sandeep
0ef2106a6e
Improved template
2021-08-19 23:34:16 +05:30
Sandeep Singh
0bef05c541
Merge pull request #793 from pikpikcu/patch-40
...
resin information disclosure
2021-08-19 23:15:42 +05:30
Sandeep Singh
ab824564d3
minor updates
2021-08-19 23:11:29 +05:30
Sandeep Singh
1247fcd993
Update vulnerabilities/other/caucho-resin-info-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-19 23:09:26 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass
002e8db616
Moved the "vendor" custom attribute under reference
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:00:46 +03:00
forgedhallpass
97d4f8705b
Fixed mistakes/typos
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass
0b432b341b
Added comments with URLs under the "references" field
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass
e68d15ab63
Fixed mistakes/typos in the templates.
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
Prince Chaddha
bc1bf5d919
Create comtrend-ct5367-disclosure.yaml
2021-08-19 14:47:44 +05:30
Prince Chaddha
f8a8968408
Revert "Create comtrend-ct5367-disclosure.yaml"
...
This reverts commit 33ea2d360c
.
2021-08-19 14:46:35 +05:30
Prince Chaddha
33ea2d360c
Create comtrend-ct5367-disclosure.yaml
2021-08-19 14:45:37 +05:30
Sandeep Singh
ab0750b570
minor update
2021-08-19 00:43:44 +05:30
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha
dd1bbe6093
Revert "Delete netgear-router-disclosure.yaml"
...
This reverts commit 3b969e7e0d
.
2021-08-18 17:02:08 +05:30
Prince Chaddha
3b969e7e0d
Delete netgear-router-disclosure.yaml
2021-08-18 16:59:49 +05:30
forgedhallpass
4c920b2552
Rename "references" to "reference" to match the expected template info structure
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha
0a0b5c7f74
Update netgear-router-disclosure.yaml
2021-08-18 16:56:56 +05:30
Prince Chaddha
d07323e0be
Create netgear-router-disclosure.yaml
2021-08-18 16:44:28 +05:30
Prince Chaddha
af15e4817f
Update netgear-router-auth-bypass.yaml
2021-08-18 16:42:34 +05:30
Prince Chaddha
067c9a8755
Create xmlrpc-pingback-ssrf.yaml
2021-08-18 16:39:22 +05:30
Prince Chaddha
fe1e7d36fb
Merge pull request #2429 from Mad-robot/patch-3
...
Create geovision-geowebserver-lfi.yaml
2021-08-18 16:19:49 +05:30
Prince Chaddha
0731a772d4
Update geovision-geowebserver-lfi.yaml
2021-08-18 16:18:12 +05:30
Prince Chaddha
1db2715a06
Update geovision-geowebserver-xss.yaml
2021-08-18 14:51:23 +05:30
Prince Chaddha
eeb284a7ec
Update geovision-geowebserver-xss.yaml
2021-08-18 14:48:34 +05:30
SaN ThosH
db4073d2b5
Update geovision-geowebserver-lfi.yaml
2021-08-18 03:54:30 +05:30
SaN ThosH
d5748c95fc
Create geovision-geowebserver-lfi.yaml
2021-08-18 03:50:45 +05:30
SaN ThosH
0c24cc2f74
Create geovision-geowebserver-xss.yaml
2021-08-18 03:50:39 +05:30
Prince Chaddha
f60cef447b
Update generic-blind-xxe.yaml
2021-08-17 22:57:34 +05:30
Prince Chaddha
727e73c5c3
Create solar-log-authbypass.yaml
2021-08-17 18:02:41 +05:30
Prince Chaddha
c39f0e2077
Create generic-blind-xxe.yaml
2021-08-17 17:18:52 +05:30
Sandeep Singh
59b2aeda40
Merge pull request #2420 from geeknik/patch-18
...
Update twig-php-ssti.yaml
2021-08-17 17:12:00 +05:30
sandeep
c2f87671fb
strict matcher
2021-08-17 15:52:22 +05:30
sandeep
03cd55a33f
severity update based on poc
...
