Commit Graph

690 Commits (70fd2d2499ba2830bc7acf8945548c97ef0f8800)

Author SHA1 Message Date
Philippe Delteil 8185a0e9c0
Update CVE-2020-2036.yaml 2021-10-02 03:24:29 -03:00
sullo c0003f8731
Update CVE-2020-29453.yaml 2021-09-30 14:27:12 -04:00
sullo 784d9560be
Fix CVSS score
incorrectly changed cvss score
2021-09-30 14:26:37 -04:00
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts)
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
sullo 6b5d52084d Update cvss/severity for CVE-2020-29453 2021-09-29 10:35:52 -04:00
sandeep ff1537d7da fixing tags typos 2021-09-21 15:43:08 +05:30
sandeep 7b23f4ebd4 outdated template cleanups 2021-09-21 14:34:20 +05:30
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
GitHub Action a866f1e777 Auto Generated CVE annotations [Fri Sep 17 11:08:30 UTC 2021] 🤖 2021-09-17 11:08:30 +00:00
Prince Chaddha 7fc3c211d8
Merge pull request #2667 from pikpikcu/patch-268
Added Jeesns POC
2021-09-17 16:37:25 +05:30
Prince Chaddha 9357ac4153
Update CVE-2020-19282.yaml 2021-09-17 16:33:45 +05:30
Prince Chaddha 51672dd85d
Update CVE-2020-19295.yaml 2021-09-17 16:32:41 +05:30
Prince Chaddha ae221b7892
Update CVE-2020-19283.yaml 2021-09-17 16:32:27 +05:30
Prince Chaddha 92014aa363
Update CVE-2020-19295.yaml 2021-09-17 16:31:20 +05:30
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
GitHub Action 7542ad2c07 Auto Generated CVE annotations [Thu Sep 16 13:05:34 UTC 2021] 🤖 2021-09-16 13:05:34 +00:00
forgedhallpass d0f5daca61 #276 Replace space character with dash in template ID. 2021-09-16 16:04:04 +03:00
GitHub Action f19daba616 Auto Generated CVE annotations [Wed Sep 15 12:04:47 UTC 2021] 🤖 2021-09-15 12:04:47 +00:00
Prince Chaddha f5c71d54e2
Merge pull request #2677 from pikpikcu/patch-278
Create CVE-2020-28351.yaml
2021-09-15 17:33:36 +05:30
Prince Chaddha 6539892061
Update CVE-2020-28351.yaml 2021-09-15 17:24:42 +05:30
GitHub Action 18534fa692 Auto Generated CVE annotations [Wed Sep 15 11:53:20 UTC 2021] 🤖 2021-09-15 11:53:20 +00:00
Prince Chaddha 68cdcd3034
Update CVE-2020-24912.yaml 2021-09-15 17:20:24 +05:30
Prince Chaddha bc1d567455
Update CVE-2020-24912.yaml 2021-09-15 16:50:33 +05:30
Prince Chaddha 86a369132e
Update CVE-2020-24912.yaml 2021-09-15 16:49:18 +05:30
PikPikcU 80072c8e97
Create CVE-2020-28351.yaml 2021-09-15 13:13:50 +07:00
PikPikcU bb8e0616e9
Create CVE-2020-24912.yaml 2021-09-15 13:00:51 +07:00
PikPikcU 1d63ebfe45
Update CVE-2020-19295.yaml 2021-09-15 11:30:58 +07:00
PikPikcU c5416951e5
Update CVE-2020-19283.yaml 2021-09-15 11:30:38 +07:00
PikPikcU 4a10930690
Update CVE-2020-19282.yaml 2021-09-15 11:30:18 +07:00
PikPikcU 6985e77e20
Update CVE-2020-19295.yaml 2021-09-15 10:45:24 +07:00
PikPikcU 5fb54fd82e
Update CVE-2020-19283.yaml 2021-09-15 10:45:04 +07:00
PikPikcU 42cf71e956
Create CVE-2020-19295.yaml 2021-09-15 10:41:12 +07:00
PikPikcU 6e09439dec
Create CVE-2020-19283.yaml 2021-09-15 10:37:44 +07:00
PikPikcU 4340807fb6
Create CVE-2020-19282.yaml 2021-09-15 09:56:03 +07:00
sandeep 29a944ea73 payload update 2021-09-12 20:22:03 +05:30
sandeep e6d97e26c5 additional matcher 2021-09-12 18:31:46 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 90eba9d883
Update CVE-2020-7961.yaml 2021-09-09 11:46:54 +05:30
Prince Chaddha 43b45a7b63
Update CVE-2020-12720.yaml 2021-09-09 11:42:52 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Sandeep Singh f6c72769ce
temporary moving to another branch 2021-09-03 22:29:55 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c41a498505 added tags 2021-09-03 12:52:27 +05:30
Prince Chaddha 58a886ad6e
