Prince Chaddha
fc566d27a8
Create CVE-2021-45092.yaml ( #3372 )
...
* Create CVE-2021-45092.yaml
* Added Thinfinity Iframe Injection
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
* Added Thinfinity VirtualUI User Enumeration
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
* added missing tag
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
2021-12-18 14:32:44 +05:30
Abhiram V
dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers ( #3334 )
...
* Updated with common headers which can be exploited
Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part
* fix: lint update
* Update CVE-2021-44228.yaml
* Update CVE-2021-44228.yaml
* Updated changed matchers and extractors regex according to v8.7.3 update
* payload updates for CVE-2021-44228
- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points
Source - https://twitter.com/0xceba/status/1471664540542648322
Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
2021-12-18 10:51:45 +05:30
sandeep
b8fa0d5857
update: added more reference
2021-12-15 21:26:35 +05:30
Geeknik Labs
9c169bd682
Create CVE-2021-44528.yaml ( #3342 )
2021-12-15 20:43:07 +05:30
sandeep
c9ddd7a0ae
update: id + reference update
2021-12-14 21:07:46 +05:30
sandeep
34d4557dad
update: making it compatible with self-hosted interactsh server
2021-12-14 03:21:47 +05:30
Evan Rubinstein
dddb0bbb82
Added CVE-2021-24997 ( #3298 )
...
* Added CVE-39226
* Added CVE-39226
* Delete CVE-39226.yaml
* Renamed CVE-39226 to CVE-2021-39226
Fixed naming error
* Added Wp-Guppy-Information-Disclosure template
* Removed File
Found better descriptor
* Added CVE-2021-24997
Added WordPress Guppy Information Disclosure CVE
* Fixed CVE-2021-24997
Fixed YAML formatting
* Fixed Typo
URL Path had an extra double quote
* Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] 🤖
* Deleted Blank Space
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Added CVE-2021-43496
* Update CVE-2021-43496.yaml
* fix: syntax update
* Added New Vuln
* Update CVE-2021-24997.yaml
* Update CVE-2021-43496.yaml
* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml
* fix: lints update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
Nicolas
1411edf332
Updated CVE-2021-44228.yaml ( #3335 )
...
Co-authored-by: olacin <olacin@users.noreply.github.com>
2021-12-13 20:24:06 +05:30
5tr1x
5dc71681c5
Add X-Forwarded-For and Authentication headers
2021-12-11 15:43:22 -06:00
Mohamed Elbadry
33fbe53930
Create CVE-2021-44228.yaml ( #3319 )
...
* Create CVE-2021-44228.yaml
* fix: syntax fix
* update: added additional path based payload
* update: strict matcher + pulling hostname information of the system
* update: added path based payload
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-12 00:56:50 +05:30
GitHub Action
a19b941193
Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖
2021-12-08 11:18:20 +00:00
Sandeep Singh
2521cb62bf
Added CVE-2021-43798 ( #3296 )
...
* Added CVE-2021-43798
* updated with default plugin list
* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
Prince Chaddha
548980ae5b
Update CVE-2021-40856.yaml
2021-12-08 10:25:18 +05:30
GwanYeong Kim
48c6834de6
Create CVE-2021-40856.yaml
...
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-08 09:54:30 +09:00
sandeep
b8d068416f
update: added reference for CVE-2021-38314
2021-12-04 22:17:25 +05:30
sandeep
f64926808d
Added missing tag
2021-12-04 12:50:04 +05:30
GitHub Action
01cb3156ce
Auto Generated CVE annotations [Sat Dec 4 07:17:12 UTC 2021] 🤖
2021-12-04 07:17:12 +00:00
sandeep
d2d0d4bf8d
minor update to description
2021-12-04 12:44:08 +05:30
alph4byt3
09468dc0f8
Create CVE-2021-29490.yaml
2021-12-04 12:40:47 +05:30
alph4byt3
5180d138bf
Delete CVE-2021-29490
2021-12-04 12:40:47 +05:30
alph4byt3
41148c9f86
Create CVE-2021-29490
2021-12-04 12:40:47 +05:30
GitHub Action
ee1c16543d
Auto Generated CVE annotations [Fri Dec 3 09:17:18 UTC 2021] 🤖
2021-12-03 09:17:18 +00:00
Prince Chaddha
7a32fc3941
Update and rename CVE-2021-27310.yaml to cves/2021/CVE-2021-27310.yaml
2021-12-03 14:43:25 +05:30
Prince Chaddha
7bd27557d8
Merge pull request #3253 from projectdiscovery/pr-fix-1
...
Update CVE-2021-30213.yaml
2021-12-03 14:32:47 +05:30
Prince Chaddha
0ac3b4da59
Merge pull request #3252 from projectdiscovery/pr-fix
...
