26 +05:30
Muhammad Daffa 64cf0fa4ba
Rename maian cart rce (#3532) 
* Update and rename vulnerabilities/other/maian-cart-preauth-rce.yaml to cves/2021/CVE-2021-32172.yaml

* Update CVE-2021-32172.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-01-13 10:48:51 +05:30
Muhammad Daffa 0e39fd0103
Add some workflow templates (#3521) 
* Add 27 workflow templates

* fixed Artifactory workflow

* Fixed Jetty workflow

* Fixed Moodle workflow

* Fixed Zabbix workflow

* Fixed DedeCMS workflow

* Fixed OFBiz workflow

* Fixed rConfig workflow

* Tag update for R-SeeNet workflow

* Add 3 token-spray templates

* format fixes

* Add workflow templates

* More workflows templates

* multiple workflow fixes

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-01-12 18:19:54 +05:30
sandeep 5c471a6168 removing duplicate template 2022-01-12 17:28:47 +05:30
Prince Chaddha 369cdfdf81
Merge pull request #3523 from daffainfo/patch-3 
Update tags circontrol
 2022-01-12 14:45:36 +05:30
Muhammad Daffa 6b70a53ba6
Update tags circontrol 2022-01-12 14:53:00 +07:00
Prince Chaddha 4af56f0b06
Merge pull request #3512 from gy741/rule-add-v84 
Create CVE-2014-3206.yaml
 2022-01-11 14:59:23 +05:30
Prince Chaddha e089bd841a
Update CVE-2014-3206.yaml 2022-01-11 14:57:24 +05:30
Prince Chaddha a53ae7b694
Merge pull request #3518 from gy741/rule-add-v85 
Create CVE-2021-20167.yaml
 2022-01-11 14:54:05 +05:30
Prince Chaddha aa8fd16018
Merge pull request #3515 from Akokonunes/patch-104 
Create CVE-2020-11529.yaml
 2022-01-11 14:37:32 +05:30
Prince Chaddha 7f26b9e895
Update and rename CVE-2020-11529.yaml to cves/2020/CVE-2020-11529.yaml 2022-01-11 14:35:53 +05:30
GitHub Action c40624e7d9 Auto Generated CVE annotations [Tue Jan 11 08:57:41 UTC 2022] 🤖 2022-01-11 08:57:41 +00:00
Prince Chaddha 5657bdb557
Merge pull request #3516 from pikpikcu/patch-315 
Create CVE-2021–20837
 2022-01-11 14:24:26 +05:30
Prince Chaddha 70677b3b5a
Update CVE-2021–20837.yaml 2022-01-11 14:12:04 +05:30
Prince Chaddha 9afd4bcfd8
Update CVE-2021-20167.yaml 2022-01-11 13:57:07 +05:30
Prince Chaddha e5407e9263
Merge pull request #3519 from gy741/rule-add-v86 
Create CVE-2020-7136.yaml
 2022-01-11 13:45:22 +05:30
Prince Chaddha 6ea0a7f492
Update CVE-2020-7136.yaml 2022-01-11 13:43:30 +05:30
GwanYeong Kim 351dc3e460 Create CVE-2020-7136.yaml 
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-11 15:39:41 +09:00
GwanYeong Kim d772fd884b Create CVE-2021-20167.yaml 
This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167. Netgear RAX43 version 1.0.3.96 contains a command injection and authbypass vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. and The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-11 15:00:56 +09:00
PikPikcU 83e431802e
Create CVE-2021–20837.yaml 2022-01-10 21:44:31 -05:00
Roberto Nunes 3d24bd0f27
Create CVE-2020-11529.yaml 2022-01-11 09:00:49 +09:00
GitHub Action 42432335f0 Auto README Update [Mon Jan 10 16:59:23 UTC 2022] 🤖 2022-01-10 16:59:23 +00:00
Sandeep Singh 9e4d5f0d23
lint fixes 2022-01-10 21:20:16 +05:30
GwanYeong Kim 9435362025 Create CVE-2014-3206.yaml 
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-10 21:44:45 +09:00
Prince Chaddha d9c02e215a
Merge pull request #3511 from projectdiscovery/princechaddha-patch-2 
Create gocron-panel.yaml
 2022-01-10 12:19:07 +05:30
Prince Chaddha 7eae1cd081
Update gocron-panel.yaml 2022-01-10 12:17:09 +05:30
Prince Chaddha d6797e37bf
Merge pull request #3507 from gy741/rule-add-v82 
Create epson-projector-detect.yaml
 2022-01-10 12:14:03 +05:30
Prince Chaddha a2d39ddcad
Create gocron-panel.yaml 2022-01-10 12:13:36 +05:30
Prince Chaddha c47cbc71af
Merge pull request #3508 from gy741/rule-add-v83 
Create xerox-efi-lfi.yaml
 2022-01-10 12:11:06 +05:30
Prince Chaddha 9370dc17c3
Update epson-projector-detect.yaml 2022-01-10 12:10:57 +05:30
Prince Chaddha 33d009da24
Update xerox-efi-lfi.yaml 2022-01-10 12:07:06 +05:30
GwanYeong Kim 9befbf0654 Create xerox-efi-lfi.yaml 
Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-09 15:39:39 +09:00
GwanYeong Kim 5e6bdee4c6 Create epson-projector-detect.yaml 
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-09 13:06:39 +09:00
Muhammad Daffa f900b002b9
Update default-openresty.yaml (#3506) 2022-01-08 20:24:26 +05:30
Muhammad Daffa 068d576d22
Update CVE-2020-8641.yaml (#3505) 2022-01-08 20:23:53 +05:30
Dominique RIGHETTO 91ea210cb6
Add H2 console template (#3504) 
* Auto Generated CVE annotations [Sat Jan  8 10:22:47 UTC 2022] 🤖

