Commit Graph

2929 Commits (62529fc4f52ee584dcdabbb0b8427c601507c71d)

Author SHA1 Message Date
Dhiyaneshwaran aa9ed33036
Merge pull request #8322 from Osb0rn3/main
Resolve some issues to capture missed items
2023-10-08 12:43:04 +05:30
Dhiyaneshwaran cfa512cee9
Merge pull request #8333 from projectdiscovery/princechaddha-patch-3
Update symfony-fosjrouting-bundle.yaml
2023-10-08 12:38:58 +05:30
Dhiyaneshwaran fb033a936f
fix lint 2023-10-08 12:36:46 +05:30
Prince Chaddha 71a001061a
Update config-json.yaml 2023-10-08 12:32:32 +05:30
Prince Chaddha c1d49b6764
Update symfony-fosjrouting-bundle.yaml 2023-10-08 12:21:08 +05:30
Prince Chaddha b9e2549d37
Create xploitspy-default-login.yaml 2023-10-08 12:15:52 +05:30
GitHub Action 01d09e5410 TemplateMan Update [Sun Oct 8 06:29:19 UTC 2023] 🤖 2023-10-08 06:29:19 +00:00
HuTa0 aea032a150
Fix: CVE-2022-4321 (#8330)
* Fix: CVE-2022-4321

* added metadata

---------

Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 11:56:49 +05:30
GitHub Action 6b3707c572 Auto WordPress Plugins Update [Sun Oct 8 04:02:12 UTC 2023] 🤖 2023-10-08 04:02:12 +00:00
J4vaovo 9de5684be8
Update shiro-deserialization-detection.yaml 2023-10-08 07:46:50 +08:00
J4vaovo 425565567a
Update shiro-deserialization-detection.yaml 2023-10-08 07:31:39 +08:00
GitHub Action 9b929ca85c TemplateMan Update [Sat Oct 7 19:48:19 UTC 2023] 🤖 2023-10-07 19:48:19 +00:00
CravateRouge f4ab265878
Create devexpress-detect.yaml (#8217)
* Create devexpress-detect.yaml