Update CVE-2021-27931.yaml
2021-12-03 14:32:06 +05:30
Prince Chaddha
10c0f1b22f
Update CVE-2021-30213.yaml
2021-12-03 14:31:08 +05:30
Prince Chaddha
04bb340596
Update CVE-2021-27931.yaml
2021-12-03 14:30:44 +05:30
Prince Chaddha
5a36367340
Merge branch 'master' into pr-fix-1
2021-12-03 13:49:27 +05:30
Prince Chaddha
3cade85cc8
Merge branch 'master' into pr-fix
2021-12-03 13:23:33 +05:30
GitHub Action
6731cb176b
Auto Generated CVE annotations [Fri Dec 3 07:23:34 UTC 2021] 🤖
2021-12-03 07:23:34 +00:00
Prince Chaddha
ccca1add3f
Update CVE-2021-30213.yaml
2021-12-03 12:53:01 +05:30
Prince Chaddha
e53cdde0c0
Merge pull request #3199 from alph4byt3/alph4byt3-patch-1
...
Create CVE-2021-30213.yaml
2021-12-03 12:52:11 +05:30
GitHub Action
5afe45cba5
Auto Generated CVE annotations [Fri Dec 3 07:19:34 UTC 2021] 🤖
2021-12-03 07:19:34 +00:00
Prince Chaddha
636a82effd
Update CVE-2021-27931.yaml
2021-12-03 12:48:47 +05:30
Prince Chaddha
025475d950
Merge pull request #3251 from projectdiscovery/pr-fix
...
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml
2021-12-03 12:48:01 +05:30
Prince Chaddha
bac5f0f843
Merge pull request #3206 from alph4byt3/patch-1
...
Create CVE-2021-27931.yaml
2021-12-03 12:47:18 +05:30
Prince Chaddha
0457cbd6b2
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml
2021-12-03 12:42:37 +05:30
sandeep
1dabef2e6f
Revert "CVE update - CVE-2021-22049"
...
This reverts commit 70128c2587
.
2021-12-02 01:34:29 +05:30
sandeep
70128c2587
CVE update - CVE-2021-22049
2021-12-02 01:31:41 +05:30
sandeep
814bf92a00
File name update - CVE-2021-39226
2021-12-02 01:14:10 +05:30
Sandeep Singh
19fcafa546
CVE-2021-39226 ( #3241 )
...
* Added CVE-39226
Co-Authored-By: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>
Co-authored-by: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>
2021-12-02 01:07:40 +05:30
sullo
854b464b1d
Add remediation information to CVE-2021-40539 and CVE-2021-44427 ( #3237 )
...
* Added remediation to CVE-2021-40539
* Added remediation to CVE-2021-44427
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2021-12-01 22:23:24 +05:30
Prince Chaddha
c9b6c8e463
Merge pull request #3235 from cckuailong/master
...
add CVE-2021-43778.yaml
2021-12-01 19:21:08 +05:30
Prince Chaddha
93f9f3ccac
Update CVE-2021-43778.yaml
2021-12-01 19:19:10 +05:30
GitHub Action
d3649d4f43
Auto Generated CVE annotations [Wed Dec 1 13:42:24 UTC 2021] 🤖
2021-12-01 13:42:24 +00:00
cckuailong
2a8ca5d836
add CVE-2021-43778.yaml
2021-12-01 15:04:29 +08:00
GitHub Action
fb048c7972
Auto Generated CVE annotations [Tue Nov 30 18:51:32 UTC 2021] 🤖
2021-11-30 18:51:32 +00:00
Sandeep Singh
eb5a6ab341
Added CVE-2021-41266 ( #3229 )
...
Co-Authored-By: Lenin Alevski <1795553+Alevsk@users.noreply.github.com>
2021-12-01 00:19:41 +05:30
Prince Chaddha
d484fed316
Merge pull request #3224 from xShuden/master
...
Create CVE-2021-44427.yaml
2021-11-30 21:55:47 +04:00
Prince Chaddha
f6a952d4be
Update CVE-2021-44427.yaml
2021-11-30 23:23:31 +05:30
Prince Chaddha
ae078ecd51
Merge pull request #3223 from gy741/rule-add-v74
...
Create CVE-2021-41653.yaml
2021-11-30 20:54:55 +04:00
Prince Chaddha
0b82e570d1
Update CVE-2021-41653.yaml
2021-11-30 22:22:16 +05:30
Aaron Chen
38f147a716
create CVE-2021-41951 ( #3202 )
...
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2021-11-30 22:19:12 +05:30
Sandeep Singh
949cd0d5a6
CVE 2021 41951 ( #3226 )
...
* create CVE-2021-41951
Co-authored-by: Aaron Chen <aaronchen.lisp@gmail.com>
2021-11-30 22:15:32 +05:30
Furkan Sayım
3ae4c1b484
Create CVE-2021-44427.yaml
2021-11-30 16:56:38 +01:00
GwanYeong Kim
3dd0c78fff
Create CVE-2021-41653.yaml
...
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-11-30 14:35:25 +09:00
forgedhallpass
7ef4f90cf0
feat: CVE-2021-22053 ( #3220 )
...