* Add tpl

Co-authored-by: GitHub Action <action@github.com>
 2022-01-08 20:06:08 +05:30
Dominique RIGHETTO bec3a8713d
Add detection for Manage Engine Key Manager Plus (#3503) 
* Add KPM tpl

* Added optional favicon based detection

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-08 17:48:57 +05:30
Roberto Nunes 484d77de7c
Create CVE-2021-39501.yaml (#3501) 
* Create CVE-2021-39501.yaml

* moving template to cves directory

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-08 17:00:19 +05:30
Roberto Nunes 691688fb66
Create CVE-2020-23015.yaml (#3502) 
* Create CVE-2020-23015.yaml

* moving template to cves directory

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-08 16:52:50 +05:30
GitHub Action 451313a0af Auto Generated CVE annotations [Sat Jan 8 10:57:43 UTC 2022] 🤖 2022-01-08 10:57:43 +00:00
sandeep 5a3fdf5253 ruijie workflow fix 2022-01-08 16:25:47 +05:30
Sandeep Singh 8288961342
Added Metersphere Detection (#3499) 2022-01-08 00:48:35 +05:30
Sandeep Singh 5c8ccbd1e5
Added CGI script environment variable (#3498) 2022-01-07 14:02:29 +05:30
Sandeep Singh 491d46335f
Added more DNS Figerprinting templates (#3492) 
* Added more DNS Figerprinting templates

* lint fixes
 2022-01-07 13:32:20 +05:30
JAS-37 0c7d13d152
add CVE-2021-31862 template (#3491) 
* add CVE-2021-31862 template

* updated matchers

* Added SysAid panel + workflow

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-07 13:28:38 +05:30
Sandeep Singh 844c3b4a02
Network template updates & fixes (#3497) 
* Fixed template syntax

* network template update and fixes
 2022-01-07 12:58:37 +05:30
sandeep 43f1a6fc4f removing temporarily 2022-01-06 22:20:44 +05:30
Sandeep Singh 365e9003b1
Template ID's update (#3490) 2022-01-06 17:21:21 +05:30
GitHub Action f00bbde0a1 Auto README Update [Thu Jan 6 11:11:04 UTC 2022] 🤖 2022-01-06 11:11:04 +00:00
GitHub Action b92988f345 Auto Generated Templates Stats [Thu Jan 6 11:10:38 UTC 2022] 🤖 2022-01-06 11:10:38 +00:00