c9a374bed5
renamed: simple-employee-rce.yaml -> ../../cves/2019/CVE-2019-20183.yaml
2021-09-30 13:06:46 -04:00
28def083f6
Merge branch 'master' of https://github.com/sullo/nuclei-templates
...
Fix typo for cvss
2021-09-30 13:03:09 -04:00
3878138bfe
* Added Host headers where needed (validated via disclosures/posts)
...
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
e90e3b49bc
Added more unique matchers
2021-09-30 20:22:53 +05:30
88f6bba576
Added thinkphp keyword from response to avoid false positive
2021-09-30 18:35:14 +05:30
f839f628b6
Update and rename fatpipe-networks-warp-backdoor.yaml to fatpipe-backdoor.yaml
2021-09-30 17:18:45 +05:30
b65719103f
Update and rename fatpipe-networks-warp-auth-bypass.yaml to fatpipe-auth-bypass.yaml
2021-09-30 17:18:21 +05:30
9e25b4871e
Update fatpipe-networks-warp-backdoor.yaml
2021-09-30 16:13:19 +05:30
606d2b5ea4
Create fatpipe-networks-warp-backdoor.yaml
...
The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 13:38:01 +09:00
263cadaacf
Create fatpipe-networks-warp-auth-bypass.yaml
...
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 11:07:24 +09:00
e9f81943b6
Merge pull request #2759 from projectdiscovery/generic-ssrf
...
generic-ssrf
2021-09-30 03:31:52 +05:30
553a7a2480
Update request-based-interaction.yaml
2021-09-30 03:31:03 +05:30
be297d732b
misc update
2021-09-30 03:26:16 +05:30
5c80f9dc4c
Update and rename wp-church-admin-lfi.yaml to vulnerabilities/wordpress/church-admin-lfi.yaml
2021-09-28 15:38:03 +05:30
cee46ca968
Update and rename request-interaction-oob.yaml to request-based-interaction.yaml
2021-09-28 15:22:30 +05:30
97ef8f00e2
Update and rename generic-oob-param-based-interaction.yaml to oob-param-based-interaction.yaml
2021-09-28 15:21:41 +05:30
25a971efd4
Update and rename generic-oob-header-based-interaction.yaml to oob-header-based-interaction.yaml
2021-09-28 15:21:27 +05:30
8042d1233e
Create request-interaction-oob.yaml
2021-09-28 15:18:26 +05:30
52a5e33556
Create generic-oob-param-based-interaction.yaml
2021-09-28 15:17:21 +05:30
1a4f6754b4
Create generic-oob-header-based-interaction.yaml
2021-09-28 15:15:57 +05:30
8d7e5b2d24
Merge pull request #2748 from gy741/rule-add-v60
...
Create commax-cctv-rtsp-credentials-disclosure.yaml
2021-09-25 11:49:18 +05:30
2808f46429
Update and rename commax-cctv-rtsp-credentials-disclosure.yaml to commax-credentials-disclosure.yaml
2021-09-25 11:32:31 +05:30
2e7e35eb70
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml
2021-09-25 11:22:48 +05:30
fac7f96b34
Create ecoa-building-directory-traversal.yaml
...
The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:58:58 +09:00
59e0eb7ad3
Create commax-cctv-rtsp-credentials-disclosure.yaml
...
The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:43:18 +09:00
93b6f3a799
Merge pull request #2743 from Akokonunes/patch-43
...
Create wp-brandfolder-plugin-open-redirect.yaml
2021-09-25 00:55:20 +05:30
d0ee5cbe02
Merge pull request #2744 from Akokonunes/patch-44
...
Create wp-brandfolder-plugin-lfi.yaml
2021-09-25 00:54:30 +05:30
f70cc70c26
Update and rename wp-brandfolder-plugin-open-redirect.yaml to vulnerabilities/wordpress/brandfolder-open-redirect.yaml
2021-09-25 00:54:03 +05:30
624c722c5a
Update and rename wp-brandfolder-plugin-lfi.yaml to vulnerabilities/wordpress/brandfolder-lfi.yaml
2021-09-25 00:51:56 +05:30
e832a50401
Update issuu-panel-lfi.yaml
2021-09-25 00:49:53 +05:30
f35db18633
Update and rename wp-plugin-issuu-panel-lfi.yaml to vulnerabilities/wordpress/issuu-panel-lfi.yaml
2021-09-25 00:47:37 +05:30
d75bad52c7
Merge pull request #2732 from Akokonunes/patch-38
...
Create product-input-fields-for-woocommerce-file-download.yaml
2021-09-22 18:19:59 +05:30
a898a6c3a6
Update wp-woocommerce-file-download.yaml
2021-09-22 18:19:25 +05:30
dfa85833e2
misc update
2021-09-22 18:18:21 +05:30
551c9127a2
Merge pull request #2733 from Akokonunes/patch-42
...
Create cs-cart-unauthenticated-lfi.yaml
2021-09-22 18:10:38 +05:30
18142906f0
moving files around
2021-09-22 18:09:43 +05:30
a60e8a9d5e
misc update
2021-09-22 18:08:32 +05:30
807920c0ac
clean-up
2021-09-21 17:16:53 +05:30
a5982b8f32
Merge pull request #2721 from nerrorsec/patch-1
...
Added a path
2021-09-21 15:32:42 +05:30
e0a8cb25bf
Merge pull request #2725 from projectdiscovery/wp-xmlrpc-pingback-detection
...
Added Wordpress XMLRPC Pingback detection
2021-09-21 15:29:25 +05:30
d9c5095780
fixing xmlrpc-pingback-ssrf.yaml
2021-09-21 15:21:35 +05:30
ff4811e085
Create wordpress-git-config.yaml
2021-09-21 15:21:16 +05:30
10a6436f6f
Added Wordpress XMLRPC Pingback detection
2021-09-21 15:18:49 +05:30
8034e43e2c
Merge pull request #2711 from 0xSmiley/generic_lfi
...
Generic lfi
2021-09-21 00:11:59 +05:30
8a985aa5c8
Update generic-linux-lfi.yaml
2021-09-20 23:53:49 +05:30
6564d0fca4
Merge pull request #2708 from pussycat0x/master
...
New templates
2021-09-20 14:18:41 +05:30
e9e99de988
Merge pull request #2714 from pikpikcu/patch-288
...
Update Severity
2021-09-20 12:20:12 +05:30
991963fe4a
Update Severity
2021-09-20 12:11:56 +07:00
ffe20a273d
fix: typo error
2021-09-19 20:23:22 -03:00
083a72b24c
Generic Template Updated
2021-09-18 20:13:32 +01:00
Sullo
sandeep
Prince Chaddha
GwanYeong Kim
Prince Chaddha
PikPikcU
kn1ght
Nuno