Philippe Delteil
8185a0e9c0
Update CVE-2020-2036.yaml
2021-10-02 03:24:29 -03:00
sullo
c0003f8731
Update CVE-2020-29453.yaml
2021-09-30 14:27:12 -04:00
sullo
784d9560be
Fix CVSS score
...
incorrectly changed cvss score
2021-09-30 14:26:37 -04:00
Sullo
3878138bfe
* Added Host headers where needed (validated via disclosures/posts)
...
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
sullo
6b5d52084d
Update cvss/severity for CVE-2020-29453
2021-09-29 10:35:52 -04:00
sandeep
ff1537d7da
fixing tags typos
2021-09-21 15:43:08 +05:30
sandeep
7b23f4ebd4
outdated template cleanups
2021-09-21 14:34:20 +05:30
Sandeep Singh
0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update
2021-09-18 18:19:07 +05:30
GitHub Action
a866f1e777
Auto Generated CVE annotations [Fri Sep 17 11:08:30 UTC 2021] 🤖
2021-09-17 11:08:30 +00:00
Prince Chaddha
7fc3c211d8
Merge pull request #2667 from pikpikcu/patch-268
...
Added Jeesns POC
2021-09-17 16:37:25 +05:30
Prince Chaddha
9357ac4153
Update CVE-2020-19282.yaml
2021-09-17 16:33:45 +05:30
Prince Chaddha
51672dd85d
Update CVE-2020-19295.yaml
2021-09-17 16:32:41 +05:30
Prince Chaddha
ae221b7892
Update CVE-2020-19283.yaml
2021-09-17 16:32:27 +05:30
Prince Chaddha
92014aa363
Update CVE-2020-19295.yaml
2021-09-17 16:31:20 +05:30
sandeep
676b51d20c
Metadata attribute update
2021-09-16 21:24:33 +05:30
GitHub Action
7542ad2c07
Auto Generated CVE annotations [Thu Sep 16 13:05:34 UTC 2021] 🤖
2021-09-16 13:05:34 +00:00
forgedhallpass
d0f5daca61
#276 Replace space character with dash in template ID.
2021-09-16 16:04:04 +03:00
GitHub Action
f19daba616
Auto Generated CVE annotations [Wed Sep 15 12:04:47 UTC 2021] 🤖
2021-09-15 12:04:47 +00:00
Prince Chaddha
f5c71d54e2
Merge pull request #2677 from pikpikcu/patch-278
...
Create CVE-2020-28351.yaml
2021-09-15 17:33:36 +05:30
Prince Chaddha
6539892061
Update CVE-2020-28351.yaml
2021-09-15 17:24:42 +05:30
GitHub Action
18534fa692
Auto Generated CVE annotations [Wed Sep 15 11:53:20 UTC 2021] 🤖
2021-09-15 11:53:20 +00:00
Prince Chaddha
68cdcd3034
Update CVE-2020-24912.yaml
2021-09-15 17:20:24 +05:30
Prince Chaddha
bc1d567455
Update CVE-2020-24912.yaml
2021-09-15 16:50:33 +05:30
Prince Chaddha
86a369132e
Update CVE-2020-24912.yaml
2021-09-15 16:49:18 +05:30
PikPikcU
80072c8e97
Create CVE-2020-28351.yaml
2021-09-15 13:13:50 +07:00
PikPikcU
bb8e0616e9
Create CVE-2020-24912.yaml
2021-09-15 13:00:51 +07:00
PikPikcU
1d63ebfe45
Update CVE-2020-19295.yaml
2021-09-15 11:30:58 +07:00
PikPikcU
c5416951e5
Update CVE-2020-19283.yaml
2021-09-15 11:30:38 +07:00
PikPikcU
4a10930690
Update CVE-2020-19282.yaml
2021-09-15 11:30:18 +07:00
PikPikcU
6985e77e20
Update CVE-2020-19295.yaml
2021-09-15 10:45:24 +07:00
