Commit Graph

365 Commits (77969e95cc50f7a3f28482359c2df3f5532e0d3f)

Author SHA1 Message Date
sandeep 41be58c633 misc update 2021-10-22 15:09:15 +05:30
Sandeep Singh a21cec6362
Merge pull request #2844 from projectdiscovery/more-fixes
Changes to adopt v2.5.3 engine
2021-10-21 07:21:20 +05:30
Sandeep Singh df54ed28f7
Merge pull request #2942 from projectdiscovery/CVE-2019-2729
Added CVE-2019-2729 (Oracle WebLogic  RCE)
2021-10-21 05:42:29 +05:30
sandeep 323da341b2 Added CVE-2019-2729 (Oracle WebLogic RCE) 2021-10-21 05:37:30 +05:30
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
sandeep a614391d3f Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into more-fixes 2021-10-18 03:14:44 +05:30
Philippe Delteil 794dfb0bbe
Update CVE-2019-6340.yaml
Solves cases when the source code contains only uid= and gid=  (e.g. https://account.mail.ru)

``nuclei -debug -t ~/nuclei-templates/cves/2019/CVE-2019-6340.yaml -u https://account.mail.ru``
2021-10-15 04:01:39 -03:00
Sandeep Singh 9273a765c0
Merge branch 'master' into more-fixes 2021-10-13 13:48:52 +05:30
sandeep 5072932509 more updates 2021-10-10 06:43:30 +05:30
sandeep 1bdafa4474 Added missing condition for CVE-2019-18818 2021-10-08 19:28:24 +05:30
Sullo c9a374bed5 renamed: simple-employee-rce.yaml -> ../../cves/2019/CVE-2019-20183.yaml 2021-09-30 13:06:46 -04:00
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts)
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
sandeep 1c613882f8 Added missing cve tags 2021-09-21 16:17:16 +05:30
sandeep ff1537d7da fixing tags typos 2021-09-21 15:43:08 +05:30
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
GitHub Action 0dd6d4a6b4 Auto Generated CVE annotations [Thu Sep 16 16:58:29 UTC 2021] 🤖 2021-09-16 16:58:29 +00:00
Prince Chaddha cc9b5ea32e
Merge pull request #2678 from pikpikcu/patch-279
Create CVE-2019-13392.yaml
2021-09-16 22:27:05 +05:30
Prince Chaddha 4984b42e66
Update CVE-2019-7543.yaml 2021-09-16 21:28:19 +05:30
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
PikPikcU df64158ca6
Create CVE-2019-7543.yaml 2021-09-16 10:35:05 +07:00
Prince Chaddha 9e090c8098
Update CVE-2019-13392.yaml 2021-09-15 17:32:32 +05:30
PikPikcU bc6470a65a
Create CVE-2019-13392.yaml 2021-09-15 14:10:34 +07:00
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
Prince Chaddha ed33f5172f
Merge pull request #2581 from Akokonunes/patch-30
Create CVE-2019-11013.yaml
2021-09-06 17:29:15 +05:30
Prince Chaddha 6563f9be81
Update CVE-2019-11013.yaml 2021-09-06 16:56:14 +05:30
Prince Chaddha f6e52a6739
Merge pull request #2585 from sullo/master
Updates across many templates for clarity, spelling, and grammar.