We will update this again as per assigned CVE which is not available right now?
2021-08-17 15:02:47 +05:30
sandeep
4a5137b742
more tags
2021-08-17 15:00:30 +05:30
sandeep
e8c3a1f9c7
Additional matchers update
2021-08-17 15:00:05 +05:30
Sanyam Chawla
5072dbbcbb
Create ms-exchange-server-reflected-xss.yaml
2021-08-17 13:55:38 +05:30
Geeknik Labs
3b9fb75fcb
Update twig-php-ssti.yaml
...
Another FP fix
2021-08-16 15:30:23 -05:00
Geeknik Labs
d52c97c569
Update twig-php-ssti.yaml
...
False positive fix
2021-08-16 15:28:13 -05:00
Prince Chaddha
970bdb3ac7
Update pmb-directory-traversal.yaml
2021-08-16 16:43:47 +05:30
Prince Chaddha
d45887f9f9
Delete node-nunjucks-ssti.yaml
2021-08-16 16:41:58 +05:30
Prince Chaddha
d3a379e112
Update eyelock-nano-lfd.yaml
2021-08-16 16:40:42 +05:30
Prince Chaddha
af4f29ab03
Update beward-ipcamera-disclosure.yaml
2021-08-16 16:37:34 +05:30
Prince Chaddha
4e498a6478
Create pmb-directory-traversal.yaml
2021-08-16 16:14:02 +05:30
Prince Chaddha
451823f887
Create node-nunjucks-ssti.yaml
2021-08-16 16:13:27 +05:30
Prince Chaddha
c6927262eb
Create eyelock-nano-lfd.yaml
2021-08-16 16:12:45 +05:30
Prince Chaddha
232b187a40
Create beward-ipcamera-disclosure.yaml
2021-08-16 16:11:44 +05:30
sandeep
3ac7a756fc
Added woocommerce-pdf-invoice-listing
2021-08-16 15:37:07 +05:30
Prince Chaddha
b3d27f3d0c
Merge pull request #2407 from DhiyaneshGeek/master
...
Oracle XSS
2021-08-16 14:14:20 +05:30
Prince Chaddha
610924d55b
Update oracle-siebel-xss.yaml
2021-08-16 14:12:49 +05:30
Prince Chaddha
2875be2d82
Update simple-crm-sql-injection.yaml
2021-08-16 14:06:18 +05:30
Prince Chaddha
bd865a0615
Update simple-crm-sql-injection.yaml
2021-08-16 14:03:41 +05:30
Prince Chaddha
2a448b52db
Update simple-crm-sql-injection.yaml
2021-08-16 14:03:09 +05:30
Geeknik Labs
cacb2ff684
Update simple-crm-sql-injection.yaml
2021-08-15 15:28:00 -05:00
Geeknik Labs
9fb1b464b4
Create simple-crm-sql-injection.yaml
2021-08-15 15:23:38 -05:00
Dhiyaneshwaran
cceb32a88b
Create oracle-siebel-xss.yaml
2021-08-15 23:18:13 +05:30
Prince Chaddha
7bce4fbb26
Update netis-info-leak.yaml
2021-08-14 16:00:00 +05:30
Prince Chaddha
edffa49ca4
Update netis-info-leak.yaml
2021-08-14 15:53:30 +05:30
GwanYeong Kim
5b81af7ab4
Create netis-info-leak.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-13 13:34:28 +09:00
sandeep
df65ba694b
Update ewebs-arbitrary-file-reading.yaml
2021-08-12 18:19:22 +05:30
PikPikcU
65ed503022
Create ewebs-arbitrary-file-reading.yaml
2021-08-12 18:41:02 +07:00
Sandeep Singh
5ca0a70f3e
Merge pull request #2372 from projectdiscovery/buffalo
...
Added CVE-2021-20090 / CVE-2021-20091 / CVE-2021-20092
2021-08-12 16:07:45 +05:30
Prince Chaddha
0875847c7d
Merge pull request #2374 from gy741/rule-add-v54
...
