Noam Rathaus
14ae8e3f59
Add description
2021-10-27 14:05:11 +03:00
Noam Rathaus
3a02b7c325
Add description
2021-10-27 14:04:00 +03:00
Noam Rathaus
f1cf6fd9a7
Add description
2021-10-27 14:03:22 +03:00
Noam Rathaus
d5d2ed0a0e
Add description
2021-10-27 13:52:34 +03:00
Noam Rathaus
c9efc02223
Add description
2021-10-26 15:29:20 +03:00
Noam Rathaus
093a495b5f
Add description
2021-10-26 15:28:43 +03:00
Noam Rathaus
25f7c812c2
Add description
2021-10-26 15:27:57 +03:00
Noam Rathaus
5d98d22416
Add description
2021-10-26 15:27:16 +03:00
Noam Rathaus
8adbf37ab4
Add description
2021-10-26 15:26:10 +03:00
Noam Rathaus
57bae34cb9
Add description
2021-10-26 15:25:34 +03:00
Noam Rathaus
4c0e8bae7e
Add description
2021-10-26 15:24:26 +03:00
Noam Rathaus
dcf402cfa4
Add description
2021-10-26 15:23:43 +03:00
Noam Rathaus
7d0c8669a3
Add description
2021-10-26 15:22:21 +03:00
Noam Rathaus
9c96179595
Fix description
2021-10-26 12:45:16 +03:00
Noam Rathaus
081a2546fe
Add description
2021-10-25 12:59:08 +03:00
Noam Rathaus
e4018d4a0c
Add description
2021-10-25 12:58:22 +03:00
Noam Rathaus
f9fb282770
Add description
2021-10-25 12:57:40 +03:00
Noam Rathaus
319c8a830e
Add description
2021-10-25 12:56:03 +03:00
Noam Rathaus
3029da4ceb
Add description
2021-10-25 12:55:23 +03:00
Noam Rathaus
9f8270bb7a
Add description
2021-10-25 12:54:49 +03:00
Noam Rathaus
e9bd13da3e
Product name is 'OA'
2021-10-25 10:07:28 +03:00
Noam Rathaus
a3d1ca6b81
Description
2021-10-25 10:06:44 +03:00
Noam Rathaus
130e5b1ff5
add description
2021-10-25 10:01:03 +03:00
Noam Rathaus
d03fce098e
Add description
2021-10-25 09:58:59 +03:00
Noam Rathaus
5636579be1
Non-broken link
2021-10-25 09:57:47 +03:00
Noam Rathaus
ee82e5c591
Add description
2021-10-25 09:56:44 +03:00
Noam Rathaus
8ad49535b0
Add description
2021-10-24 12:38:06 +03:00
sandeep
c66ad46464
more metadata update
2021-10-22 23:24:21 +05:30
sandeep
2d5beca867
metadata update
2021-10-22 23:23:25 +05:30
Noam Rathaus
07472bb021
Add description
2021-10-21 14:21:38 +03:00
Noam Rathaus
ae55315ec6
Improve description
2021-10-21 14:15:52 +03:00
Noam Rathaus
7e4cd54f9e
Add description
2021-10-21 14:13:53 +03:00
Noam Rathaus
379513c015
Make description more clear
2021-10-21 08:55:02 +03:00
Noam Rathaus
691dab8a52
Add description
2021-10-21 08:51:56 +03:00
Noam Rathaus
fde188d253
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-10-21 08:32:04 +03:00
Sandeep Singh
a21cec6362
Merge pull request #2844 from projectdiscovery/more-fixes
...