2021-09-06 15:02:52 +05:30
Prince Chaddha 861af1bdc8
Update and rename CVE-2019-7275.yaml to cves/2019/CVE-2019-7275.yaml 2021-09-06 14:39:22 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Prince Chaddha d3a88548e5
Update and rename CVE-2019-11013.yaml to cves/2019/CVE-2019-11013.yaml 2021-09-05 19:23:17 +05:30
sandeep 17d55f7a17 misc update 2021-09-05 15:51:47 +05:30
sandeep b7a0587768 Update CVE-2019-18818.yaml 2021-09-04 13:59:56 +05:30
idealphase 2b3851204b
Merge branch 'projectdiscovery:master' into master 2021-09-04 14:09:13 +07:00
idealphase 226d48db4c
Update CVE-2019-18818.yaml
Added matchers header
2021-09-04 14:07:24 +07:00
idealphase f1e770fc06
Added CVE-2019-18818
Added CVE-2019-18818
2021-09-04 14:00:28 +07:00
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
Prince Chaddha 182511566d
Merge pull request #2503 from LogicalHunter/temp-5
Added CVE-2019-17503.yaml Template
2021-08-31 12:08:19 +05:30
Prince Chaddha b27bdcab41
Update CVE-2019-17503.yaml 2021-08-31 12:00:11 +05:30
sandeep be7aca060c Update CVE-2019-15889.yaml 2021-08-30 23:52:12 +05:30
Noam Rathaus 65497ce696 Description and reference 2021-08-30 12:47:31 +03:00
Prince Chaddha 30d762883b
Update CVE-2019-17503.yaml 2021-08-29 17:57:29 +05:30
Noam Rathaus 61ca2a3b56 Make description better 2021-08-29 09:32:10 +03:00
LogicalHunter e974732b38 Added CVE-2019-17503.yaml Template 2021-08-28 02:51:21 -07:00
forgedhallpass 419a957409 Fixing errors in templates
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
forgedhallpass a4250b8f2f Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-26 15:04:14 +03:00
socketz ed76585ed6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-08-25 14:33:32 +02:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
sandeep 0276758096 minor update 2021-08-25 01:37:17 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
sandeep 20eecc57de Update CVE-2019-15501.yaml 2021-08-24 17:13:37 +05:30
Prince Chaddha b87f540da6
Merge pull request #2474 from LogicalHunter/temp-2
Added CVE-2019-15501.yaml Template
2021-08-24 17:09:04 +05:30
Prince Chaddha d9cdbb4e97
Update CVE-2019-15501.yaml 2021-08-24 17:07:33 +05:30
sandeep b1fdcd003e Update CVE-2019-8937.yaml 2021-08-24 16:52:44 +05:30
Prince Chaddha 03d1abe23b
Update CVE-2019-8937.yaml 2021-08-24 16:26:03 +05:30
Prince Chaddha 7592638ece
Update CVE-2019-8937.yaml 2021-08-24 16:01:12 +05:30
LogicalHunter ae800b1ab1 Added CVE-2019-15501.yaml Template 2021-08-23 18:15:08 -07:00
LogicalHunter 21ca2234d2 Added CVE-2019-8937.yaml Template 2021-08-23 17:27:13 -07:00
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update
Payloads positional update to keep the request format uniform
2021-08-23 15:26:35 +05:30
sandeep 451e938d46 misc changes 2021-08-23 14:54:04 +05:30
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
sandeep 722646d37e strict matchers 2021-08-21 02:44:16 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass e68d15ab63 Fixed mistakes/typos in the templates.
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha f0acc877a8
Update CVE-2019-16313.yaml 2021-08-16 15:50:28 +05:30
PikPikcU 73f37aa7c5
Create CVE-2019-16313.yaml 2021-08-14 18:37:50 +07:00
PikPikcU 45a46dad92
Update CVE-2019-20085.yaml 2021-08-14 18:22:17 +07:00
sandeep f3a758c461 removing extra headers 2021-08-12 18:42:02 +05:30
sandeep 189f62a96f Update CVE-2019-7238.yaml 2021-08-12 18:21:19 +05:30
PikPikcU 1d8ed811d3
Create CVE-2019-7238.yaml 2021-08-12 19:30:35 +07:00
Prince Chaddha d2fdd5096d
Update CVE-2019-12616.yaml 2021-08-12 15:07:48 +05:30
Prince Chaddha 6096bc4db7
Update CVE-2019-12616.yaml 2021-08-11 16:38:30 +05:30
Philippe Delteil 8c1050256f
Update CVE-2019-12616.yaml
I don't know why the matcher was changed. The matcher phpmyadmin.net doesn't work in my test cases.