PikPikcU
5fb54fd82e
Update CVE-2020-19283.yaml
2021-09-15 10:45:04 +07:00
PikPikcU
42cf71e956
Create CVE-2020-19295.yaml
2021-09-15 10:41:12 +07:00
PikPikcU
6e09439dec
Create CVE-2020-19283.yaml
2021-09-15 10:37:44 +07:00
PikPikcU
4340807fb6
Create CVE-2020-19282.yaml
2021-09-15 09:56:03 +07:00
sandeep
29a944ea73
payload update
2021-09-12 20:22:03 +05:30
sandeep
e6d97e26c5
additional matcher
2021-09-12 18:31:46 +05:30
Ice3man543
e9f728c321
Added cve annotations + severity adjustments
2021-09-10 16:56:40 +05:30
sandeep
bd24dc198e
Coverage for all templates using tags
2021-09-09 19:08:13 +05:30
Prince Chaddha
90eba9d883
Update CVE-2020-7961.yaml
2021-09-09 11:46:54 +05:30
Prince Chaddha
43b45a7b63
Update CVE-2020-12720.yaml
2021-09-09 11:42:52 +05:30
sandeep
609705f676
removed extra headers not required for template
2021-09-08 17:47:19 +05:30
sullo
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
Sandeep Singh
f6c72769ce
temporary moving to another branch
2021-09-03 22:29:55 +05:30
sandeep
90f8caf302
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481
2021-09-03 14:55:30 +05:30
sandeep
c41a498505
added tags
2021-09-03 12:52:27 +05:30
Prince Chaddha
58a886ad6e
Update CVE-2020-28976.yaml
2021-09-03 09:24:21 +05:30
Borna Nematzadeh
6e7c3ab0a2
Update CVE-2020-28976.yaml
2021-09-02 12:26:10 -07:00
LogicalHunter
f0197ae9ac
Added CVE-2020-28976.yaml Template
2021-09-02 12:13:21 -07:00
Prince Chaddha
3b32de60be
Update CVE-2020-11547.yaml
2021-09-02 18:25:16 +05:30
betul.kiral
5c94814e00
Adding CVE-2020-11547
2021-09-02 14:43:37 +03:00
sandeep
c81725e991
Removed duplicate template
2021-09-01 12:36:20 +05:30
Noam Rathaus
51eb639de8
Updated
2021-08-30 12:49:23 +03:00
Noam Rathaus
86f3c08ba6
Vendor writes it as "NETGEAR"
2021-08-29 09:39:06 +03:00
Noam Rathaus
67fa97aed1
Add vendor KB
2021-08-29 09:36:59 +03:00
socketz
c766a8454d
Fixed yaml linting errors
2021-08-25 14:09:42 +02:00
socketz
f290b9f60d
Deleted duplicate and in wrong directory
2021-08-25 07:55:46 +02:00
sandeep
d705fbd84b
Update CVE-2020-11420.yaml
2021-08-25 00:33:54 +05:30
sandeep
3c95101f5a
Update CVE-2020-11420.yaml
2021-08-25 00:31:27 +05:30
sandeep
65d9d8acb2
lint fix
2021-08-24 23:13:00 +05:30
forgedhallpass
110f9c9ddd
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-24 20:38:11 +03:00
socketz
7d6a6c137a
Added CVE-2020-11420
2021-08-24 14:43:45 +02:00
sandeep
85f8cf2c41
Update CVE-2020-12800.yaml
2021-08-24 05:00:04 +05:30
sandeep
fba4461932
Added CVE-2020-12800
2021-08-24 04:57:51 +05:30
forgedhallpass
296edfc37b
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-23 14:40:33 +03:00
Sandeep Singh
04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update
...