* misc update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-08 01:16:02 +05:30
Ritik Chaddha 22be557e9c
Update sidekiq-dashboard.yaml 2023-10-08 01:11:40 +05:30
GitHub Action 154e39a54e TemplateMan Update [Sat Oct 7 18:40:37 UTC 2023] 🤖 2023-10-07 18:40:38 +00:00
GitHub Action df7331dc86 Auto WordPress Plugins Update [Fri Oct 6 04:02:10 UTC 2023] 🤖 2023-10-06 04:02:10 +00:00
pussycat0x e48b398bf3
Merge pull request #8315 from ctflearner/CVE-2023-38501
Create CVE-2023-38501.YAML
2023-10-05 23:38:26 +05:30
Paul Werther 06082e2559
fix some linting stuff 2023-10-05 19:53:02 +02:00
Paul Werther ed24e0724a
optimize regex 2023-10-05 19:33:31 +02:00
AmirMohammad Safari f376850c99
Merge branch 'main' into main 2023-10-05 20:25:15 +03:00
AmirMohammad Safari abfcb267c4
Resolve some issues to capture missed items 2023-10-05 20:04:07 +03:00
Paul Werther 4ac30ead08
implement wordpress-yoast-seo-user-enumeration 2023-10-05 18:44:32 +02:00
Ritik Chaddha b479f9abb6
Update and rename CVE-2023-38501.YAML to CVE-2023-38501.yaml 2023-10-05 20:38:15 +05:30
Dhiyaneshwaran 22a07ca583
Create sangfor-ngaf-lfi.yaml 2023-10-05 17:41:00 +05:30
Dhiyaneshwaran aec030bdaa
Merge pull request #8308 from luisfelipe146/main
Create CVE-2023-2224.yaml
2023-10-05 17:29:16 +05:30
GitHub Action 00e5276685 TemplateMan Update [Thu Oct 5 11:56:54 UTC 2023] 🤖 2023-10-05 11:56:55 +00:00
Dhiyaneshwaran a84dfa160c
Merge pull request #8316 from ctflearner/CVE-2022-48197
Create CVE-2022-48197.yaml
2023-10-05 17:24:51 +05:30
Ritik Chaddha b40c62549b
matchers & info update 2023-10-05 13:15:20 +05:30
Ritik Chaddha 0f42303065
lint & format fix 2023-10-05 12:57:16 +05:30
Ritik Chaddha 7a7a867b7b
Update CVE-2023-2224.yaml 2023-10-05 11:35:30 +05:30
GitHub Action 891e5c10fe Auto WordPress Plugins Update [Wed Oct 4 04:02:00 UTC 2023] 🤖 2023-10-04 04:02:00 +00:00
ctflearner 26d3cf0a94
Create CVE-2022-48197.yaml 2023-10-04 07:19:16 +05:30
ctflearner 6f37e9b554
Create CVE-2023-38501.YAML 2023-10-04 06:56:45 +05:30
Dhiyaneshwaran 751ddc980a
Create CVE-2023-33405.yaml 2023-10-03 18:33:29 +05:30
Dhiyaneshwaran d289d08865
Update twilio-api-key.yaml 2023-10-03 18:31:07 +05:30
Dhiyaneshwaran a5f50bfcfb revert commit 2023-10-03 18:30:30 +05:30
Dhiyaneshwaran 69c3edb658 revert commit 2023-10-03 18:28:59 +05:30
GitHub Action 7075e24ddd TemplateMan Update [Tue Oct 3 12:39:53 UTC 2023] 🤖 2023-10-03 12:39:54 +00:00
Dhiyaneshwaran d5b7a53028
Merge pull request #8273 from projectdiscovery/yonyou-u8-sqli
Create yonyou-u8-sqli.yaml
2023-10-03 18:07:16 +05:30
Dhiyaneshwaran cd11f87128
fix detection 2023-10-03 18:03:45 +05:30
Dhiyaneshwaran 7b44367b02
Update yonyou-u8-sqli.yaml 2023-10-03 17:59:56 +05:30
GitHub Action da6de402a7 TemplateMan Update [Tue Oct 3 09:17:07 UTC 2023] 🤖 2023-10-03 09:17:07 +00:00
