Commit Graph

2231 Commits (8be55281c46ce953ae0471a917ea37182e5dfe0e)

Author SHA1 Message Date
Sandeep Singh 56d3a2f1bd
Merge pull request #2284 from pikpikcu/patch-242
Update CVE-2019-0221
2021-08-02 01:17:36 +05:30
Sandeep Singh 76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
sandeep 5c22441bac Update CVE-2021-3223.yaml 2021-08-02 01:11:43 +05:30
Geeknik Labs 9cbb151600
Update CVE-2021-31581.yaml
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285. 👍🏻
2021-08-01 10:59:39 -05:00
Noam Rathaus 03dfb4bff6 More references 2021-08-01 09:16:33 +03:00
Noam Rathaus 3de7af6018 Better reference 2021-08-01 09:14:14 +03:00
Noam Rathaus ac70ba03c7 description and reference 2021-08-01 09:12:12 +03:00
Noam Rathaus 21b17993be Better references 2021-08-01 09:10:14 +03:00
Noam Rathaus 9dc30c37a2 Description and reference 2021-08-01 08:57:40 +03:00
Noam Rathaus 734dde35cc Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217 2021-08-01 08:52:30 +03:00
PikPikcU 0653fdc498
Update CVE-2019-0221.yaml 2021-08-01 09:43:53 +07:00
Muhammad Daffa 7f608a2d57
Create CVE-2012-4253.yaml 2021-08-01 07:33:05 +07:00
Muhammad Daffa 8801d2c380
Create CVE-2016-10993.yaml 2021-08-01 06:41:54 +07:00
Muhammad Daffa b826d82268
Create CVE-2020-35598.yaml 2021-08-01 06:40:11 +07:00
GwanYeong Kim 0678e7d233 Create CVE-2021-36380.yaml
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
GwanYeong Kim 5b3529bad5 Create CVE-2021-21816.yaml
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
Sandeep Singh bc48231304
Merge pull request #2192 from gy741/rule-add-v41
Create CVE-2018-10818.yaml
2021-07-31 22:56:26 +05:30
sandeep 620cd107c6 Update CVE-2018-10818.yaml 2021-07-31 22:55:55 +05:30
PikPikcU ae672521d9
Update CVE-2021-3223.yaml 2021-07-31 16:12:48 +07:00
Prince Chaddha 3cb1abc436
Merge pull request #2268 from daffainfo/patch-117
Create CVE-2014-4535.yaml
2021-07-31 09:02:23 +05:30
Prince Chaddha dccd46c576
Merge pull request #2267 from daffainfo/patch-116
Create CVE-2019-12276.yaml
2021-07-31 09:00:52 +05:30
Prince Chaddha 077191496a
Update CVE-2014-4535.yaml 2021-07-31 09:00:47 +05:30
Prince Chaddha 8246b2356c
Update CVE-2019-12276.yaml 2021-07-31 08:58:19 +05:30
Prince Chaddha 9c758ea8fb
Merge pull request #2275 from daffainfo/patch-118
Create CVE-2014-4536.yaml
2021-07-31 08:48:36 +05:30
Prince Chaddha b2e3670c91
Update CVE-2014-4536.yaml 2021-07-31 08:43:27 +05:30
Prince Chaddha 9a47b53434
Update CVE-2012-0991.yaml 2021-07-31 08:41:41 +05:30
Muhammad Daffa afe800c0db
Create CVE-2012-0991.yaml 2021-07-31 06:04:14 +07:00
Muhammad Daffa 3afcf2a755
Create CVE-2014-4536.yaml 2021-07-31 06:01:46 +07:00
Toufik Airane 1cce455f1c
Update CVE-2020-13927.yaml
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477.