2021-08-09 17:35:43 -04:00
sandeep 4f0a3510fa matcher update 2021-08-09 23:51:31 +05:30
sandeep 8c48ca97d2 matcher + payload + regex updates 2021-08-09 21:58:28 +05:30
sandeep c0db649278 Added CVE-2019-0193 - Apache Solr - DataImportHandler RCE 2021-08-09 21:57:30 +05:30
sandeep 63595cad63 Update CVE-2019-12616.yaml 2021-08-08 12:20:47 +05:30
sandeep 5d51c6235d Update CVE-2019-12616.yaml 2021-08-08 12:20:24 +05:30
Philippe Delteil 78cca01d07
Update CVE-2019-12616.yaml
regex matching condition to match all vulnerable versions. 
With 401 we could find instances behind htaccess protection. 
Added a version extractor also.
2021-08-07 18:59:05 -04:00
Sandeep Singh 454e11f6c4
Merge pull request #2271 from pikpikcu/patch-240
Update JIRA SSRF
2021-08-02 01:31:27 +05:30
sandeep f5982c5d28 Update CVE-2019-8451.yaml 2021-08-02 01:30:00 +05:30
sandeep 5023dd6f9c Update CVE-2019-8451.yaml 2021-08-02 01:27:40 +05:30
Sandeep Singh c7778257c3
Update CVE-2019-8451.yaml 2021-08-02 01:22:49 +05:30
Sandeep Singh 56d3a2f1bd
Merge pull request #2284 from pikpikcu/patch-242
Update CVE-2019-0221
2021-08-02 01:17:36 +05:30
Noam Rathaus 03dfb4bff6 More references 2021-08-01 09:16:33 +03:00
Noam Rathaus ac70ba03c7 description and reference 2021-08-01 09:12:12 +03:00
Noam Rathaus 21b17993be Better references 2021-08-01 09:10:14 +03:00
PikPikcU 0653fdc498
Update CVE-2019-0221.yaml 2021-08-01 09:43:53 +07:00
Prince Chaddha 8246b2356c
Update CVE-2019-12276.yaml 2021-07-31 08:58:19 +05:30
sandeep ff344b0e49 Update CVE-2019-8451.yaml 2021-07-30 17:35:48 +05:30
PikPikcU 5bf63d1811
Update JIRA SSRF 2021-07-30 18:50:31 +07:00
Muhammad Daffa 189f59ba9d
Create CVE-2019-12276.yaml 2021-07-30 05:49:59 +07:00
Muhammad Daffa 3a3ccf0ba2
Create CVE-2019-14312.yaml 2021-07-28 09:04:19 +07:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
sandeep 13e5528c46 duplicate update 2021-07-20 11:40:23 +05:30
Sandeep Singh 6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep 2d6198ba04 Updated payload + matcher 2021-07-19 18:13:09 +05:30
Prince Chaddha aff7f7fa64
Update CVE-2019-19134.yaml 2021-07-19 11:34:59 +05:30
Prince Chaddha 5dce5e078e
Update CVE-2019-16525.yaml 2021-07-19 11:34:07 +05:30
Prince Chaddha 5b1766e10b
Update CVE-2019-16332.yaml 2021-07-19 11:33:40 +05:30
Prince Chaddha bf0aff7579
Update CVE-2019-15713.yaml 2021-07-19 11:32:53 +05:30
sandeep e848640e9d Added CVE-2019-12616 2021-07-16 23:27:01 +05:30
Prince Chaddha 829507fd1e
Update CVE-2019-20085.yaml 2021-07-16 17:58:51 +05:30
Prince Chaddha 379345fc05
Update CVE-2019-20085.yaml 2021-07-16 17:57:49 +05:30
Muhammad Daffa f857247e84
Create CVE-2019-20085.yaml 2021-07-16 19:17:49 +07:00
Prince Chaddha 833306ad86
Merge pull request #2025 from daffainfo/patch-63
Create CVE-2019-16525.yaml
2021-07-16 17:44:09 +05:30
Prince Chaddha 9ab9617b95
Update CVE-2019-16525.yaml 2021-07-16 17:42:41 +05:30
Prince Chaddha cbd0d293bd