Ritik Chaddha ac6aa73935
Merge pull request #8306 from 0xPugazh/main
Update php-backup-files.yaml
2023-10-03 14:45:05 +05:30
Ritik Chaddha 6aca91bfee
Merge pull request #8171 from neriberto/feature/pihole
Update template pi-hole-detect.yaml to detect new versions
2023-10-03 14:03:30 +05:30
Ritik Chaddha 4e78a390d7
Update pi-hole-detect.yaml 2023-10-03 13:59:48 +05:30
Ritik Chaddha ac6bb1823c
Merge pull request #8272 from projectdiscovery/CVE-2023-22432
Create CVE-2023-22432.yaml
2023-10-03 13:40:06 +05:30
Ritik Chaddha 568b53ef70
Merge pull request #8295 from gy741/rule-add-v146
Create CVE-2023-30625.yaml
2023-10-03 13:33:19 +05:30
Ritik Chaddha 22c0b5891d
updated matcher & req 2023-10-03 13:32:34 +05:30
Ritik Chaddha a334550a21
Merge pull request #8286 from jainiresh/patch-1
Update CVE-2019-6802.yaml
2023-10-03 13:19:37 +05:30
Ritik Chaddha 43fc4f3795
added status matcher 2023-10-03 13:18:23 +05:30
pussycat0x 8348a7fa6e
Update yonyou-u8-sqli.yaml 2023-10-03 12:23:04 +05:30
GitHub Action 172150f538 TemplateMan Update [Tue Oct 3 06:50:17 UTC 2023] 🤖 2023-10-03 06:50:18 +00:00
pussycat0x 465f0d9224
Update yonyou-u8-sqli.yaml 2023-10-03 12:19:44 +05:30
pussycat0x e13ab6cfdd
Merge pull request #8301 from gy741/rule-add-v148
Create CVE-2023-33831.yaml
2023-10-03 12:18:01 +05:30
pussycat0x 1e956367e0
Update CVE-2023-33831.yaml 2023-10-03 12:13:22 +05:30
pussycat0x 8ef3ae589b
Merge pull request #8305 from projectdiscovery/milesight-system-log
Create milesight-system-log.yaml
2023-10-03 12:11:37 +05:30
GitHub Action a0ecc3da00 TemplateMan Update [Tue Oct 3 06:40:54 UTC 2023] 🤖 2023-10-03 06:40:55 +00:00
pussycat0x 09b71b9afe
Merge pull request #8299 from projectdiscovery/unauth-celery-flower
Create unauth-celery-flower.yaml
2023-10-03 12:09:55 +05:30
GitHub Action fd071b4900 Auto WordPress Plugins Update [Tue Oct 3 04:02:30 UTC 2023] 🤖 2023-10-03 04:02:30 +00:00
Dhiyaneshwaran 8ccee371e6
change endpoint to fix fp 2023-10-02 22:28:04 +05:30
Dhiyaneshwaran 4572b7c0a7
Update api-tatum.yaml 2023-10-02 22:04:10 +05:30
GitHub Action d9efa67522 TemplateMan Update [Mon Oct 2 16:03:47 UTC 2023] 🤖 2023-10-02 16:03:47 +00:00
Dhiyaneshwaran f37e2b3a02
Rename milesight-system-log.yaml to milesight-system-log.yaml 2023-10-02 21:33:19 +05:30
Dhiyaneshwaran 19d9af9261
Merge pull request #8261 from projectdiscovery/princechaddha-patch-2
Create shiro-deserialization-detection.yaml
2023-10-02 21:31:51 +05:30
Luis Felipe 63dcb68b75
Create CVE-2023-2224.yaml 2023-10-02 08:57:09 -03:00
Pugalarasan fa6c8f9bb6
Update php-backup-files.yaml 2023-10-02 15:37:48 +05:30
GitHub Action f8794112ab TemplateMan Update [Mon Oct 2 08:23:48 UTC 2023] 🤖 2023-10-02 08:23:49 +00:00
gy741 fef8a38e22
Create CVE-2023-43261 (#8300)
* Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖

* Create CVE-2023-43261.yaml

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* Revert "Auto WordPress Plugins Update [Sun Oct  1 04:12:23 UTC 2023] 🤖"

This reverts commit ceb38c80b0.

* added metadata

---------

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2023-10-02 13:51:12 +05:30
Ritik Chaddha 0599afee2c
Create milesight-system-log.yaml 2023-10-02 12:01:44 +05:30
GitHub Action 658d741b44 Auto WordPress Plugins Update [Mon Oct 2 04:02:10 UTC 2023] 🤖 2023-10-02 04:02:10 +00:00
Dhiyaneshwaran ffa4a84ba9
added metadata and updated matcher 2023-10-02 00:47:23 +05:30
GwanYeong Kim 06674c9bca Create CVE-2023-33831.yaml
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-10-02 01:19:18 +09:00
Dhiyaneshwaran a151696a50
Create unauth-celery-flower.yaml 2023-10-01 18:12:23 +05:30
Ritik Chaddha 763b2e702d
Update icewarp-open-redirect.yaml 2023-10-01 17:53:02 +05:30
sandeep 6396390240 matcher update 2023-10-01 17:36:17 +05:30
GitHub Action d52def2330 TemplateMan Update [Sun Oct 1 08:42:42 UTC 2023] 🤖 2023-10-01 08:42:43 +00:00
Prince Chaddha cef5268b09
Merge pull request #8227 from sttlr/rdap-whois
Update rdap-whois.yaml
2023-10-01 14:10:19 +05:30
Prince Chaddha 48b3253a7e added additional matcher 2023-10-01 13:59:50 +05:30
Prince Chaddha 392adf2300 Revert "Auto WordPress Plugins Update [Sun Oct 1 04:12:23 UTC 2023] 🤖"
This reverts commit ceb38c80b0.
2023-10-01 13:50:49 +05:30
GitHub Action 32ee9d8ebb Auto WordPress Plugins Update [Sun Oct 1 04:01:57 UTC 2023] 🤖 2023-10-01 04:01:57 +00:00
GitHub Action ce1a84f8c4 TemplateMan Update [Sat Sep 30 08:23:25 UTC 2023] 🤖 2023-09-30 08:23:25 +00:00
johnk3r f953aca287
Create wsftp-detect.yaml (#8285)
* Create wsftp-detect.yaml