According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
2021-07-30 16:40:41 +02:00
sandeep ff344b0e49 Update CVE-2019-8451.yaml 2021-07-30 17:35:48 +05:30
PikPikcU 5bf63d1811
Update JIRA SSRF 2021-07-30 18:50:31 +07:00
Muhammad Daffa 010f1a8700
Create CVE-2014-4535.yaml 2021-07-30 05:51:07 +07:00
Muhammad Daffa 189f59ba9d
Create CVE-2019-12276.yaml 2021-07-30 05:49:59 +07:00
Prince Chaddha 10b35b4051
Merge pull request #2231 from daffainfo/patch-111
Create CVE-2009-5114.yaml
2021-07-29 18:35:08 +05:30
Muhammad Daffa da3ba72db3
Create CVE-2020-11455.yaml 2021-07-29 05:43:07 +07:00
Prince Chaddha 60be63be57
Merge pull request #2238 from pikpikcu/patch-235
Add iTop XSS
2021-07-29 00:23:17 +05:30
Prince Chaddha feb0af88eb
Update CVE-2015-6544.yaml 2021-07-29 00:16:01 +05:30
Prince Chaddha b3fdcb6bb3
Merge pull request #2240 from daffainfo/patch-113
Create CVE-2019-14312.yaml
2021-07-29 00:11:17 +05:30
Prince Chaddha 249766aff1
Merge pull request #2243 from pikpikcu/patch-238
Add CVE-2015-8349
2021-07-29 00:09:55 +05:30
Prince Chaddha f6b2676b00
Update CVE-2015-8349.yaml 2021-07-28 23:24:32 +05:30
Prince Chaddha 2b719b9fdb
Update CVE-2015-3648.yaml 2021-07-28 15:28:21 +05:30
PikPikcU 56a7c8095e
Create CVE-2015-3648.yaml 2021-07-28 13:00:02 +07:00
PikPikcU e3af07706d
Create CVE-2015-8349.yaml 2021-07-28 12:45:44 +07:00
Muhammad Daffa 3a3ccf0ba2
Create CVE-2019-14312.yaml 2021-07-28 09:04:19 +07:00
PikPikcU b65ac6853e
Update CVE-2015-6544.yaml 2021-07-28 08:02:57 +07:00
PikPikcU 0af99625ba
Create CVE-2015-6544.yaml 2021-07-28 08:01:44 +07:00
PikPikcU 38e095c98c
Fix Tags 2021-07-28 07:38:20 +07:00
PikPikcU 8c9697cb2f
Update CVE-2011-4336.yaml 2021-07-28 07:19:43 +07:00
PikPikcU 2bc6cc018f
Create CVE-2011-4336.yaml 2021-07-28 07:13:33 +07:00
Muhammad Daffa a07d931799
Create CVE-2014-8799.yaml 2021-07-28 05:03:23 +07:00
Muhammad Daffa 0341b58077
Create CVE-2009-5114.yaml 2021-07-28 05:02:29 +07:00
Sandeep Singh c703d92c5b
Merge pull request #2222 from pikpikcu/patch-228
Add PhpCollab (unauthenticated) Arbitrary File Upload
2021-07-27 19:44:35 +05:30
sandeep b984f86d67 removing extra headers 2021-07-27 17:59:13 +05:30
sandeep d43a54ada1 Update CVE-2017-6090.yaml 2021-07-27 17:56:56 +05:30
sandeep bfc130dfbd Merge branch 'patch-228' of https://github.com/pikpikcu/nuclei-templates into pr/2222 2021-07-27 17:51:06 +05:30
sandeep 448aec1edb minor updates 2021-07-27 17:50:49 +05:30
PikPikcU 870339ebe1
Update CVE-2017-6090.yaml 2021-07-27 19:10:51 +07:00
Sandeep Singh 32e18be51a
Merge pull request #2215 from TheConciergeDev/patch-4
Renamed yaml file
2021-07-27 17:27:23 +05:30
Prince Chaddha cd214580a7
Merge pull request #2224 from pikpikcu/patch-230
Add SPIP XSS
2021-07-27 17:25:04 +05:30
Prince Chaddha 0ce590a3f2
Update CVE-2016-7981.yaml 2021-07-27 17:23:32 +05:30