Update CVE-2020-28976.yaml 2021-09-03 09:24:21 +05:30
Borna Nematzadeh 6e7c3ab0a2
Update CVE-2020-28976.yaml 2021-09-02 12:26:10 -07:00
LogicalHunter f0197ae9ac Added CVE-2020-28976.yaml Template 2021-09-02 12:13:21 -07:00
Prince Chaddha 3b32de60be
Update CVE-2020-11547.yaml 2021-09-02 18:25:16 +05:30
betul.kiral 5c94814e00 Adding CVE-2020-11547 2021-09-02 14:43:37 +03:00
sandeep c81725e991 Removed duplicate template 2021-09-01 12:36:20 +05:30
Noam Rathaus 51eb639de8 Updated 2021-08-30 12:49:23 +03:00
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
Noam Rathaus 67fa97aed1 Add vendor KB 2021-08-29 09:36:59 +03:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
socketz f290b9f60d Deleted duplicate and in wrong directory 2021-08-25 07:55:46 +02:00
sandeep d705fbd84b Update CVE-2020-11420.yaml 2021-08-25 00:33:54 +05:30
sandeep 3c95101f5a Update CVE-2020-11420.yaml 2021-08-25 00:31:27 +05:30
sandeep 65d9d8acb2 lint fix 2021-08-24 23:13:00 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
socketz 7d6a6c137a Added CVE-2020-11420 2021-08-24 14:43:45 +02:00
sandeep 85f8cf2c41 Update CVE-2020-12800.yaml 2021-08-24 05:00:04 +05:30
sandeep fba4461932 Added CVE-2020-12800 2021-08-24 04:57:51 +05:30
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update
Payloads positional update to keep the request format uniform
2021-08-23 15:26:35 +05:30
sandeep 451e938d46 misc changes 2021-08-23 14:54:04 +05:30
Dwi Siswanto be3d5c9d08 Add CVE-2020-29453 2021-08-23 11:30:16 +07:00
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 2a320412bf Misc (minor)
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:25:01 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
Prince Chaddha 3a8b5df438
Update CVE-2020-25223.yaml 2021-08-19 16:35:50 +05:30
GwanYeong Kim 673fe80660 Create CVE-2020-25223.yaml
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-19 18:37:59 +09:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
sandeep 63431349aa minor update 2021-08-10 20:13:14 +05:30
Geeknik Labs d6bd06a878
Update CVE-2020-24312.yaml
Fixes a false positive.
2021-08-09 20:43:58 -05:00
Prince Chaddha bc236580ee
Merge pull request #1856 from Akokonunes/patch-15
Create CVE-2019-9618.yaml
2021-08-07 19:55:08 +05:30
Prince Chaddha 3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
Prince Chaddha 23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
Prince Chaddha b927288f30
Update CVE-2020-6637.yaml 2021-08-03 19:25:06 +05:30
Prince Chaddha 107c3594bf
Update CVE-2020-6637.yaml 2021-08-03 13:24:31 +05:30
sandeep 3c03e28e55 Update CVE-2020-7796.yaml 2021-08-03 12:50:22 +05:30
sandeep d8007437ae Update CVE-2020-7796.yaml 2021-08-03 12:50:10 +05:30
Prince Chaddha b02ea3266b
Update CVE-2020-7796.yaml 2021-08-03 12:47:55 +05:30
Prince Chaddha 9620f4616e
Update CVE-2020-7796.yaml 2021-08-03 12:42:56 +05:30
GwanYeong Kim 9c16967fa5 Create CVE-2020-7796.yaml
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 09:31:23 +09:00
GwanYeong Kim 8627aadce0 Create CVE-2020-27361.yaml
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 01:17:48 +09:00
Prince Chaddha a3cba3b1e1
Merge pull request #2280 from daffainfo/patch-120
Create CVE-2020-35598.yaml
2021-08-02 17:14:38 +05:30
sandeep a24977aab9 Update CVE-2020-6637.yaml 2021-08-02 01:42:01 +05:30
Noam Rathaus 734dde35cc Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217 2021-08-01 08:52:30 +03:00
Muhammad Daffa b826d82268
Create CVE-2020-35598.yaml 2021-08-01 06:40:11 +07:00
Toufik Airane 1cce455f1c
Update CVE-2020-13927.yaml
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477.