Payloads positional update to keep the request format uniform
2021-08-23 15:26:35 +05:30
sandeep
451e938d46
misc changes
2021-08-23 14:54:04 +05:30
Dwi Siswanto
be3d5c9d08
Add CVE-2020-29453
2021-08-23 11:30:16 +07:00
sandeep
2aa54304ee
Payloads positional update to keep the request format uniform
2021-08-22 23:39:33 +05:30
forgedhallpass
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
sandeep
3f803deb28
more updates
2021-08-20 02:14:42 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass
2a320412bf
Misc (minor)
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:25:01 +03:00
forgedhallpass
97d4f8705b
Fixed mistakes/typos
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass
0b432b341b
Added comments with URLs under the "references" field
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
Prince Chaddha
3a8b5df438
Update CVE-2020-25223.yaml
2021-08-19 16:35:50 +05:30
GwanYeong Kim
673fe80660
Create CVE-2020-25223.yaml
...
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-19 18:37:59 +09:00
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
forgedhallpass
4c920b2552
Rename "references" to "reference" to match the expected template info structure
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
sandeep
63431349aa
minor update
2021-08-10 20:13:14 +05:30
Geeknik Labs
d6bd06a878
Update CVE-2020-24312.yaml
...
Fixes a false positive.
2021-08-09 20:43:58 -05:00
Prince Chaddha
bc236580ee
Merge pull request #1856 from Akokonunes/patch-15
...
Create CVE-2019-9618.yaml
2021-08-07 19:55:08 +05:30
Prince Chaddha
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
Prince Chaddha
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
Prince Chaddha
b927288f30
Update CVE-2020-6637.yaml
2021-08-03 19:25:06 +05:30
Prince Chaddha
107c3594bf
Update CVE-2020-6637.yaml
2021-08-03 13:24:31 +05:30
sandeep
3c03e28e55
Update CVE-2020-7796.yaml
2021-08-03 12:50:22 +05:30
sandeep
d8007437ae
Update CVE-2020-7796.yaml
2021-08-03 12:50:10 +05:30
Prince Chaddha
b02ea3266b
Update CVE-2020-7796.yaml
2021-08-03 12:47:55 +05:30
Prince Chaddha
9620f4616e
Update CVE-2020-7796.yaml
2021-08-03 12:42:56 +05:30
GwanYeong Kim
9c16967fa5
Create CVE-2020-7796.yaml
...
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 09:31:23 +09:00
GwanYeong Kim
8627aadce0
Create CVE-2020-27361.yaml
...
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 01:17:48 +09:00
Prince Chaddha
a3cba3b1e1
Merge pull request #2280 from daffainfo/patch-120
...
Create CVE-2020-35598.yaml
2021-08-02 17:14:38 +05:30
sandeep
a24977aab9
Update CVE-2020-6637.yaml
2021-08-02 01:42:01 +05:30
Noam Rathaus
734dde35cc
Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217
2021-08-01 08:52:30 +03:00
Muhammad Daffa
b826d82268
Create CVE-2020-35598.yaml
2021-08-01 06:40:11 +07:00
Toufik Airane
1cce455f1c
Update CVE-2020-13927.yaml
...
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477 .
According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
2021-07-30 16:40:41 +02:00
Muhammad Daffa
da3ba72db3
Create CVE-2020-11455.yaml
2021-07-29 05:43:07 +07:00
Sandeep Singh
32e18be51a
Merge pull request #2215 from TheConciergeDev/patch-4
...
Renamed yaml file
2021-07-27 17:27:23 +05:30
Prince Chaddha
fdfd4232a5
Merge pull request #2225 from pikpikcu/patch-231
...
Create CVE-2020-26153.yaml
2021-07-27 17:22:04 +05:30
Prince Chaddha
cdb91d44f3
Update CVE-2020-26153.yaml
2021-07-27 17:20:54 +05:30
Prince Chaddha
4a5d374227
Merge pull request #2212 from pikpikcu/patch-220
...