* Update and rename wsftp-detect.yaml to wsftp-ssh-detect.yaml

* Update and rename wsftp-ssh-detect.yaml to ws_ftp-ssh-detect.yaml

* Create ws_ftp-server-web-transfer.yaml

* misc update

* Update ws_ftp-server-web-transfer.yaml

* Update ws_ftp-ssh-detect.yaml

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-09-30 13:51:24 +05:30
GwanYeong Kim 208ff38843 Create CVE-2023-30013.yaml
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2023-09-30 13:15:00 +09:00
GitHub Action f10d3a0aa5 Auto WordPress Plugins Update [Sat Sep 30 04:02:07 UTC 2023] 🤖 2023-09-30 04:02:07 +00:00
sandeep ff450a65ba strict matcher 2023-09-29 19:04:39 +05:30
sandeep fd69046097 Added CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass) 2023-09-29 18:51:23 +05:30
sandeep 6784a9d2c1 format fix 2023-09-29 14:24:46 +05:30
jainiresh 5574a26f60
Update CVE-2019-6802.yaml
Updated to remove false positives.
As the previous change matches the words "Set-Cookie: crlfinjection=1" even if the words are present in the Location header too.

The updated code, will match only if the "Set-Cookie: crlfinjection=1" is actually a header, by verifying that it actually starts in the beginning of a response header.
2023-09-29 13:46:22 +05:30
GitHub Action 77bfd17949 TemplateMan Update [Fri Sep 29 05:57:07 UTC 2023] 🤖 2023-09-29 05:57:07 +00:00
pussycat0x 30217297c2
Merge pull request #8271 from projectdiscovery/CVE-2014-9180
Create CVE-2014-9180.yaml
2023-09-29 11:24:52 +05:30
pussycat0x ba23b0da91
Merge pull request #8276 from projectdiscovery/shopware-installer
Create shopware-installer.yaml
2023-09-29 11:17:39 +05:30
pussycat0x d008a02bc6
reference - update 2023-09-29 11:11:33 +05:30
pussycat0x 52c948b3d6
Merge pull request #8283 from projectdiscovery/zencart-installer
Create zencart-installer.yaml
2023-09-29 11:09:50 +05:30
pussycat0x 39bde187ad
Update zencart-installer.yaml 2023-09-29 11:05:56 +05:30
GitHub Action 20b7ed5bfa TemplateMan Update [Fri Sep 29 05:32:45 UTC 2023] 🤖 2023-09-29 05:32:46 +00:00
pussycat0x aed5b2c10b
Merge pull request #8279 from sullo/main
Joomla! version matching fixes
2023-09-29 11:00:48 +05:30
GitHub Action dd0d479008 Auto WordPress Plugins Update [Fri Sep 29 04:02:18 UTC 2023] 🤖 2023-09-29 04:02:18 +00:00
Ritik Chaddha 09c7344744
Merge pull request #8277 from projectdiscovery/vironeer-installer
Create vironeer-installer.yaml
2023-09-28 22:59:46 +05:30
GitHub Action b6f2c618e8 TemplateMan Update [Thu Sep 28 17:26:49 UTC 2023] 🤖 2023-09-28 17:26:49 +00:00
Ritik Chaddha 0cef5a5fae
Merge pull request #8282 from projectdiscovery/dolphin-installer
Create dolphin-installer.yaml
2023-09-28 22:56:27 +05:30
Ritik Chaddha 5e2c584c5e
Merge pull request #8284 from projectdiscovery/clipbucket-installer
Create clipbucket-installer.yaml
2023-09-28 22:55:10 +05:30
Ritik Chaddha 0351e4977c
Merge pull request #8275 from projectdiscovery/fix-fp-gitignore
Update exposed-gitignore.yaml
2023-09-28 22:54:54 +05:30
Ritik Chaddha 0dd0f0e9df
Update vironeer-installer.yaml 2023-09-28 22:54:20 +05:30
Ritik Chaddha 97a84f6b23
Update dolphin-installer.yaml 2023-09-28 22:53:19 +05:30
Ritik Chaddha 5077ecae67
Update clipbucket-installer.yaml 2023-09-28 22:52:08 +05:30
GitHub Action fc00af69a0 Auto WordPress Plugins Update [Thu Sep 28 04:02:23 UTC 2023] 🤖 2023-09-28 04:02:23 +00:00
Dhiyaneshwaran cb632e613f
Create clipbucket-installer.yaml 2023-09-28 08:00:05 +05:30
Dhiyaneshwaran 4050afbbc9
Create zencart-installer.yaml 2023-09-28 07:47:47 +05:30
Dhiyaneshwaran 8346d97b22
Create dolphin-installer.yaml 2023-09-28 07:20:48 +05:30
Ritik Chaddha e616bb0ec7
protocol update 2023-09-27 23:35:44 +05:30
Ritik Chaddha bc957cd1a4
Update CVE-2023-42793.yaml 2023-09-27 23:35:06 +05:30
sandeep f0ba24afa1 JetBrains TeamCity - Remote Code Execution (CVE-2023-42793) 2023-09-27 23:25:18 +05:30