Changes to adopt v2.5.3 engine
2021-10-21 07:21:20 +05:30
Noam Rathaus
cfa3a798f3
Add description
2021-10-19 13:17:58 +03:00
Noam Rathaus
e45550f4ed
Add description
2021-10-19 13:10:34 +03:00
Noam Rathaus
d1684e7d67
Add description
2021-10-19 13:10:29 +03:00
Noam Rathaus
5c910ab3b4
Add description
2021-10-19 13:03:41 +03:00
Noam Rathaus
6d5e933128
Add description
2021-10-19 12:56:40 +03:00
sandeep
33badb66d1
oob tags update
2021-10-19 02:10:26 +05:30
sandeep
a614391d3f
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into more-fixes
2021-10-18 03:14:44 +05:30
Noam Rathaus
087bbd2263
Add description
2021-10-17 15:54:19 +03:00
Noam Rathaus
0fd1574fe2
Add description
2021-10-17 15:52:26 +03:00
Noam Rathaus
c1b42bcc55
Add description
2021-10-17 15:50:52 +03:00
Prince Chaddha
5385191a9d
Update microstrategy-ssrf.yaml
2021-10-17 07:46:32 +05:30
Philippe Delteil
274f3f941a
Update microstrategy-ssrf.yaml
2021-10-16 17:19:30 -03:00
sandeep
42cc6d9507
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into more-fixes
2021-10-14 23:51:16 +05:30
sandeep
aad97c084c
misc update
2021-10-14 20:08:44 +05:30
sandeep
f9f4e3327e
moving files around
2021-10-14 20:05:25 +05:30
sandeep
adfbed9d51
lint fix
2021-10-14 19:50:43 +05:30
sandeep
558272470e
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates into pr/2893
2021-10-14 19:32:03 +05:30
sandeep
a313e27f6e
misc update
2021-10-14 19:31:57 +05:30
Noam Rathaus
4532646b44
Description
2021-10-14 16:35:40 +03:00
Noam Rathaus
d803f91971
Add description
2021-10-14 16:34:15 +03:00
Noam Rathaus
dbb28d586a
Add description
2021-10-14 16:32:34 +03:00
Noam Rathaus
5a00c6841d
Working link
2021-10-14 16:32:15 +03:00
Noam Rathaus
75f96128d5
Better description
2021-10-14 16:31:27 +03:00
Noam Rathaus
16dd5c6e8e
More reference
2021-10-14 16:30:44 +03:00
Noam Rathaus
09de143099
Add CVE
2021-10-14 16:30:14 +03:00
Noam Rathaus
6eaff09b16
Add description
2021-10-14 16:29:51 +03:00
Noam Rathaus
a6800e0e1a
Add description
2021-10-14 16:28:41 +03:00
Noam Rathaus
5618e8eaa9
Better description
2021-10-14 16:27:26 +03:00
Noam Rathaus
e3071a4f26
Added description
2021-10-14 16:10:54 +03:00
Noam Rathaus
eef7ba6cd4
Spelling
2021-10-14 16:07:39 +03:00
Noam Rathaus
083ca2805a
Add description
2021-10-14 16:07:18 +03:00
Noam Rathaus
2946782493
Fix name
2021-10-14 16:06:20 +03:00
Noam Rathaus
3322a4becc
Previous reference is no longer available
2021-10-14 16:05:47 +03:00
Noam Rathaus
67a6e574a0
Add description
2021-10-14 16:04:37 +03:00
Noam Rathaus
4b603769c5
Add vendor CERT advisory/cve
2021-10-14 15:59:38 +03:00
Noam Rathaus
39ebcc13a3
Add description
2021-10-14 15:55:59 +03:00
Noam Rathaus
18e6257e33
description
2021-10-14 15:54:28 +03:00
Noam Rathaus
2e9613d75b
Improve description
2021-10-13 12:01:33 +03:00
Noam Rathaus
d5038b7520
Add description
2021-10-13 12:00:55 +03:00
Noam Rathaus
ab008edc5b
Add description
2021-10-13 12:00:39 +03:00
Noam Rathaus
b86a987030
Dead link
2021-10-13 12:00:36 +03:00
Noam Rathaus
a3608c32f4
Add description
2021-10-13 11:56:10 +03:00
Sandeep Singh
9273a765c0
Merge branch 'master' into more-fixes
2021-10-13 13:48:52 +05:30
sandeep
6205415bbd
Update keycloak-xss.yaml
...
Updating severity as this XSS is not exploitable directly.
2021-10-09 08:46:17 +05:30
Sandeep Singh
95305667c0
Merge pull request #2852 from pdelteil/patch-65
...
