cb73dc4630
Update exposures/files/putty-private-key-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:46:32 +05:30
e96b8ca338
Update exposures/files/php-user-ini-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:46:26 +05:30
c4a1a12fe8
Update exposures/files/php-user-ini-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:46:06 +05:30
80b1205379
Update exposures/configs/kubernetes-kustomization-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:45:58 +05:30
a96c9c74c6
Update exposures/configs/kubernetes-kustomization-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:45:52 +05:30
4051f03440
Update exposures/configs/kubernetes-kustomization-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:45:44 +05:30
1646db1156
Update exposures/configs/hp-ilo-serial-key-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:45:37 +05:30
dd025100e7
Update exposures/configs/github-workflows-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:45:30 +05:30
ea45cdd369
Update exposures/configs/git-credentials-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:44:54 +05:30
9271fa9492
Update exposures/configs/dockerfile-hidden-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:44:47 +05:30
39f23522e4
Update exposures/configs/dockerfile-hidden-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:44:38 +05:30
838002d77a
Update exposures/configs/appsec-yml-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:44:23 +05:30
70fd663219
Update CVE-2014-6271.yaml
2021-07-23 08:40:33 +05:30
27fdbb0c48
Update adobe-component-login.yaml
...
Many instances have the main path written in lowercase.
Test:
https://www.cogicarc.com
http://gilbertorodrigues.adv.br/cfide/componentutils/login.cfm
https://www.doarelprofessional.com.br
http://www.motioninfo.net
http://jeronesadvocacia.adv.br
2021-07-22 22:36:02 -04:00
7298a0b35d
Create CVE-2020-13117.yaml
...
Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 11:14:31 +09:00
2c77510faa
Create visual-tools-dvr-rce.yaml
...
vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 08:47:29 +09:00
abacdafb4f
Update coldfusion-debug-xss.yaml
...
The term adobe is more general than coldfusion. Since Coldfusion is a product of Adobe.
2021-07-22 19:44:57 -04:00
62ad2f3089
Create CVE-2013-5528.yaml
2021-07-23 06:12:07 +07:00
19f81758d2
Create CVE-2011-3315.yaml
2021-07-23 06:11:05 +07:00
d3ff29daaa
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:13 +05:30
6987e1ffee
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:05 +05:30
eac08288e8
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:33 +05:30
05846a34c7
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:13 +05:30
5b0b7a6781
Update exposures/logs/roundcube-log-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-22 23:10:43 +05:30
a81e3b53cb
Add files via upload
2021-07-22 19:42:25 +05:30
115af3000d
Create mantis-detect.yaml
2021-07-22 15:48:17 +02:00
e9a84ec60c
Merge pull request #2123 from projectdiscovery/CVE-2009-1872
...
Create CVE-2009-1872.yaml
2021-07-22 19:17:07 +05:30
a1d08d8344
Merge pull request #2127 from projectdiscovery/princechaddha-patch-2
...
Update adminer-panel-fuzz.yaml
2021-07-22 19:16:48 +05:30
81a7fe0455
Merge pull request #2134 from pikpikcu/patch-206
...
Create chevereto-detect
2021-07-22 19:10:13 +05:30
920f96d065
Merge pull request #2141 from daffainfo/patch-99
...
Create CVE-2018-20985.yaml
2021-07-22 19:02:30 +05:30
4db131a5d3
Update CVE-2018-20985.yaml
2021-07-22 19:01:00 +05:30
3138e10d7a
Merge pull request #2138 from daffainfo/patch-98
...
Create CVE-2016-1000152.yaml
2021-07-22 18:51:34 +05:30
b32a49680c
Merge pull request #2137 from daffainfo/patch-97
...
Create CVE-2016-1000154.yaml
2021-07-22 18:43:32 +05:30
69db0862ee
Create kevinlab-bems-backdoor.yaml
...
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 22:13:00 +09:00
7076f374d1
Merge pull request #2135 from pikpikcu/patch-207
...
Create sceditor-detect
2021-07-22 18:42:19 +05:30
ae827beade
Update CVE-2016-1000154.yaml
2021-07-22 18:42:11 +05:30
2b1818b1c4
Update sceditor-detect.yaml
2021-07-22 18:40:28 +05:30
67ee149784
Merge pull request #2133 from pikpikcu/patch-205
...
Create dotclear-detect.yaml
2021-07-22 18:36:40 +05:30
4e0f08bfc8
Update dotclear-detect.yaml
2021-07-22 18:32:54 +05:30
a4ec6a2b11
Create kevinlab-bems-sqli.yaml
...
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 21:46:18 +09:00
07ee00e38d
Update CVE-2016-1000152.yaml
2021-07-22 19:34:36 +07:00
a0581944aa
Update CVE-2018-20985.yaml
2021-07-22 19:32:43 +07:00
1754aecb5e
Update wamp-server-configuration.yaml
2021-07-22 17:54:19 +05:30
5455222476
Merge pull request #2140 from pussycat0x/master
...
New templates added
2021-07-22 17:53:25 +05:30
4c83f2341b
Update CVE-2016-1000152.yaml
2021-07-22 17:53:22 +05:30
4e3c869c79
Update sensitive-storage-data-exposure.yaml
2021-07-22 17:50:16 +05:30
c17763ac20
Update and rename wp-plugineasy-media-gallery-pro-listing.yaml to easy-media-gallery-pro-listing.yaml
2021-07-22 17:45:43 +05:30
1005b0b23b
Create kevinlab-device-detect.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 20:47:23 +09:00
89edd83f1d
Update favicon-detection.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 20:46:53 +09:00
7d72783090
WIP improvements
2021-07-22 16:32:37 +05:30
Dhiyaneshwaran
Naveen J
Philippe Delteil
GwanYeong Kim
Muhammad Daffa
pussycat0x
Nicolas Mattiocco
Prince Chaddha
Prince Chaddha
sandeep