Create sar2html-rce.yaml
2021-08-12 15:06:13 +05:30
Prince Chaddha
cfc534af89
Update sar2html-rce.yaml
2021-08-12 15:03:49 +05:30
sandeep
98a07bd594
Added unauth config injection
2021-08-12 14:12:20 +05:30
Prince Chaddha
6ac4da7993
Merge branch 'master' into corsmisc
2021-08-11 13:17:10 +05:30
Prince Chaddha
b466fce758
Update basic-cors.yaml
2021-08-11 13:15:04 +05:30
Prince Chaddha
5ac272597b
Delete cors-misconfig.yaml
2021-08-11 13:14:04 +05:30
Prince Chaddha
cb94b58009
Update basic-cors.yaml
2021-08-11 13:13:45 +05:30
Prince Chaddha
d49dc5f9d4
Update top-xss-params.yaml
2021-08-11 13:08:49 +05:30
Prince Chaddha
c576f4317b
Update open-redirect.yaml
2021-08-11 13:08:24 +05:30
Prince Chaddha
efa7319d40
Update generic-windows-lfi.yaml
2021-08-11 13:08:11 +05:30
Prince Chaddha
57b8d89815
Update generic-linux-lfi.yaml
2021-08-11 13:08:00 +05:30
Prince Chaddha
cbfe76f33f
Update error-based-sql-injection.yaml
2021-08-11 13:07:46 +05:30
Prince Chaddha
aa0b195c99
Update crlf-injection.yaml
2021-08-11 13:07:36 +05:30
Prince Chaddha
2165418c59
Update cache-poisoning.yaml
2021-08-11 13:07:27 +05:30
Prince Chaddha
4d4ae2edd2
Update basic-xss-prober.yaml
2021-08-11 13:07:17 +05:30
Prince Chaddha
791472aa2b
Update basic-cors.yaml
2021-08-11 13:07:05 +05:30
GwanYeong Kim
0d2b53e71d
Create sar2html-rce.yaml
...
SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-11 14:11:25 +09:00
sandeep
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
G4L1T0
a44324ec2f
updatev2 cors-misconfig.yaml
2021-08-09 11:57:37 -03:00
G4L1T0
e98fb7179e
update cors-misconfig.yaml
2021-08-09 11:56:37 -03:00
Noam Rathaus
a806149864
Spelling
2021-08-09 16:31:00 +03:00
Noam Rathaus
864b209cc1
Add reference
2021-08-09 16:10:10 +03:00
Noam Rathaus
3651410d37
Provide description
2021-08-09 16:08:19 +03:00
Sandeep Singh
210c57768d
Merge pull request #2193 from gy741/rule-add-v42
...
Create kevinlab-hems-backdoor.yaml
2021-08-08 13:56:56 +05:30
Sandeep Singh
3918071875
Merge pull request #2348 from Akokonunes/patch-25
...
Create grimag-open-redirect.yaml
2021-08-08 12:38:24 +05:30
sandeep
d7b8760231
minor update
2021-08-08 12:29:11 +05:30
sandeep
4c057dcb1e
minor update
2021-08-08 12:26:34 +05:30
sandeep
a7dcd3f317
added more tags
2021-08-08 00:27:18 +05:30
sandeep
3b6d6322ea
Additional matcher
2021-08-08 00:22:55 +05:30
sandeep
e690901c86
minor update
2021-08-08 00:20:56 +05:30
Sandeep Singh
0ee60c4a3e
Merge pull request #2197 from mesaglio/master
...
Detect azure directory traversal hosts file
2021-08-07 23:15:29 +05:30
sandeep
318aa4736e
misc update
2021-08-07 23:04:27 +05:30
sandeep
2233ebf3f1
moving files around
2021-08-07 23:02:17 +05:30
sandeep
ca9efec5c0
tag update
2021-08-07 15:00:29 +05:30
Dhiyaneshwaran
afcbd374a9
Create sap-redirect.yaml
2021-08-07 11:31:58 +05:30
sandeep
5cddd4312b
Adding additional steps to make it work
2021-08-06 23:30:34 +05:30
PikPikcU
57624f3d25
Create ruijie-eg-rce.yaml
2021-08-06 17:04:32 +07:00
Prince Chaddha
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
Prince Chaddha
c581a94bf4
Merge pull request #2318 from gy741/rule-add-v50
...