Update qcubed-xss.yaml
2021-10-08 19:14:41 +05:30
sandeep
6a00b9245c
Update qcubed-xss.yaml
2021-10-08 19:14:26 +05:30
sandeep
de0a0ff3c1
misc update
2021-10-08 19:10:03 +05:30
Philippe Delteil
60a3b6f4a4
Update qcubed-xss.yaml
2021-10-08 03:46:49 -03:00
Philippe Delteil
888c703a3c
Update pmb-directory-traversal.yaml
2021-10-08 03:33:40 -03:00
sandeep
53fc9bcb3f
misc fixes
2021-10-07 05:23:20 +05:30
sandeep
8dfa5ce9b4
Added Lucee Unauthenticated Reflected XSS
2021-10-06 16:38:23 +05:30
Sandeep Singh
47853b869b
Update metinfo-lfi.yaml
2021-10-02 17:57:59 +05:30
Sandeep Singh
f43b256e6e
Update metinfo-lfi.yaml
2021-10-02 17:57:33 +05:30
Philippe Delteil
8fc91de606
Update metinfo-lfi.yaml
2021-10-02 03:42:22 -03:00
Prince Chaddha
58fd372498
Update and rename qihang-media-web-lfi.yaml to qihang-media-lfi.yaml
2021-10-01 16:28:20 +05:30
Prince Chaddha
ea71661d79
Update and rename qihang-media-web-credentials-disclosure.yaml to qihang-media-disclosure.yaml
2021-10-01 16:26:25 +05:30
GwanYeong Kim
f750bf5ba5
Create qihang-media-web-credentials-disclosure.yaml
...
The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:42:48 +09:00
GwanYeong Kim
90138f44d1
Create qihang-media-web-lfi.yaml
...
The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:35:12 +09:00
Sullo
c9a374bed5
renamed: simple-employee-rce.yaml -> ../../cves/2019/CVE-2019-20183.yaml
2021-09-30 13:06:46 -04:00
Sullo
28def083f6
Merge branch 'master' of https://github.com/sullo/nuclei-templates
...
Fix typo for cvss
2021-09-30 13:03:09 -04:00
Sullo
3878138bfe
* Added Host headers where needed (validated via disclosures/posts)
...
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
Prince Chaddha
f839f628b6
Update and rename fatpipe-networks-warp-backdoor.yaml to fatpipe-backdoor.yaml
2021-09-30 17:18:45 +05:30
Prince Chaddha
b65719103f
Update and rename fatpipe-networks-warp-auth-bypass.yaml to fatpipe-auth-bypass.yaml
2021-09-30 17:18:21 +05:30
Prince Chaddha
9e25b4871e
Update fatpipe-networks-warp-backdoor.yaml
2021-09-30 16:13:19 +05:30
GwanYeong Kim
606d2b5ea4
Create fatpipe-networks-warp-backdoor.yaml
...
The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 13:38:01 +09:00
GwanYeong Kim
263cadaacf
Create fatpipe-networks-warp-auth-bypass.yaml
...
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 11:07:24 +09:00
Prince Chaddha
8d7e5b2d24
Merge pull request #2748 from gy741/rule-add-v60
...
Create commax-cctv-rtsp-credentials-disclosure.yaml
2021-09-25 11:49:18 +05:30
Prince Chaddha
2808f46429
Update and rename commax-cctv-rtsp-credentials-disclosure.yaml to commax-credentials-disclosure.yaml
2021-09-25 11:32:31 +05:30
Prince Chaddha
2e7e35eb70
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml
2021-09-25 11:22:48 +05:30
GwanYeong Kim
fac7f96b34
Create ecoa-building-directory-traversal.yaml
...
The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:58:58 +09:00
GwanYeong Kim
59e0eb7ad3
Create commax-cctv-rtsp-credentials-disclosure.yaml
...