sullo 4afb8a0587 This updates the order of files so that versions are extracted before generic Joomla! detection, fixes the regex for version matching, and adds a required AND matcher for the joomla.xml file. 2023-09-27 13:08:55 -04:00
Dhiyaneshwaran 48b9ff2205
Create vironeer-installer.yaml 2023-09-27 19:42:23 +05:30
Dhiyaneshwaran 4efec2d2e3
Create shopware-installer.yaml 2023-09-27 19:16:20 +05:30
Dhiyaneshwaran ebedb7ed93
Update exposed-gitignore.yaml 2023-09-27 18:38:37 +05:30
Dhiyaneshwaran 446532191f
Create yonyou-u8-sqli.yaml 2023-09-27 16:52:56 +05:30
Dhiyaneshwaran dc6b9c1e73
metadata update 2023-09-27 14:39:20 +05:30
Dhiyaneshwaran 334c3be057
Create CVE-2023-22432.yaml 2023-09-27 14:38:24 +05:30
Dhiyaneshwaran 082966e07a
Create CVE-2014-9180.yaml 2023-09-27 14:13:02 +05:30
GitHub Action a5af4a1f44 TemplateMan Update [Wed Sep 27 04:48:39 UTC 2023] 🤖 2023-09-27 04:48:40 +00:00
Ritik Chaddha ea82d21d64
Create klr300n-installer.yaml 2023-09-27 10:04:00 +05:30
GitHub Action 898e468d2c Auto WordPress Plugins Update [Wed Sep 27 04:02:06 UTC 2023] 🤖 2023-09-27 04:02:06 +00:00
pussycat0x e47239d4df
Merge pull request #8267 from projectdiscovery/CVE-2023-5074
Create CVE-2023-5074.yaml (Authentication Bypass in D-Link D-View 8 🔥 )
2023-09-26 21:24:12 +05:30
pussycat0x 17669c7fd8
lint -fix 2023-09-26 21:21:03 +05:30
pussycat0x 5f4f590e7f
Update CVE-2023-5074.yaml 2023-09-26 21:16:55 +05:30
pussycat0x 3b789d908b
Update CVE-2023-5074.yaml 2023-09-26 21:13:29 +05:30
GitHub Action eec309f75f TemplateMan Update [Tue Sep 26 15:42:15 UTC 2023] 🤖 2023-09-26 15:42:16 +00:00
pussycat0x 85868d5802
Merge pull request #8216 from zn9988/main
Create CVE-2023-2479.yaml
2023-09-26 21:09:57 +05:30
Dhiyaneshwaran e48aa75f0f
fix-trail-spacing 2023-09-26 20:09:49 +05:30
Dhiyaneshwaran 52c9d36132
Create CVE-2023-5074.yaml 2023-09-26 20:05:39 +05:30
GitHub Action 8624a3723b TemplateMan Update [Tue Sep 26 13:42:18 UTC 2023] 🤖 2023-09-26 13:42:19 +00:00
pussycat0x 1709d2bd2f
Merge pull request #8259 from projectdiscovery/ojs-installer
Create ojs-installer.yaml
2023-09-26 19:09:55 +05:30
pussycat0x 634eb6f24f
Merge pull request #8225 from projectdiscovery/CVE-2023-36845
Create CVE-2023-36845.yaml (Juniper J-Web - Remote Code Execution 🔥 )
2023-09-26 18:57:53 +05:30
pussycat0x 2c1ad47f56
Merge pull request #8229 from projectdiscovery/bitrix24-installer
Create bitrix24-installer.yaml
2023-09-26 18:45:37 +05:30
pussycat0x 9fd65a9f6e
Merge pull request #8234 from projectdiscovery/akeeba-installer
Create akeeba-installer.yaml
2023-09-26 18:44:48 +05:30
Dhiyaneshwaran 6d40f1256d
fix trail space 2023-09-26 12:42:57 +05:30
Dhiyaneshwaran ae67cf87ba
minor update 2023-09-26 12:33:31 +05:30
shankar acharya f06822363f
Update twilio-api-key.yaml 2023-09-26 12:30:36 +05:45
shankar acharya d5046b1dae
Update twilio-api-key.yaml 2023-09-26 12:30:07 +05:45
sank e0c79e9609 my template extracts all the keys if the word twilio is present. 2023-09-26 11:53:59 +05:45
GitHub Action c79554fd80 TemplateMan Update [Tue Sep 26 05:47:05 UTC 2023] 🤖 2023-09-26 05:47:06 +00:00
Dhiyaneshwaran 96d22d5350
Merge pull request #8258 from righettod/add_blazor_tpl
Add template to detect Blazor WebAssembly app
2023-09-26 11:16:02 +05:30
Dhiyaneshwaran 2c1392e423
Merge pull request #8260 from kazet/zzzcms-rce-fp
ZZZCMS RCE is a false positive if we see phpinfo() without posting any data
2023-09-26 11:14:55 +05:30
Ritik Chaddha 59151619bc
req and matcher update 2023-09-26 10:19:09 +05:30
Prince Chaddha 34a19dd885
fix trailing space 2023-09-25 23:21:28 +05:30
Prince Chaddha c02fc785e0
Create shiro-deserialization-detection.yaml 2023-09-25 23:17:08 +05:30
Krzysztof Zając f188fcbe2f more precise status code match 2023-09-25 16:28:43 +02:00
Krzysztof Zając 8e3d9c97ce ZZZCMS RCE is a false positive if we see phpinfo() without posting any data 2023-09-25 16:24:23 +02:00
Dhiyaneshwaran 476f2ea24d
Create ojs-installer.yaml 2023-09-25 08:53:10 +05:30