Add Jeedom XSS
2021-07-27 17:18:07 +05:30
Prince Chaddha
142eb2fe3b
Update CVE-2020-9036.yaml
2021-07-27 17:12:32 +05:30
Prince Chaddha
c4e75a7eb5
Merge pull request #2203 from pikpikcu/patch-211
...
Add CVE-2020-27735
2021-07-27 17:08:21 +05:30
PikPikcU
d561a8711d
Create CVE-2020-26153.yaml
2021-07-27 18:19:44 +07:00
Prince Chaddha
d9f20b63e4
Update CVE-2020-27735.yaml
2021-07-27 16:32:50 +05:30
Prince Chaddha
6e7aba2fb9
Update CVE-2020-27735.yaml
2021-07-27 13:55:45 +05:30
Prince Chaddha
4a13112125
Update CVE-2020-27735.yaml
2021-07-27 13:33:41 +05:30
TheConciergeDev
62df9585f9
Renamed yaml file
...
Added missing "-" in filename
2021-07-27 09:28:54 +02:00
PikPikcU
6f91b5d052
Create CVE-2020-9036.yaml
2021-07-27 13:45:01 +07:00
Prince Chaddha
76a39c9ef5
Update CVE 2020-6171.yaml
2021-07-27 11:58:42 +05:30
PikPikcU
751626e435
Update CVE 2020-6171.yaml
2021-07-27 12:24:17 +07:00
PikPikcU
ddc251861f
Create CVE 2020-6171.yaml
2021-07-27 12:21:52 +07:00
Prince Chaddha
caf6bb61c3
Update CVE-2020-27735.yaml
2021-07-27 10:41:08 +05:30
Prince Chaddha
b2f1863fd7
Update CVE-2020-35774.yaml
2021-07-27 10:40:55 +05:30
Prince Chaddha
b75c2dde67
Update CVE-2020-35774.yaml
2021-07-27 10:38:46 +05:30
PikPikcU
326c8265ef
Create CVE-2020-35774.yaml
2021-07-27 10:31:48 +07:00
PikPikcU
f619caf26a
Create CVE-2020-27735.yaml
2021-07-27 10:23:23 +07:00
PikPikcU
96c03d93cc
Update CVE-2020-6637.yaml
2021-07-27 07:38:49 +07:00
PikPikcU
b1dfb89f88
Create CVE-2020-6637.yaml
2021-07-27 07:36:48 +07:00
sandeep
9c66387f0f
More CVEs Template
2021-07-26 22:48:45 +05:30
Sandeep Singh
79c077ddf7
Merge pull request #1874 from Vladimir-Ivanov-Git/CVE-2020-6207
...
CVE-2020-6207 SAP SolMan RCE
2021-07-26 18:26:55 +05:30
Sandeep Singh
8130cd2c3b
Update CVE-2020-6207.yaml
2021-07-26 18:26:19 +05:30
Prince Chaddha
4ee46bf076
Merge pull request #2112 from daffainfo/patch-91
...
Create CVE-2020-35580.yaml
2021-07-26 14:06:50 +05:30
Prince Chaddha
84161bc33e
Update CVE-2020-8813.yaml
2021-07-26 13:27:19 +05:30
GwanYeong Kim
620ff3f367
Create CVE-2020-8813.yaml
...
This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 11:32:23 +09:00
Muhammad Daffa
fed682443e
Update CVE-2020-35580.yaml
2021-07-26 06:55:48 +07:00
GwanYeong Kim
b9fadff659
Create CVE-2020-5307.yaml
...
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-25 11:50:53 +09:00
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Prince Chaddha
f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
...