The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:43:18 +09:00
sandeep
18142906f0
moving files around
2021-09-22 18:09:43 +05:30
PikPikcU
991963fe4a
Update Severity
2021-09-20 12:11:56 +07:00
Muhammad Daffa
50dfd3dc3d
Update Severity
2021-09-18 21:07:47 +07:00
Sandeep Singh
0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update
2021-09-18 18:19:07 +05:30
sandeep
8c28120218
Update luftguitar-arbitrary-file-upload.yaml
2021-09-18 14:32:13 +05:30
sandeep
fb1aee75ce
Update luftguitar-arbitrary-file-upload.yaml
2021-09-18 14:28:03 +05:30
Prince Chaddha
63cc624c4a
Update luftguitar-arbitrary-file-upload.yaml
2021-09-18 12:14:32 +05:30
PikPikcU
2a1341274a
Create luftguitar-arbitrary-file-upload.yaml
2021-09-17 21:04:21 +07:00
Prince Chaddha
df59ad5670
Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml
2021-09-17 16:39:09 +05:30
sandeep
676b51d20c
Metadata attribute update
2021-09-16 21:24:33 +05:30
Prince Chaddha
18879698fa
Update bullwark-momentum-lfi.yaml
2021-09-13 15:55:14 +05:30
Prince Chaddha
e18cc14218
Update bullwark-momentum-lfi.yaml
2021-09-13 15:34:18 +05:30
sandeep
546bd6a038
matcher update
2021-09-13 15:28:35 +05:30
sandeep
207c140c50
moving files around
2021-09-11 21:06:36 +05:30
Sandeep Singh
cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags
2021-09-10 12:32:47 +05:30
sandeep
bd24dc198e
Coverage for all templates using tags
2021-09-09 19:08:13 +05:30
Prince Chaddha
67766f381a
Merge pull request #2600 from Akokonunes/patch-35
...
Create phpwiki-lfi.yaml
2021-09-09 15:02:41 +05:30
Prince Chaddha
6ce33e2f47
Rename phpwiki-lfi.yaml to vulnerabilities/other/phpwiki-lfi.yaml
2021-09-09 15:01:35 +05:30
Prince Chaddha
08dac56385
Update simple-employee-rce.yaml
2021-09-09 12:06:24 +05:30
sandeep
609705f676
removed extra headers not required for template
2021-09-08 17:47:19 +05:30
Prince Chaddha
9b75486616
Rename homeautomation-v3-openredirect.yaml to vulnerabilities/other/homeautomation-v3-openredirect.yaml
2021-09-07 18:07:48 +05:30
Sandeep Singh
e6a71e0e80
Merge pull request #2593 from projectdiscovery/openvpn-hhi
...
Added OpenVPN Host Header Injection
2021-09-06 18:56:27 +05:30
Prince Chaddha
4075664390
Merge pull request #2580 from Akokonunes/patch-29
...
Create gSOAP-LFl.yaml
2021-09-06 17:36:18 +05:30
Prince Chaddha
e9d5665383
Update gsoap-lfi.yaml
2021-09-06 17:34:51 +05:30
Prince Chaddha
1942d13ed6
Update openvpn-hhi.yaml
2021-09-06 17:15:30 +05:30
sandeep
cec54e6d51
tags update
...
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:15:07 +05:30
sandeep
c105e41fa4
Added OpenVPN Host Header Injection
...
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:13:17 +05:30
Prince Chaddha
f6e52a6739
Merge pull request #2585 from sullo/master
...
Updates across many templates for clarity, spelling, and grammar.
2021-09-06 15:02:52 +05:30
Prince Chaddha
7579fe98c2
Update and rename minimouse-lfi.yaml to vulnerabilities/other/minimouse-lfi.yaml
2021-09-06 14:44:39 +05:30
sullo
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
Prince Chaddha
bf1d6374b2
Rename gSOAP-LFl.yaml to vulnerabilities/other/gsoap-lfi.yaml
2021-09-05 19:22:07 +05:30
sandeep
90f8caf302
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481
2021-09-03 14:55:30 +05:30
sandeep
c266084621
Added stop-at-first-match in applicable templates
2021-09-02 17:29:10 +05:30
Prince Chaddha
5c5c6c3974
Update processmaker-lfi.yaml
2021-08-31 14:08:11 +05:30
Prince Chaddha
0b69ea80b2
Create processmaker-lfi.yaml
2021-08-31 14:03:47 +05:30
Noam Rathaus
86f3c08ba6
Vendor writes it as "NETGEAR"
2021-08-29 09:39:06 +03:00
Noam Rathaus
9f9970c8e9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-08-29 09:15:40 +03:00
forgedhallpass
419a957409
Fixing errors in templates
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
forgedhallpass
a4250b8f2f
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-26 15:04:14 +03:00
socketz
ed76585ed6
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-08-25 14:33:32 +02:00
socketz
c766a8454d
Fixed yaml linting errors
2021-08-25 14:09:42 +02:00
sandeep
8fb3c65965
template fix
2021-08-25 01:32:14 +05:30
forgedhallpass
110f9c9ddd
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-24 20:38:11 +03:00
Prince Chaddha
f66f36237b
Merge pull request #2455 from gy741/rule-add-v58
...