Merge pull request #2031 from daffainfo/patch-65
Create CVE-2019-15713.yaml
2021-07-16 11:02:45 +05:30
Prince Chaddha a08eed7ce8
Update CVE-2019-15713.yaml 2021-07-16 11:00:01 +05:30
Prince Chaddha a78e6caafc
Update CVE-2019-16332.yaml 2021-07-16 10:57:50 +05:30
Muhammad Daffa bf68e5060d
Create CVE-2019-15713.yaml 2021-07-16 00:09:33 +07:00
Muhammad Daffa 28278b45a2
Create CVE-2019-16332.yaml 2021-07-16 00:06:33 +07:00
Muhammad Daffa 8a28dc1935
Create CVE-2019-16525.yaml 2021-07-15 19:30:44 +07:00
Prince Chaddha 22a16b4b17
Update CVE-2019-19134.yaml 2021-07-15 17:26:55 +05:30
Muhammad Daffa f816c58bac
Create CVE-2019-19134.yaml 2021-07-15 18:40:17 +07:00
Prince Chaddha c20a208c4a
Update CVE-2019-9618.yaml 2021-07-15 14:20:42 +05:30
Muhammad Daffa 3fa2bf156a
Create CVE-2019-9618.yaml 2021-07-15 09:48:59 +07:00
sandeep f7259df034 typo update 2021-07-14 15:38:56 +05:30
Prince Chaddha bca05d61d6
Merge pull request #1926 from daffainfo/patch-11
Create CVE-2019-14470.yaml
2021-07-11 10:15:11 +05:30
Prince Chaddha 7c19ca873d
Update CVE-2019-14470.yaml 2021-07-11 10:12:41 +05:30
Prince Chaddha 7c0c5033e9
Update CVE-2019-14470.yaml 2021-07-11 10:11:11 +05:30
Prince Chaddha 0bae5e975e
Update CVE-2019-15889.yaml 2021-07-11 10:09:51 +05:30
Muhammad Daffa 009e68c627
Create CVE-2019-15889.yaml 2021-07-11 08:20:03 +07:00
Muhammad Daffa 4889efb117
Create CVE-2019-14470.yaml 2021-07-11 08:06:14 +07:00
sandeep b137eb57d3 More edge cases
Only looking for DNS interaction is not reliable as few servers make DNS requests for host included in path or query parameter.
2021-07-04 00:41:57 +05:30
sandeep acebe227a1 Update CVE-2019-13101.yaml 2021-07-04 00:12:01 +05:30
sandeep 9e9954cbab strict matchers 2021-07-04 00:07:30 +05:30
Suman Kar f249af535a
Update CVE-2019-13101.yaml
iot tag added
2021-07-03 17:55:11 +05:30
Suman Kar e20298b4d3 D-Link DIR-600M Router - Authentication Bypass 2021-07-03 05:50:40 +05:30
Prince Chaddha 37261f7a2f
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 16:52:04 +05:30
Prince Chaddha 2539c830ac
Update CVE-2019-7481.yaml 2021-06-22 13:20:06 +05:30
Prince Chaddha c87238c37a Update CVE-2019-7481.yaml 2021-06-22 13:18:51 +05:30
darrenmartyn 80d159c277
Update CVE-2019-7481.yaml 2021-06-19 22:44:05 +01:00
darrenmartyn 7c65c33396
Update CVE-2019-7481.yaml
maybe yaml lint thing doesn't hate me now
2021-06-19 22:42:10 +01:00
darrenmartyn 722a2bd60c
Update and rename CVE-2019-4781.yaml to CVE-2019-7481.yaml 2021-06-19 21:39:08 +01:00
darrenmartyn a26c0d9c3a
Create CVE-2019-4781.yaml
Need some feedback on this, tested it out and it works just fine.
2021-06-19 21:17:40 +01:00
Prince Chaddha 8df5f982f3 Moved template to cves 2021-06-13 21:01:21 +05:30
sandeep 3de46aa21b misc changes 2021-06-10 00:01:38 +05:30
sandeep ea26842383 Added CVE-2019-2616 2021-06-09 23:56:42 +05:30
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30