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
Prince Chaddha
af4081d0ec
Update CVE-2020-29227.yaml
2021-07-24 12:17:56 +05:30
Prince Chaddha
956eb6691f
Update CVE-2020-29227.yaml
2021-07-24 12:16:30 +05:30
Prince Chaddha
f40aca136b
Update CVE-2020-29227.yaml
2021-07-24 12:15:24 +05:30
Prince Chaddha
31f62d59ce
Update CVE-2020-13117.yaml
2021-07-24 11:39:47 +05:30
Prince Chaddha
f60a9ed891
Update CVE-2020-13117.yaml
2021-07-23 15:06:51 +05:30
GwanYeong Kim
7298a0b35d
Create CVE-2020-13117.yaml
...
Several Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may be affected.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 11:14:31 +09:00
Muhammad Daffa
65bddf3e33
Create CVE-2020-29227.yaml
2021-07-20 20:08:18 +07:00
Muhammad Daffa
f7d4a642f1
Create CVE-2020-35580.yaml
2021-07-20 20:02:49 +07:00
Sandeep Singh
ac39bd3284
Merge pull request #2100 from daffainfo/master
...
Renamed CVE-2020-8771.yaml
2021-07-20 11:38:35 +05:30
Sandeep Singh
14beefec28
Update CVE-2020-8771.yaml
2021-07-20 11:35:57 +05:30
sandeep
19fe96bc45
minor improvements and file name update
2021-07-20 11:33:16 +05:30
Muhammad Daffa
d27fb4c3b0
Renamed CVE-2020-8771.yaml
2021-07-20 12:49:16 +07:00
Sandeep Singh
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep
414883f719
Update CVE-2020-12054.yaml
2021-07-19 23:55:15 +05:30
sandeep
7d9dbc4aad
Update CVE-2020-28188.yaml
2021-07-19 16:41:12 +05:30
GwanYeong Kim
edabf1e7ca
Create CVE-2020-28188.yaml
...
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-19 15:13:57 +09:00
Prince Chaddha
75c5a8c68e
Update CVE-2020-17362.yaml
2021-07-19 11:35:47 +05:30
Prince Chaddha
c22839b3fd
Update CVE-2020-12054.yaml
2021-07-19 11:35:24 +05:30
sandeep
965e6fcc00
minor update
2021-07-18 23:24:55 +05:30
GwanYeong Kim
fb22fd40c5
Create CVE-2020-27866.yaml
...
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 10:03:38 +09:00
sandeep
048cdff225
Additional matcher
2021-07-17 02:07:26 +05:30
Prince Chaddha
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Prince Chaddha
4da4ebf224
Merge pull request #2020 from gy741/rule-add-v25
...
Create CVE-2020-35713.yaml
2021-07-16 17:31:26 +05:30
Prince Chaddha
f4f05394e1
Update CVE-2020-35713.yaml
2021-07-16 17:30:35 +05:30
Regala
6aef970258
Update CVE-2020-17362.yaml
...
Added "nova-lite" matcher; massively reduce false positives.
2021-07-16 12:19:30 +01:00
sandeep
94ae6ea0bf
Added tag
2021-07-15 23:47:05 +05:30
sandeep
97dfd43f1e
Added tag and removed unsafe
2021-07-15 23:46:08 +05:30
Prince Chaddha
b7d2ac2843
Merge pull request #2023 from daffainfo/patch-61
...
Create CVE-2020-12054.yaml
2021-07-15 17:27:05 +05:30
Prince Chaddha
89112a18d6
Update CVE-2020-12054.yaml
2021-07-15 17:25:22 +05:30
Prince Chaddha
93293c986a
Update CVE-2020-17362.yaml
2021-07-15 17:22:49 +05:30
Muhammad Daffa
cb364b16c5
Update CVE-2020-12054.yaml
2021-07-15 18:30:38 +07:00
Muhammad Daffa
dc2cf528bd
Create CVE-2020-12054.yaml
2021-07-15 18:27:45 +07:00
Muhammad Daffa
6d3e02ddc1
Create CVE-2020-17362.yaml
2021-07-15 18:14:59 +07:00
GwanYeong Kim
f8f9f539ea
Create CVE-2020-35713.yaml
...