Create commax-biometric-access-control-system-auth-bypass.yaml
2021-08-24 17:44:13 +05:30
Prince Chaddha
554c4a505f
Update and rename commax-biometric-access-control-system-auth-bypass.yaml to commax-biometric-auth-bypass.yaml
2021-08-24 17:17:43 +05:30
Prince Chaddha
0a4cd456bf
Update commax-biometric-access-control-system-auth-bypass.yaml
2021-08-24 17:13:17 +05:30
Prince Chaddha
ba03c2b377
Update unauth-hoteldruid-panel.yaml
2021-08-24 16:46:24 +05:30
Prince Chaddha
d1065cd3fc
Create unauth-hoteldruid-panel.yaml
2021-08-24 16:42:11 +05:30
PikPikcU
ecd6547d05
Update thinkific-redirect.yaml
2021-08-24 14:56:21 +07:00
forgedhallpass
a124e393b4
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-23 19:15:14 +03:00
Prince Chaddha
647d27925a
Merge pull request #2426 from projectdiscovery/generic
...
Templates by geeknik
2021-08-23 19:55:32 +05:30
GwanYeong Kim
cad976abda
Create commax-biometric-access-control-system-auth-bypass.yaml
...
The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-22 18:19:34 +09:00
sandeep
cbdef618f3
Update netgear-router-exposure.yaml
2021-08-21 00:38:54 +05:30
forgedhallpass
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
sandeep
e160acb481
misc updates
2021-08-20 16:37:22 +05:30
sandeep
0ef2106a6e
Improved template
2021-08-19 23:34:16 +05:30
Sandeep Singh
0bef05c541
Merge pull request #793 from pikpikcu/patch-40
...
resin information disclosure
2021-08-19 23:15:42 +05:30
Sandeep Singh
ab824564d3
minor updates
2021-08-19 23:11:29 +05:30
Sandeep Singh
1247fcd993
Update vulnerabilities/other/caucho-resin-info-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-19 23:09:26 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass
002e8db616
Moved the "vendor" custom attribute under reference
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:00:46 +03:00
forgedhallpass
97d4f8705b
Fixed mistakes/typos
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass
0b432b341b
Added comments with URLs under the "references" field
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass
e68d15ab63
Fixed mistakes/typos in the templates.
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
Prince Chaddha
bc1bf5d919
Create comtrend-ct5367-disclosure.yaml
2021-08-19 14:47:44 +05:30
Prince Chaddha
f8a8968408
Revert "Create comtrend-ct5367-disclosure.yaml"
...
This reverts commit 33ea2d360c
.
2021-08-19 14:46:35 +05:30
Prince Chaddha
33ea2d360c
Create comtrend-ct5367-disclosure.yaml
2021-08-19 14:45:37 +05:30
Sandeep Singh
ab0750b570
minor update
2021-08-19 00:43:44 +05:30
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha
dd1bbe6093
Revert "Delete netgear-router-disclosure.yaml"
...
This reverts commit 3b969e7e0d
.
2021-08-18 17:02:08 +05:30
Prince Chaddha
3b969e7e0d
Delete netgear-router-disclosure.yaml
2021-08-18 16:59:49 +05:30
forgedhallpass
4c920b2552
Rename "references" to "reference" to match the expected template info structure
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha
0a0b5c7f74
Update netgear-router-disclosure.yaml
2021-08-18 16:56:56 +05:30
Prince Chaddha
d07323e0be
Create netgear-router-disclosure.yaml
2021-08-18 16:44:28 +05:30
Prince Chaddha
af15e4817f
Update netgear-router-auth-bypass.yaml
2021-08-18 16:42:34 +05:30
Prince Chaddha
fe1e7d36fb
Merge pull request #2429 from Mad-robot/patch-3
...