Prince Chaddha fdfd4232a5
Merge pull request #2225 from pikpikcu/patch-231
Create CVE-2020-26153.yaml
2021-07-27 17:22:04 +05:30
Prince Chaddha cdb91d44f3
Update CVE-2020-26153.yaml 2021-07-27 17:20:54 +05:30
Prince Chaddha 4a5d374227
Merge pull request #2212 from pikpikcu/patch-220
Add Jeedom XSS
2021-07-27 17:18:07 +05:30
Prince Chaddha ff582706c2
Merge pull request #2226 from daffainfo/patch-110
Create CVE-2017-15647.yaml
2021-07-27 17:17:44 +05:30
Prince Chaddha 142eb2fe3b
Update CVE-2020-9036.yaml 2021-07-27 17:12:32 +05:30
Prince Chaddha c4e75a7eb5
Merge pull request #2203 from pikpikcu/patch-211
Add CVE-2020-27735
2021-07-27 17:08:21 +05:30
Muhammad Daffa 590e6ae172
Create CVE-2017-15647.yaml 2021-07-27 18:36:29 +07:00
PikPikcU d561a8711d
Create CVE-2020-26153.yaml 2021-07-27 18:19:44 +07:00
Prince Chaddha d9f20b63e4
Update CVE-2020-27735.yaml 2021-07-27 16:32:50 +05:30
PikPikcU fb055acf9e
Create CVE-2016-7981.yaml 2021-07-27 17:27:42 +07:00
PikPikcU 315215aa02
Create CVE-2017-6090.yaml 2021-07-27 16:51:01 +07:00
PikPikcU ab408ccd04
Create CVE-2018-5233.yaml 2021-07-27 16:03:59 +07:00
PikPikcU 9e2de534a8
Create CVE-2018-10095.yaml 2021-07-27 15:49:19 +07:00
Prince Chaddha 6e7aba2fb9
Update CVE-2020-27735.yaml 2021-07-27 13:55:45 +05:30
Prince Chaddha 4a13112125
Update CVE-2020-27735.yaml 2021-07-27 13:33:41 +05:30
PikPikcU 317a63ec9c
Create CVE-2018-14013.yaml 2021-07-27 14:34:36 +07:00
TheConciergeDev 62df9585f9
Renamed yaml file
Added missing "-" in filename
2021-07-27 09:28:54 +02:00
PikPikcU 6f91b5d052
Create CVE-2020-9036.yaml 2021-07-27 13:45:01 +07:00
Prince Chaddha 840da27221
Merge pull request #2206 from pikpikcu/patch-214
CLink Office XSS
2021-07-27 11:59:42 +05:30
Prince Chaddha 76a39c9ef5
Update CVE 2020-6171.yaml 2021-07-27 11:58:42 +05:30
PikPikcU 56b4ada461
Update CVE-2009-0932.yaml 2021-07-27 12:35:57 +07:00
PikPikcU c2012bf293
Create CVE-2009-0932.yaml 2021-07-27 12:32:32 +07:00
PikPikcU 751626e435
Update CVE 2020-6171.yaml 2021-07-27 12:24:17 +07:00
PikPikcU ddc251861f
Create CVE 2020-6171.yaml 2021-07-27 12:21:52 +07:00
Prince Chaddha aff00f0cd8
Merge pull request #2202 from daffainfo/patch-109
Create CVE-2012-4878.yaml
2021-07-27 10:44:53 +05:30
Prince Chaddha caf6bb61c3
Update CVE-2020-27735.yaml 2021-07-27 10:41:08 +05:30
Prince Chaddha b2f1863fd7
Update CVE-2020-35774.yaml 2021-07-27 10:40:55 +05:30
Prince Chaddha b75c2dde67
Update CVE-2020-35774.yaml 2021-07-27 10:38:46 +05:30
PikPikcU 326c8265ef
Create CVE-2020-35774.yaml 2021-07-27 10:31:48 +07:00
PikPikcU f619caf26a
Create CVE-2020-27735.yaml 2021-07-27 10:23:23 +07:00
Muhammad Daffa 241eff959c
Create CVE-2012-4878.yaml 2021-07-27 09:31:04 +07:00
PikPikcU 96c03d93cc
Update CVE-2020-6637.yaml 2021-07-27 07:38:49 +07:00
PikPikcU b1dfb89f88
Create CVE-2020-6637.yaml 2021-07-27 07:36:48 +07:00