* feat: CVE-2021-22053
2021-11-29 18:42:08 +05:30
GitHub Action
302227a09d
Auto Generated CVE annotations [Sun Nov 28 20:31:30 UTC 2021] 🤖
2021-11-28 20:31:30 +00:00
sandeep
d00dea3f6b
removed unwanted headers
2021-11-29 00:05:36 +05:30
sandeep
685c46640e
Added Apache Airflow - Unauthenticated variable Import
2021-11-28 23:47:12 +05:30
sandeep
63b23a4848
Added additional reference
2021-11-28 17:22:02 +05:30
sandeep
7345869864
Added additional matcher
2021-11-27 10:04:24 +05:30
rotemr
0595a1dcf1
Add template for CVE-2021-24278
2021-11-27 01:32:48 +02:00
alph4byt3
3c1ae20146
Create CVE-2021-27931.yaml
2021-11-25 17:39:09 +02:00
alph4byt3
f2ff7a1a7e
Create CVE-2021-30213.yaml
2021-11-24 17:43:59 +02:00
GitHub Action
2e3c57379f
Auto Generated CVE annotations [Tue Nov 23 03:59:46 UTC 2021] 🤖
2021-11-23 03:59:46 +00:00
Prince Chaddha
e787e67010
Update CVE-2021-43495.yaml
2021-11-23 07:46:15 +04:00
PikPikcU
05a366d141
Create CVE-2021-43495.yaml
2021-11-23 08:30:30 +07:00
sandeep
a175effdc4
Added few additional information
2021-11-20 17:19:24 +05:30
GitHub Action
440a0e7114
Auto Generated CVE annotations [Thu Nov 18 20:31:47 UTC 2021] 🤖
2021-11-18 20:31:47 +00:00
sandeep
a7594322a3
removed spaces
2021-11-19 01:40:36 +05:30
sandeep
cf34d5b0ee
Added Apache ShenYu Admin JWT authentication bypass (CVE-2021-37580)
2021-11-19 01:38:23 +05:30
Bourne Haber
ff16039083
Change word -> regex for type 'regex'
2021-11-16 23:51:30 +05:30
sandeep
b2aa8f9f5b
misc updates
2021-11-13 23:01:53 +05:30
sandeep
b0860f2275
Template update to confirm RCE
2021-11-13 16:36:43 +05:30
sandeep
0e9faf2419
misc updates
2021-11-13 00:37:40 +05:30
GitHub Action
d77afde6f2
Auto Generated CVE annotations [Fri Nov 12 19:00:28 UTC 2021] 🤖
2021-11-12 19:00:28 +00:00
sandeep
e649bcc493
template fix
2021-11-13 00:29:04 +05:30
Sandeep Singh
e50e82d61b
Merge pull request #3129 from httpvoid/master
...
Add CVE-2021-41349
2021-11-13 00:28:42 +05:30
rootxharsh
29bcd6b821
Add CVE-2021-41349
2021-11-12 23:55:15 +05:30
sandeep
ca0b7890dc
misc update
2021-11-11 14:35:58 +05:30
Sandeep Singh
c0d875c623
Update CVE-2021-42237.yaml
2021-11-11 14:32:24 +05:30
Prince Chaddha
e396e30ac5
Merge branch 'master' into master
2021-11-11 11:19:57 +05:30
Prince Chaddha
a6039654a1
Update CVE-2021-31602.yaml
2021-11-11 11:17:25 +05:30
Prince Chaddha
7a08bde65d
Update CVE-2021-42237.yaml
2021-11-11 11:16:37 +05:30
GitHub Action
206b056506
Auto Generated CVE annotations [Thu Nov 11 05:29:39 UTC 2021] 🤖
2021-11-11 05:29:39 +00:00
GitHub Action
2cfad99d03
Auto Generated CVE annotations [Wed Nov 10 16:04:38 UTC 2021] 🤖
2021-11-10 16:04:38 +00:00
sandeep
cb74944f43
misc updates
2021-11-08 15:45:54 +05:30
GitHub Action
268f6c7c86
Auto Generated CVE annotations [Mon Nov 8 06:51:55 UTC 2021] 🤖
2021-11-08 06:51:55 +00:00
GitHub Action
2f7b3d7e00
Auto Generated CVE annotations [Sat Nov 6 22:43:41 UTC 2021] 🤖
2021-11-06 22:43:41 +00:00
sandeep
2beb8767ff
Added CVE-2021-41174
2021-11-07 04:08:43 +05:30
Sandeep Singh
cd59d38e3d
Merge pull request #3083 from pussycat0x/master
...
Pentaho <= 9.1 Authentication Bypass of Spring APIs
2021-11-06 16:52:44 +05:30
sandeep
0963b5f289
Added stop-at-first-match
2021-11-06 16:52:33 +05:30
sandeep
1d4ff44b88
misc update
2021-11-06 16:51:03 +05:30
sandeep
5fa10c4b64
cves update
2021-11-06 12:34:04 +05:30
sandeep
3e12441f6d
matcher update
2021-11-06 03:56:14 +05:30
Prince Chaddha
c1e8682918
Update CVE-2021-31602.yaml
2021-11-05 21:20:29 +05:30
pussycat0x
70425f1be2
Update CVE-2021-31602.yaml
2021-11-05 14:11:44 +05:30
pussycat0x
802607241d
Update CVE-2021-31602.yaml
2021-11-05 13:59:09 +05:30
pussycat0x
153a00af52
Add files via upload
2021-11-05 13:45:21 +05:30