Create longjing-technology-bems-api-lfi.yaml
2021-08-03 19:56:57 +05:30
Prince Chaddha
28d568b88c
Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml
2021-08-03 19:55:25 +05:30
Prince Chaddha
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
GwanYeong Kim
5fb6332bd9
Create longjing-technology-bems-api-lfi.yaml
...
The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 21:52:14 +09:00
Prince Chaddha
ea1ae20a82
Create zimbra-preauth-ssrf.yaml
2021-08-03 12:52:56 +05:30
Prince Chaddha
2491a6a4b7
Merge pull request #2227 from Udyz/patch-5
...
Create hasura-graphql-sql-exec.yaml
2021-08-02 22:25:31 +05:30
Prince Chaddha
4e976706b8
Update hasura-graphql-psql-exec.yaml
2021-08-02 22:18:41 +05:30
Prince Chaddha
204cf337c8
Update hasura-graphql-psql-exec.yaml
2021-08-02 22:15:52 +05:30
Prince Chaddha
6102421e22
Update hasura-graphql-ssrf.yaml
2021-08-02 22:03:12 +05:30
Prince Chaddha
03077a9ca2
Update tikiwiki-reflected-xss.yaml
2021-08-02 21:44:48 +05:30
Prince Chaddha
9f8d31200f
Merge pull request #2263 from pdelteil/patch-35
...
Create jenkins-script.yaml
2021-08-02 20:59:12 +05:30
Prince Chaddha
451aca42f9
Update jenkins-script.yaml
2021-08-02 20:57:19 +05:30
Noam Rathaus
493acb8afe
Description
2021-08-02 14:30:22 +03:00
sandeep
e896a8982d
misc updates
2021-08-02 12:53:35 +05:30
GwanYeong Kim
27eef8c1a9
Create zhiyuan-file-upload.yaml
...
Zhiyuan OA is a set of office coordinating management software. Recently, Qianxin CERT monitors the relevant vulnerability information of the long OA. Since there is an unauthorized access in some interfaces, and some functions are insufficient, the attacker can upload malicious script files without logging in, so that there is no need to log in. Zhiyuan OA official has provided patches for this vulnerability. In view of the large vulnerability harm, it is recommended that users apply patch updates as soon as possible.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 11:07:14 +09:00
sandeep
aa336ed979
matcher update
2021-07-31 23:08:46 +05:30
Sandeep Singh
918a6deead
Merge pull request #2265 from pussycat0x/master
...
zabbix-dashboards-access
2021-07-30 02:37:02 +05:30
sandeep
0d7dfa1713
Update wp-upload-data.yaml
2021-07-30 02:36:18 +05:30
Philippe Delteil
147ac0143a
Create jenkins-script.yaml
2021-07-29 12:29:05 -04:00
Philippe Delteil
1f6a6a8764
Update jenkins-stack-trace.yaml
...
file name = template id.
2021-07-29 02:50:35 -04:00
Prince Chaddha
6d205308ea
Merge pull request #2239 from pikpikcu/patch-236
...
Add Bitrix Open redirect
2021-07-29 00:16:19 +05:30
Prince Chaddha
49efd9fa07
Update bitrix-open-redirect.yaml
2021-07-29 00:13:15 +05:30
Prince Chaddha
576b42b412
Update wp-upload-data.yaml
2021-07-29 00:09:11 +05:30
pussycat0x
7038617c86
Add files via upload
2021-07-28 23:56:51 +05:30
Philippe Delteil
4b7080333a
Rename unauthenticated-jenkin-dashboard.yaml to unaunthenticated-jenkin.yaml
...