According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
2021-07-30 16:40:41 +02:00
Muhammad Daffa da3ba72db3
Create CVE-2020-11455.yaml 2021-07-29 05:43:07 +07:00
Sandeep Singh 32e18be51a
Merge pull request #2215 from TheConciergeDev/patch-4
Renamed yaml file
2021-07-27 17:27:23 +05:30
Prince Chaddha fdfd4232a5
Merge pull request #2225 from pikpikcu/patch-231
Create CVE-2020-26153.yaml
2021-07-27 17:22:04 +05:30
Prince Chaddha cdb91d44f3
Update CVE-2020-26153.yaml 2021-07-27 17:20:54 +05:30
Prince Chaddha 4a5d374227
Merge pull request #2212 from pikpikcu/patch-220
Add Jeedom XSS
2021-07-27 17:18:07 +05:30
Prince Chaddha 142eb2fe3b
Update CVE-2020-9036.yaml 2021-07-27 17:12:32 +05:30
Prince Chaddha c4e75a7eb5
Merge pull request #2203 from pikpikcu/patch-211
Add CVE-2020-27735
2021-07-27 17:08:21 +05:30
PikPikcU d561a8711d
Create CVE-2020-26153.yaml 2021-07-27 18:19:44 +07:00
Prince Chaddha d9f20b63e4
Update CVE-2020-27735.yaml 2021-07-27 16:32:50 +05:30
Prince Chaddha 6e7aba2fb9
Update CVE-2020-27735.yaml 2021-07-27 13:55:45 +05:30
Prince Chaddha 4a13112125
Update CVE-2020-27735.yaml 2021-07-27 13:33:41 +05:30
TheConciergeDev 62df9585f9
Renamed yaml file
Added missing "-" in filename
2021-07-27 09:28:54 +02:00
PikPikcU 6f91b5d052
Create CVE-2020-9036.yaml 2021-07-27 13:45:01 +07:00
Prince Chaddha 76a39c9ef5
Update CVE 2020-6171.yaml 2021-07-27 11:58:42 +05:30
PikPikcU 751626e435
Update CVE 2020-6171.yaml 2021-07-27 12:24:17 +07:00
PikPikcU ddc251861f
Create CVE 2020-6171.yaml 2021-07-27 12:21:52 +07:00
Prince Chaddha caf6bb61c3
Update CVE-2020-27735.yaml 2021-07-27 10:41:08 +05:30
Prince Chaddha b2f1863fd7
Update CVE-2020-35774.yaml 2021-07-27 10:40:55 +05:30
Prince Chaddha b75c2dde67
Update CVE-2020-35774.yaml 2021-07-27 10:38:46 +05:30
PikPikcU 326c8265ef
Create CVE-2020-35774.yaml 2021-07-27 10:31:48 +07:00
PikPikcU f619caf26a
Create CVE-2020-27735.yaml 2021-07-27 10:23:23 +07:00
PikPikcU 96c03d93cc
Update CVE-2020-6637.yaml 2021-07-27 07:38:49 +07:00
PikPikcU b1dfb89f88
Create CVE-2020-6637.yaml 2021-07-27 07:36:48 +07:00
sandeep 9c66387f0f More CVEs Template 2021-07-26 22:48:45 +05:30
Sandeep Singh 79c077ddf7
Merge pull request #1874 from Vladimir-Ivanov-Git/CVE-2020-6207
CVE-2020-6207 SAP SolMan RCE
2021-07-26 18:26:55 +05:30
Sandeep Singh 8130cd2c3b
Update CVE-2020-6207.yaml 2021-07-26 18:26:19 +05:30
Prince Chaddha 4ee46bf076
Merge pull request #2112 from daffainfo/patch-91
Create CVE-2020-35580.yaml
2021-07-26 14:06:50 +05:30
Prince Chaddha 84161bc33e
Update CVE-2020-8813.yaml 2021-07-26 13:27:19 +05:30