GwanYeong Kim 12b832cc36 Create CVE-2021-32305.yaml
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 09:24:35 +09:00
Muhammad Daffa 9db92fa24c
Create CVE-2016-1000155.yaml 2021-07-27 06:09:33 +07:00
Muhammad Daffa 47110e15ce
Create CVE-2016-1000153.yaml 2021-07-27 06:04:27 +07:00
GwanYeong Kim 4029278d6c Create CVE-2018-10818.yaml
The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the “password” parameter.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 02:27:13 +09:00
sandeep 9c66387f0f More CVEs Template 2021-07-26 22:48:45 +05:30
Sandeep Singh 5fc3ae4ef4
Merge pull request #1872 from Vladimir-Ivanov-Git/CVE-2018-2392
CVE-2018-2392 SAP IGS XXE
2021-07-26 20:12:08 +05:30
Sandeep Singh 79c077ddf7
Merge pull request #1874 from Vladimir-Ivanov-Git/CVE-2020-6207
CVE-2020-6207 SAP SolMan RCE
2021-07-26 18:26:55 +05:30
Sandeep Singh 8130cd2c3b
Update CVE-2020-6207.yaml 2021-07-26 18:26:19 +05:30
Prince Chaddha c58565e8ed
Merge pull request #2118 from daffainfo/patch-95
Create CVE-2016-1000140.yaml
2021-07-26 18:09:34 +05:30
Prince Chaddha dbace50bdb
Update CVE-2016-1000140.yaml 2021-07-26 18:03:07 +05:30
Prince Chaddha 4069e981c4
Merge pull request #2120 from daffainfo/patch-96
Create CVE-2014-6308.yaml
2021-07-26 18:00:31 +05:30
Prince Chaddha 4e82da883d
Merge pull request #2117 from daffainfo/patch-94
Create CVE-2016-1000138.yaml
2021-07-26 17:59:39 +05:30
Prince Chaddha 68327ddfa1
Update CVE-2016-1000138.yaml 2021-07-26 14:28:04 +05:30
sandeep b990243906 uniform tags 2021-07-26 14:25:43 +05:30
Prince Chaddha 9d7b8707e8
Merge pull request #2116 from daffainfo/patch-93
Create CVE-2016-1000137.yaml
2021-07-26 14:23:29 +05:30
Prince Chaddha 73ddb84266
Update CVE-2016-1000137.yaml 2021-07-26 14:08:03 +05:30
Prince Chaddha bdaab4c330
Merge pull request #2050 from daffainfo/patch-76
Create CVE-2016-1000126.yaml
2021-07-26 14:06:59 +05:30
Prince Chaddha 4ee46bf076
Merge pull request #2112 from daffainfo/patch-91
Create CVE-2020-35580.yaml
2021-07-26 14:06:50 +05:30
Prince Chaddha a76d36ead2
Update CVE-2016-1000126.yaml 2021-07-26 14:05:41 +05:30
Prince Chaddha 068a3542e8
Merge pull request #2177 from pussycat0x/master
Port update
2021-07-26 14:02:27 +05:30
Prince Chaddha 8b0f37af89
Update CVE-2016-2004.yaml 2021-07-26 13:57:56 +05:30
Prince Chaddha e03898ebe3
Merge pull request #2182 from daffainfo/patch-105
Create CVE-2013-7240.yaml
2021-07-26 13:38:53 +05:30
Prince Chaddha e8f9cc580e
Update CVE-2013-7240.yaml 2021-07-26 13:32:53 +05:30
Prince Chaddha fc025a8cc9
Merge pull request #2183 from daffainfo/patch-106
Create CVE-2014-2962.yaml
2021-07-26 13:30:23 +05:30
Prince Chaddha 154ed31be9
Update CVE-2014-2962.yaml 2021-07-26 13:30:16 +05:30
Prince Chaddha 84161bc33e
Update CVE-2020-8813.yaml 2021-07-26 13:27:19 +05:30
GwanYeong Kim 620ff3f367 Create CVE-2020-8813.yaml