id - name file consistency
2021-07-28 01:17:18 -04:00
PikPikcU
783550d003
Update bitrix-open-redirect.yaml
2021-07-28 08:38:48 +07:00
PikPikcU
72fcdc20bf
Create bitrix-open-redirect.yaml
2021-07-28 08:37:25 +07:00
lulz
0c68ef5f66
Rename raw-psql-warp.yaml to hasura-graphql-psql-exec.yaml
2021-07-27 23:25:36 +07:00
lulz
0706823399
Update raw-psql-warp.yaml
2021-07-27 23:23:55 +07:00
lulz
5c931f8d00
Update raw-psql-warp.yaml
2021-07-27 22:12:41 +07:00
lulz
2219ab607e
Create raw-psql-warp.yaml
2021-07-27 21:57:59 +07:00
Prince Chaddha
9f28ff8f9b
Update qcubed-xss.yaml
2021-07-27 11:57:30 +05:30
PikPikcU
a2fc63b7ac
Create qcubed-xss.yaml
2021-07-27 13:06:30 +07:00
PikPikcU
72c038bbf1
Update opensis-lfi.yaml
2021-07-27 08:07:21 +07:00
PikPikcU
29e399df87
Create opensis-lfi.yaml
2021-07-27 07:43:02 +07:00
juan mesaglio
5d5dafc6e7
Detect azure directory traversal hosts file
2021-07-26 20:12:26 -03:00
GwanYeong Kim
eadc9b4dac
Create kevinlab-hems-backdoor.yaml
...
The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 02:48:31 +09:00
Prince Chaddha
833ae4ae48
Merge pull request #1083 from pikpikcu/patch-123
...
Create dedecms-membergroup-sqli
2021-07-26 18:02:27 +05:30
Prince Chaddha
86989129d1
Update netgear-wnap320-rce.yaml
2021-07-26 13:38:38 +05:30
GwanYeong Kim
c72190c4bf
Create netgear-wnap320-rce.yaml
...
vulnerabilities in the web-based management interface of Netgear WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 08:35:22 +09:00
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Prince Chaddha
2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
...
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
Prince Chaddha
bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
...
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
Prince Chaddha
ac45802ef5
Update kevinlab-bems-sqli.yaml
2021-07-24 12:10:46 +05:30
Prince Chaddha
2631f55550
Update kevinlab-bems-backdoor.yaml
2021-07-24 12:07:27 +05:30
Prince Chaddha
9a46592f71
Update kevinlab-bems-sqli.yaml
2021-07-24 11:59:35 +05:30
Prince Chaddha
87b4c2e98b
Update kevinlab-bems-sqli.yaml
2021-07-24 11:47:05 +05:30
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
9617bc5815
matcher update
2021-07-24 03:25:22 +05:30
sandeep
47ea40bc55
Update kevinlab-bems-backdoor.yaml
2021-07-24 03:17:53 +05:30
Sandeep Singh
b346584002
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:25:13 +05:30
Sandeep Singh
1909e3f628
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:37 +05:30
Sandeep Singh
59f90ffffa
Merge pull request #2150 from pussycat0x/master
...
New templates added
2021-07-24 00:09:43 +05:30
sandeep
79e15e7123
Update wordpress-wpcourses-info-disclosure.yaml
2021-07-24 00:07:50 +05:30
sandeep
43dccef185
generic improvements
2021-07-24 00:06:13 +05:30
sandeep
97aa239d52
Merge branch 'master' of https://github.com/pussycat0x/nuclei-templates into pr/2037
2021-07-24 00:00:55 +05:30
sandeep
3960d1f295
strict matchers
2021-07-23 23:59:54 +05:30
Sandeep Singh
38c2b6d4a9
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:58 +05:30
Sandeep Singh
bdfee95603
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:33 +05:30
Sandeep Singh
6ebd1a36e0
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:28 +05:30
Sandeep Singh
edc62d15a4
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:20 +05:30
Sandeep Singh
5170f4962b
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:14 +05:30
Sandeep Singh
1feaaded28
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:26 +05:30
Sandeep Singh
750a86c500
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:14 +05:30
Sandeep Singh
04b71d9335
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:06 +05:30
Sandeep Singh
b82ac4b3fc
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:40:56 +05:30
sandeep
28d7d26953
Update wp-sfwd-lms-listing.yaml
2021-07-23 23:39:46 +05:30
Prince Chaddha
ca49fb21c7
Merge pull request #2154 from pdelteil/patch-25
...
