d5cbcec079
Update CVE-2021-22214.yaml
...
dns interaction doesn't prove exploitability
2021-07-07 03:50:13 +00:00
2aa91bbf24
Rename cve-2021-24387.yaml to CVE-2021-24387.yaml
2021-07-06 20:29:47 +05:30
78617f6012
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
2021-07-06 19:51:53 +05:30
6dd96ede94
Added additional reference
2021-07-06 12:12:09 +05:30
fc68a95803
Template Name/ID update as per assigned CVE
2021-07-06 12:07:53 +05:30
56ccb9f3a4
Merge pull request #1822 from Akokonunes/patch-13
...
Create CVE-2021-24210.yaml
2021-07-01 00:00:03 +05:30
f44c3e597f
Update and rename CVE-2021-24210.yaml to cves/2021/CVE-2021-24210.yaml
2021-06-30 23:45:27 +05:30
87a1d1acce
Merge pull request #1823 from Akokonunes/patch-14
...
Create CVE-2021-24406.yaml
2021-06-30 23:44:03 +05:30
6a6607c282
Update and rename CVE-2021-24406.yaml to cves/2021/CVE-2021-24406.yaml
2021-06-30 23:43:06 +05:30
dbcdbe907e
Merge pull request #1797 from Mad-robot/patch-2
...
Create CVE-2021-29203.yaml
2021-06-30 21:27:35 +05:30
2d63ddfa20
minor update
2021-06-30 21:27:06 +05:30
3602eebf6c
Merge pull request #1780 from wwilson83H3/master
...
The default request never flagged druid in my env. Replaced with MSF …
2021-06-30 20:32:14 +05:30
d1f47657a9
Update CVE-2021-25646.yaml
2021-06-30 20:31:15 +05:30
cfcb739fbc
more changes
2021-06-30 20:28:41 +05:30
498586e854
Added additional matcher and full exploit chain details
2021-06-30 03:01:13 +05:30
8b0b2a169d
Update CVE-2021-35464.yaml
2021-06-29 18:02:33 +05:30
2d4c8cb434
Create CVE-2021-35464.yaml
2021-06-29 17:26:37 +05:30
8ae56492d8
Update CVE-2021-29203.yaml
2021-06-29 10:13:41 +05:30
40782db039
Merge pull request #1771 from gy741/rule-add-v7
...
Create CVE-2021-3223.yaml
2021-06-28 21:43:59 +05:30
b97811a143
Update CVE-2021-3223.yaml
2021-06-28 21:43:04 +05:30
cb5c53aef3
Create CVE-2021-29203.yaml
2021-06-26 13:40:30 +05:30
bae4998f81
Merge pull request #1766 from gy741/rule-add-v6
...
Create CVE-2021-21234.yaml
2021-06-25 16:50:36 +05:30
2d40d90715
Update CVE-2021-21234.yaml
2021-06-25 12:53:22 +05:30
426abedcfa
severity updates as per CVE database
2021-06-25 00:05:59 +05:30
e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187
...
Create CVE-2021-28169.yaml
2021-06-25 00:02:51 +05:30
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
809668943f
minor changes
2021-06-24 23:54:29 +05:30
16e5ad7fad
The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now
2021-06-24 13:37:45 -04:00
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00
bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4
...
Create CVE-2021-24237.yaml
2021-06-16 01:56:39 +05:30
5cff973564
Added tags
2021-06-16 01:02:21 +05:30
c36419c94c
Added CVE-2021-28854
2021-06-16 01:01:01 +05:30
b5bdac494b
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates
2021-06-13 09:54:52 +03:00
Geeknik Labs
Sandeep Singh
Suman Kar
Prince Chaddha
Prince Chaddha
sandeep
SaN ThosH
wyatt
PikPikcU
GwanYeong Kim
lulz
Noam Rathaus
Dwi Siswanto