GwanYeong Kim 620ff3f367 Create CVE-2020-8813.yaml
This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 11:32:23 +09:00
Muhammad Daffa fed682443e
Update CVE-2020-35580.yaml 2021-07-26 06:55:48 +07:00
GwanYeong Kim b9fadff659 Create CVE-2020-5307.yaml
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-25 11:50:53 +09:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
Prince Chaddha af4081d0ec
Update CVE-2020-29227.yaml 2021-07-24 12:17:56 +05:30
Prince Chaddha 956eb6691f
Update CVE-2020-29227.yaml 2021-07-24 12:16:30 +05:30
Prince Chaddha f40aca136b
Update CVE-2020-29227.yaml 2021-07-24 12:15:24 +05:30
Prince Chaddha 31f62d59ce
Update CVE-2020-13117.yaml 2021-07-24 11:39:47 +05:30
Prince Chaddha f60a9ed891
Update CVE-2020-13117.yaml 2021-07-23 15:06:51 +05:30
GwanYeong Kim 7298a0b35d Create CVE-2020-13117.yaml
Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 11:14:31 +09:00
Muhammad Daffa 65bddf3e33
Create CVE-2020-29227.yaml 2021-07-20 20:08:18 +07:00
Muhammad Daffa f7d4a642f1
Create CVE-2020-35580.yaml 2021-07-20 20:02:49 +07:00
Sandeep Singh ac39bd3284
Merge pull request #2100 from daffainfo/master
Renamed CVE-2020-8771.yaml
2021-07-20 11:38:35 +05:30
Sandeep Singh 14beefec28
Update CVE-2020-8771.yaml 2021-07-20 11:35:57 +05:30
sandeep 19fe96bc45 minor improvements and file name update 2021-07-20 11:33:16 +05:30
Muhammad Daffa d27fb4c3b0
Renamed CVE-2020-8771.yaml 2021-07-20 12:49:16 +07:00
Sandeep Singh 6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep 414883f719 Update CVE-2020-12054.yaml 2021-07-19 23:55:15 +05:30
sandeep 7d9dbc4aad Update CVE-2020-28188.yaml 2021-07-19 16:41:12 +05:30
GwanYeong Kim edabf1e7ca Create CVE-2020-28188.yaml
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-19 15:13:57 +09:00
Prince Chaddha 75c5a8c68e
Update CVE-2020-17362.yaml 2021-07-19 11:35:47 +05:30
Prince Chaddha c22839b3fd
Update CVE-2020-12054.yaml 2021-07-19 11:35:24 +05:30
sandeep 965e6fcc00 minor update 2021-07-18 23:24:55 +05:30
GwanYeong Kim fb22fd40c5 Create CVE-2020-27866.yaml
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 10:03:38 +09:00
sandeep 048cdff225 Additional matcher 2021-07-17 02:07:26 +05:30
Prince Chaddha 33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Prince Chaddha 4da4ebf224
Merge pull request #2020 from gy741/rule-add-v25
Create CVE-2020-35713.yaml
2021-07-16 17:31:26 +05:30
Prince Chaddha f4f05394e1
Update CVE-2020-35713.yaml 2021-07-16 17:30:35 +05:30
Regala 6aef970258
Update CVE-2020-17362.yaml
Added "nova-lite" matcher; massively reduce false positives.