Update coldfusion-debug-xss.yaml
2021-07-23 20:54:31 +05:30
Prince Chaddha
2dfa3d2e82
Update visual-tools-dvr-rce.yaml
2021-07-23 20:46:49 +05:30
Prince Chaddha
1dd4e3c846
Update visual-tools-dvr-rce.yaml
2021-07-23 15:15:23 +05:30
GwanYeong Kim
2c77510faa
Create visual-tools-dvr-rce.yaml
...
vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 08:47:29 +09:00
Philippe Delteil
abacdafb4f
Update coldfusion-debug-xss.yaml
...
The term adobe is more general than coldfusion. Since Coldfusion is a product of Adobe.
2021-07-22 19:44:57 -04:00
pussycat0x
d3ff29daaa
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:13 +05:30
pussycat0x
6987e1ffee
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:05 +05:30
pussycat0x
eac08288e8
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:33 +05:30
pussycat0x
05846a34c7
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:13 +05:30
pussycat0x
a81e3b53cb
Add files via upload
2021-07-22 19:42:25 +05:30
GwanYeong Kim
69db0862ee
Create kevinlab-bems-backdoor.yaml
...
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 22:13:00 +09:00
GwanYeong Kim
a4ec6a2b11
Create kevinlab-bems-sqli.yaml
...
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 21:46:18 +09:00
Prince Chaddha
5455222476
Merge pull request #2140 from pussycat0x/master
...
New templates added
2021-07-22 17:53:25 +05:30
Prince Chaddha
c17763ac20
Update and rename wp-plugineasy-media-gallery-pro-listing.yaml to easy-media-gallery-pro-listing.yaml
2021-07-22 17:45:43 +05:30
pussycat0x
f00f5eeaa9
Add files via upload
2021-07-22 08:04:21 +05:30
Prince Chaddha
111da22943
Update dedecms-membergroup-sqli.yaml
2021-07-21 18:34:37 +05:30
Prince Chaddha
403a73d1c7
Merge pull request #1085 from pikpikcu/patch-125
...
Create dedecms-carbuyaction-fileinclude.yaml
2021-07-21 18:27:45 +05:30
Prince Chaddha
f5fc07dd72
Merge pull request #1581 from pikpikcu/patch-168
...
Create hiboss-rce
2021-07-21 18:27:38 +05:30
Prince Chaddha
08541f08c4
Update dedecms-carbuyaction-fileinclude.yaml
2021-07-21 18:26:36 +05:30
Prince Chaddha
00ce088daf
Merge pull request #1334 from projectdiscovery/princechaddha-patch-3
...
Create sangfor-edr-auth-bypass.yaml
2021-07-21 18:18:08 +05:30
Prince Chaddha
8d953c45ea
Update sangfor-edr-auth-bypass.yaml
2021-07-21 18:14:42 +05:30
Prince Chaddha
da1ef3b031
Merge pull request #1568 from pikpikcu/patch-166
...
Create h3c-imc-rce
2021-07-21 18:11:11 +05:30
Dhiyaneshwaran
08f160f0e2
Create nginx-merge-slashes-path-traversal.yaml
2021-07-21 13:46:40 +05:30
GwanYeong Kim
16750fd9a2
Create magicflow-lfi.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-21 14:18:00 +09:00
Muhammad Daffa
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
sandeep
13e5528c46
duplicate update
2021-07-20 11:40:23 +05:30
Muhammad Daffa
d27fb4c3b0
Renamed CVE-2020-8771.yaml
2021-07-20 12:49:16 +07:00
sandeep
4dbf36813d
removing duplicate template
2021-07-20 00:43:39 +05:30
Sandeep Singh
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30