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 18:10:11 +09:00
GwanYeong Kim
a3699d912a
Create CVE-2020-25506.yaml
...
The exploit targets a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:28:14 +09:00
GwanYeong Kim
67ae44be04
Create CVE-2020-26919.yaml
...
it was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 10:54:56 +09:00
Sandeep Singh
89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148
2021-07-13 05:01:01 +05:30
Dwi Siswanto
a91516cbb5
Misplaced of CVE-2020-24148
2021-07-13 05:24:03 +07:00
Prince Chaddha
7f0f8beff2
Update CVE-2020-29395.yaml
2021-07-11 10:14:56 +05:30
Muhammad Daffa
da45bdf0ef
Create CVE-2020-29395.yaml
2021-07-11 07:58:31 +07:00
Ivanov Vladimir
8938010a7a
Add CVE-2020-6207.yaml
2021-07-05 20:36:55 +03:00
sandeep
f21b239853
misc changes
2021-07-03 15:23:28 +05:30
Sandeep Singh
52e0c861a1
Merge pull request #1733 from milo2012/master
...
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
sandeep
e2a0f93f79
misc updates
2021-07-02 18:24:31 +05:30
sandeep
96fc7bb341
more strict matchers
2021-06-30 03:26:01 +05:30
sandeep
d1e4b5c510
minor updates
2021-06-25 10:51:00 +05:30
PikPikcU
19d80d9d0a
Create CVE-2020-3580.yaml
2021-06-24 15:34:19 +00:00
sandeep
3844df9fc8
misc changes
2021-06-21 18:09:16 +05:30
Prince Chaddha
592b2e7222
Update CVE-2020-1938.yaml
2021-06-21 14:28:51 +05:30
Prince Chaddha
cb4d12cc8c
Moved to cves/2018
2021-06-21 14:20:20 +05:30
Dhiyaneshwaran
8b43919211
Update CVE-2020-11930.yaml
2021-06-21 14:15:45 +05:30
Dhiyaneshwaran
216b484aec
Update CVE-2020-11930.yaml
2021-06-21 14:15:09 +05:30
Dhiyaneshwaran
ebc202adcb
Create CVE-2020-11930.yaml
2021-06-21 14:11:20 +05:30
Keith
55b89115aa
add CVE-2018-2628 - Oracle WebLogic Server Deserialization RCE
2021-06-21 06:24:33 +08:00
sandeep
c7a11cd1b1
Added CVE-2020-11110
2021-06-20 20:00:19 +05:30
Keith
e8e5dd5c83
add CVE-2020-1938.yaml - Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability
2021-06-19 21:59:42 +08:00
Prince Chaddha
55c1984a52
Template Moved to cves
2021-06-19 01:58:02 +05:30
Philippe Delteil
d25869d764
Update CVE-2020-36289.yaml
2021-06-14 11:50:25 -04:00
sandeep
5c80980915
Added CVE-2020-36289
2021-06-09 21:13:52 +05:30
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
sandeep
14fa085d1b
more improvements
2021-06-05 12:15:32 +05:30
sandeep
55c0e1b103
Improved matchers for CVE-2020-6287
2021-06-05 10:29:59 +05:30
Sandeep Singh
c0103e0b8a
Merge pull request #1608 from Mad-robot/master
...
Create CVE-2020-6308.yaml
2021-06-05 00:04:56 +05:30
sandeep
83d359f6cf
updating tags
2021-06-05 00:02:33 +05:30
sandeep
11cb8b3106
Update CVE-2020-6308.yaml
2021-06-05 00:00:50 +05:30
sandeep
0e3ed049ae
misc changes
2021-06-03 23:00:47 +05:30
sandeep
bdc803fd4b
Added CVE-2020-13927
2021-06-03 14:23:34 +05:30
sandeep
4a0e83037d
Update CVE-2020-11978.yaml
2021-06-03 13:58:41 +05:30