2021-07-16 12:19:30 +01:00
sandeep 94ae6ea0bf Added tag 2021-07-15 23:47:05 +05:30
sandeep 97dfd43f1e Added tag and removed unsafe 2021-07-15 23:46:08 +05:30
Prince Chaddha b7d2ac2843
Merge pull request #2023 from daffainfo/patch-61
Create CVE-2020-12054.yaml
2021-07-15 17:27:05 +05:30
Prince Chaddha 89112a18d6
Update CVE-2020-12054.yaml 2021-07-15 17:25:22 +05:30
Prince Chaddha 93293c986a
Update CVE-2020-17362.yaml 2021-07-15 17:22:49 +05:30
Muhammad Daffa cb364b16c5
Update CVE-2020-12054.yaml 2021-07-15 18:30:38 +07:00
Muhammad Daffa dc2cf528bd
Create CVE-2020-12054.yaml 2021-07-15 18:27:45 +07:00
Muhammad Daffa 6d3e02ddc1
Create CVE-2020-17362.yaml 2021-07-15 18:14:59 +07:00
GwanYeong Kim f8f9f539ea Create CVE-2020-35713.yaml
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 18:10:11 +09:00
GwanYeong Kim a3699d912a Create CVE-2020-25506.yaml
The exploit targets a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:28:14 +09:00
GwanYeong Kim 67ae44be04 Create CVE-2020-26919.yaml
it was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 10:54:56 +09:00
Sandeep Singh 89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148 2021-07-13 05:01:01 +05:30
Dwi Siswanto a91516cbb5 Misplaced of CVE-2020-24148 2021-07-13 05:24:03 +07:00
Prince Chaddha 7f0f8beff2
Update CVE-2020-29395.yaml 2021-07-11 10:14:56 +05:30
Muhammad Daffa da45bdf0ef
Create CVE-2020-29395.yaml 2021-07-11 07:58:31 +07:00
Ivanov Vladimir 8938010a7a Add CVE-2020-6207.yaml 2021-07-05 20:36:55 +03:00
sandeep f21b239853 misc changes 2021-07-03 15:23:28 +05:30
Sandeep Singh 52e0c861a1
Merge pull request #1733 from milo2012/master
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
sandeep e2a0f93f79 misc updates 2021-07-02 18:24:31 +05:30
sandeep 96fc7bb341 more strict matchers 2021-06-30 03:26:01 +05:30
sandeep d1e4b5c510 minor updates 2021-06-25 10:51:00 +05:30
PikPikcU 19d80d9d0a
Create CVE-2020-3580.yaml 2021-06-24 15:34:19 +00:00
sandeep 3844df9fc8 misc changes 2021-06-21 18:09:16 +05:30
Prince Chaddha 592b2e7222 Update CVE-2020-1938.yaml 2021-06-21 14:28:51 +05:30
Prince Chaddha cb4d12cc8c Moved to cves/2018 2021-06-21 14:20:20 +05:30
Dhiyaneshwaran 8b43919211
Update CVE-2020-11930.yaml 2021-06-21 14:15:45 +05:30
Dhiyaneshwaran 216b484aec
Update CVE-2020-11930.yaml 2021-06-21 14:15:09 +05:30
Dhiyaneshwaran ebc202adcb
Create CVE-2020-11930.yaml 2021-06-21 14:11:20 +05:30
Keith 55b89115aa add CVE-2018-2628 - Oracle WebLogic Server Deserialization RCE 2021-06-21 06:24:33 +08:00
sandeep c7a11cd1b1 Added CVE-2020-11110 2021-06-20 20:00:19 +05:30
Keith e8e5dd5c83 add CVE-2020-1938.yaml - Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability 2021-06-19 21:59:42 +08:00
Prince Chaddha 55c1984a52 Template Moved to cves 2021-06-19 01:58:02 +05:30
Philippe Delteil d25869d764
Update CVE-2020-36289.yaml 2021-06-14 11:50:25 -04:00
sandeep 5c80980915 Added CVE-2020-36289 2021-06-09 21:13:52 +05:30
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep 14fa085d1b more improvements 2021-06-05 12:15:32 +05:30
sandeep 55c0e1b103 Improved matchers for CVE-2020-6287 2021-06-05 10:29:59 +05:30
Sandeep Singh c0103e0b8a
Merge pull request #1608 from Mad-robot/master
Create CVE-2020-6308.yaml
2021-06-05 00:04:56 +05:30
sandeep 83d359f6cf updating tags 2021-06-05 00:02:33 +05:30
sandeep 11cb8b3106 Update CVE-2020-6308.yaml 2021-06-05 00:00:50 +05:30
sandeep 0e3ed049ae misc changes 2021-06-03 23:00:47 +05:30
sandeep bdc803fd4b Added CVE-2020-13927 2021-06-03 14:23:34 +05:30
sandeep 4a0e83037d Update CVE-2020-11978.yaml 2021-06-03 13:58:41 +05:30