This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 11:32:23 +09:00
Muhammad Daffa f8e16c595a
Create CVE-2014-2962.yaml 2021-07-26 06:58:58 +07:00
Muhammad Daffa fed682443e
Update CVE-2020-35580.yaml 2021-07-26 06:55:48 +07:00
Muhammad Daffa a9d07605c3
Update CVE-2014-6308.yaml 2021-07-26 06:55:17 +07:00
Muhammad Daffa 432e3ecc85
Create CVE-2013-7240.yaml 2021-07-26 06:49:51 +07:00
Sandeep Singh 353b39e941
Merge pull request #2054 from geeknik/patch-3
Create CVE-2007-0885.yaml
2021-07-26 01:45:53 +05:30
Sandeep Singh 9eced64983
Update CVE-2007-0885.yaml 2021-07-26 01:45:28 +05:30
Sandeep Singh d14150a8e4
Merge pull request #2172 from daffainfo/patch-104
Create CVE-2018-10822.yaml
2021-07-26 01:06:16 +05:30
Sandeep Singh 0d2e18722a
Update CVE-2018-10822.yaml 2021-07-26 01:04:31 +05:30
Sandeep Singh 91055c2b65
Merge pull request #2174 from gy741/rule-add-v38
Create CVE-2020-5307.yaml
2021-07-26 01:02:25 +05:30
pussycat0x add1d76b09
Port update 2021-07-25 23:28:54 +05:30
Sandeep Singh 7af0c9c8b0
Merge pull request #2171 from pussycat0x/master
HP Data Protector A.09.00 - Arbitrary Command Execution
2021-07-25 22:15:09 +05:30
sandeep 4658f7ffcc moving files around 2021-07-25 22:11:36 +05:30
GwanYeong Kim b9fadff659 Create CVE-2020-5307.yaml
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-25 11:50:53 +09:00
Muhammad Daffa 9883f04092
Create CVE-2018-10822.yaml 2021-07-25 05:49:24 +07:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Muhammad Daffa 3d90fd1047
Fix wrong regex matcher 2021-07-24 17:10:02 +07:00
Prince Chaddha f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
Prince Chaddha af4081d0ec
Update CVE-2020-29227.yaml 2021-07-24 12:17:56 +05:30
Prince Chaddha 956eb6691f
Update CVE-2020-29227.yaml 2021-07-24 12:16:30 +05:30
Prince Chaddha f40aca136b
Update CVE-2020-29227.yaml 2021-07-24 12:15:24 +05:30
Prince Chaddha 677c8b97dd
Merge pull request #2156 from gy741/rule-add-v36
Create CVE-2020-13117.yaml
2021-07-24 11:40:54 +05:30
Prince Chaddha 31f62d59ce
Update CVE-2020-13117.yaml 2021-07-24 11:39:47 +05:30
Prince Chaddha 63c48c7712
Merge pull request #2152 from daffainfo/patch-100
Create CVE-2011-3315.yaml
2021-07-24 11:36:58 +05:30
Prince Chaddha b4c25f41cb
Merge pull request #2153 from daffainfo/patch-101
Create CVE-2013-5528.yaml
2021-07-24 11:36:34 +05:30
Prince Chaddha a2787a379d
Update CVE-2011-3315.yaml 2021-07-24 11:35:35 +05:30
Prince Chaddha 3bca104ff6
Merge pull request #2163 from daffainfo/patch-102
Create CVE-2012-4889.yaml
2021-07-24 10:30:21 +05:30
Prince Chaddha 62ba69390c
Update CVE-2012-4889.yaml 2021-07-24 10:00:22 +05:30
sandeep e97e2a4f2a Template update 2021-07-24 06:22:48 +05:30
Muhammad Daffa dddd079706
Update CVE-2012-4889.yaml 2021-07-24 07:20:53 +07:00
Muhammad Daffa f8033758a1
Create CVE-2012-4889.yaml 2021-07-24 07:18:30 +07:00