Create geovision-geowebserver-lfi.yaml
2021-08-18 16:19:49 +05:30
Prince Chaddha
0731a772d4
Update geovision-geowebserver-lfi.yaml
2021-08-18 16:18:12 +05:30
Prince Chaddha
1db2715a06
Update geovision-geowebserver-xss.yaml
2021-08-18 14:51:23 +05:30
Prince Chaddha
eeb284a7ec
Update geovision-geowebserver-xss.yaml
2021-08-18 14:48:34 +05:30
SaN ThosH
db4073d2b5
Update geovision-geowebserver-lfi.yaml
2021-08-18 03:54:30 +05:30
SaN ThosH
d5748c95fc
Create geovision-geowebserver-lfi.yaml
2021-08-18 03:50:45 +05:30
SaN ThosH
0c24cc2f74
Create geovision-geowebserver-xss.yaml
2021-08-18 03:50:39 +05:30
Prince Chaddha
727e73c5c3
Create solar-log-authbypass.yaml
2021-08-17 18:02:41 +05:30
Sandeep Singh
59b2aeda40
Merge pull request #2420 from geeknik/patch-18
...
Update twig-php-ssti.yaml
2021-08-17 17:12:00 +05:30
sandeep
c2f87671fb
strict matcher
2021-08-17 15:52:22 +05:30
sandeep
03cd55a33f
severity update based on poc
...
We will update this again as per assigned CVE which is not available right now?
2021-08-17 15:02:47 +05:30
sandeep
4a5137b742
more tags
2021-08-17 15:00:30 +05:30
sandeep
e8c3a1f9c7
Additional matchers update
2021-08-17 15:00:05 +05:30
Sanyam Chawla
5072dbbcbb
Create ms-exchange-server-reflected-xss.yaml
2021-08-17 13:55:38 +05:30
Geeknik Labs
3b9fb75fcb
Update twig-php-ssti.yaml
...
Another FP fix
2021-08-16 15:30:23 -05:00
Geeknik Labs
d52c97c569
Update twig-php-ssti.yaml
...
False positive fix
2021-08-16 15:28:13 -05:00
Prince Chaddha
970bdb3ac7
Update pmb-directory-traversal.yaml
2021-08-16 16:43:47 +05:30
Prince Chaddha
d45887f9f9
Delete node-nunjucks-ssti.yaml
2021-08-16 16:41:58 +05:30
Prince Chaddha
d3a379e112
Update eyelock-nano-lfd.yaml
2021-08-16 16:40:42 +05:30
Prince Chaddha
af4f29ab03
Update beward-ipcamera-disclosure.yaml
2021-08-16 16:37:34 +05:30
Prince Chaddha
4e498a6478
Create pmb-directory-traversal.yaml
2021-08-16 16:14:02 +05:30
Prince Chaddha
451823f887
Create node-nunjucks-ssti.yaml
2021-08-16 16:13:27 +05:30
Prince Chaddha
c6927262eb
Create eyelock-nano-lfd.yaml
2021-08-16 16:12:45 +05:30
Prince Chaddha
232b187a40
Create beward-ipcamera-disclosure.yaml
2021-08-16 16:11:44 +05:30
Prince Chaddha
7bce4fbb26
Update netis-info-leak.yaml
2021-08-14 16:00:00 +05:30
Prince Chaddha
edffa49ca4
Update netis-info-leak.yaml
2021-08-14 15:53:30 +05:30
GwanYeong Kim
5b81af7ab4
Create netis-info-leak.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-13 13:34:28 +09:00
sandeep
df65ba694b
Update ewebs-arbitrary-file-reading.yaml
2021-08-12 18:19:22 +05:30
PikPikcU
65ed503022
Create ewebs-arbitrary-file-reading.yaml
2021-08-12 18:41:02 +07:00
Sandeep Singh
5ca0a70f3e
Merge pull request #2372 from projectdiscovery/buffalo
...
Added CVE-2021-20090 / CVE-2021-20091 / CVE-2021-20092
2021-08-12 16:07:45 +05:30
Prince Chaddha
cfc534af89
Update sar2html-rce.yaml
2021-08-12 15:03:49 +05:30
sandeep
98a07bd594
Added unauth config injection
2021-08-12 14:12:20 +05:30
GwanYeong Kim
0d2b53e71d
Create sar2html-rce.yaml
...
SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-11 14:11:25 +09:00
Noam Rathaus
a806149864
Spelling
2021-08-09 16:31:00 +03:00
Noam Rathaus
864b209cc1
Add reference
2021-08-09 16:10:10 +03:00
Noam Rathaus
3651410d37
Provide description
2021-08-09 16:08:19 +03:00
Sandeep Singh
210c57768d
Merge pull request #2193 from gy741/rule-add-v42
...
Create kevinlab-hems-backdoor.yaml
2021-08-08 13:56:56 +05:30
sandeep
a7dcd3f317
added more tags
2021-08-08 00:27:18 +05:30
sandeep
3b6d6322ea
Additional matcher
2021-08-08 00:22:55 +05:30
sandeep
e690901c86
minor update
2021-08-08 00:20:56 +05:30
sandeep
ca9efec5c0
tag update
2021-08-07 15:00:29 +05:30
Dhiyaneshwaran
afcbd374a9
Create sap-redirect.yaml
2021-08-07 11:31:58 +05:30
sandeep
5cddd4312b
Adding additional steps to make it work
2021-08-06 23:30:34 +05:30
PikPikcU
57624f3d25
Create ruijie-eg-rce.yaml
2021-08-06 17:04:32 +07:00
Prince Chaddha
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
Prince Chaddha
c581a94bf4
Merge pull request #2318 from gy741/rule-add-v50
...
Create longjing-technology-bems-api-lfi.yaml
2021-08-03 19:56:57 +05:30
Prince Chaddha
28d568b88c
Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml
2021-08-03 19:55:25 +05:30
Prince Chaddha
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
GwanYeong Kim
5fb6332bd9
Create longjing-technology-bems-api-lfi.yaml
...
The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 21:52:14 +09:00
Prince Chaddha
ea1ae20a82
Create zimbra-preauth-ssrf.yaml
2021-08-03 12:52:56 +05:30
Prince Chaddha
2491a6a4b7
Merge pull request #2227 from Udyz/patch-5
...
Create hasura-graphql-sql-exec.yaml
2021-08-02 22:25:31 +05:30
Prince Chaddha
4e976706b8
Update hasura-graphql-psql-exec.yaml
2021-08-02 22:18:41 +05:30
Prince Chaddha
204cf337c8
Update hasura-graphql-psql-exec.yaml
2021-08-02 22:15:52 +05:30
Prince Chaddha
6102421e22
Update hasura-graphql-ssrf.yaml
2021-08-02 22:03:12 +05:30
Prince Chaddha
03077a9ca2
Update tikiwiki-reflected-xss.yaml
2021-08-02 21:44:48 +05:30
Noam Rathaus
493acb8afe
Description
2021-08-02 14:30:22 +03:00
sandeep
e896a8982d
misc updates
2021-08-02 12:53:35 +05:30
GwanYeong Kim
27eef8c1a9
Create zhiyuan-file-upload.yaml
...
Zhiyuan OA is a set of office coordinating management software. Recently, Qianxin CERT monitors the relevant vulnerability information of the long OA. Since there is an unauthorized access in some interfaces, and some functions are insufficient, the attacker can upload malicious script files without logging in, so that there is no need to log in. Zhiyuan OA official has provided patches for this vulnerability. In view of the large vulnerability harm, it is recommended that users apply patch updates as soon as possible.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 11:07:14 +09:00
Prince Chaddha
49efd9fa07
Update bitrix-open-redirect.yaml
2021-07-29 00:13:15 +05:30
PikPikcU
783550d003
Update bitrix-open-redirect.yaml
2021-07-28 08:38:48 +07:00
PikPikcU
72fcdc20bf
Create bitrix-open-redirect.yaml
2021-07-28 08:37:25 +07:00
lulz
0c68ef5f66
Rename raw-psql-warp.yaml to hasura-graphql-psql-exec.yaml
2021-07-27 23:25:36 +07:00
lulz
0706823399
Update raw-psql-warp.yaml
2021-07-27 23:23:55 +07:00
lulz
5c931f8d00
Update raw-psql-warp.yaml
2021-07-27 22:12:41 +07:00
lulz
2219ab607e
Create raw-psql-warp.yaml
2021-07-27 21:57:59 +07:00