Commit Graph

807 Commits (93337032a09bab31a03cf8fd93e3bccc12e93b9d)

Author SHA1 Message Date
Prince Chaddha fc566d27a8
Create CVE-2021-45092.yaml (#3372)
* Create CVE-2021-45092.yaml

* Added Thinfinity Iframe Injection

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* Added Thinfinity VirtualUI User Enumeration

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* added missing tag

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
2021-12-18 14:32:44 +05:30
Abhiram V dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers (#3334)
* Updated with common headers which can be exploited

Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part

* fix: lint update

* Update CVE-2021-44228.yaml

* Update CVE-2021-44228.yaml

* Updated changed matchers and extractors regex according to v8.7.3 update

* payload updates for CVE-2021-44228

- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points

Source - https://twitter.com/0xceba/status/1471664540542648322

Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
2021-12-18 10:51:45 +05:30
sandeep b8fa0d5857 update: added more reference 2021-12-15 21:26:35 +05:30
Geeknik Labs 9c169bd682
Create CVE-2021-44528.yaml (#3342) 2021-12-15 20:43:07 +05:30
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
sandeep 34d4557dad update: making it compatible with self-hosted interactsh server 2021-12-14 03:21:47 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298)
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
Nicolas 1411edf332
Updated CVE-2021-44228.yaml (#3335)
Co-authored-by: olacin <olacin@users.noreply.github.com>
2021-12-13 20:24:06 +05:30
5tr1x 5dc71681c5
Add X-Forwarded-For and Authentication headers 2021-12-11 15:43:22 -06:00
Mohamed Elbadry 33fbe53930
Create CVE-2021-44228.yaml (#3319)
* Create CVE-2021-44228.yaml

* fix: syntax fix

* update: added additional path based payload

* update: strict matcher + pulling hostname information of the system

* update: added path based payload

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-12 00:56:50 +05:30
GitHub Action a19b941193 Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖 2021-12-08 11:18:20 +00:00
Sandeep Singh 2521cb62bf
Added CVE-2021-43798 (#3296)
* Added CVE-2021-43798

* updated with default plugin list

* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
Prince Chaddha 548980ae5b
Update CVE-2021-40856.yaml 2021-12-08 10:25:18 +05:30
GwanYeong Kim 48c6834de6 Create CVE-2021-40856.yaml
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-08 09:54:30 +09:00
sandeep b8d068416f update: added reference for CVE-2021-38314 2021-12-04 22:17:25 +05:30
sandeep f64926808d Added missing tag 2021-12-04 12:50:04 +05:30
GitHub Action 01cb3156ce Auto Generated CVE annotations [Sat Dec 4 07:17:12 UTC 2021] 🤖 2021-12-04 07:17:12 +00:00
sandeep d2d0d4bf8d minor update to description 2021-12-04 12:44:08 +05:30
alph4byt3 09468dc0f8 Create CVE-2021-29490.yaml 2021-12-04 12:40:47 +05:30
alph4byt3 5180d138bf Delete CVE-2021-29490 2021-12-04 12:40:47 +05:30
alph4byt3 41148c9f86 Create CVE-2021-29490 2021-12-04 12:40:47 +05:30
GitHub Action ee1c16543d Auto Generated CVE annotations [Fri Dec 3 09:17:18 UTC 2021] 🤖 2021-12-03 09:17:18 +00:00
Prince Chaddha 7a32fc3941
Update and rename CVE-2021-27310.yaml to cves/2021/CVE-2021-27310.yaml 2021-12-03 14:43:25 +05:30
Prince Chaddha 7bd27557d8
Merge pull request #3253 from projectdiscovery/pr-fix-1
Update CVE-2021-30213.yaml
2021-12-03 14:32:47 +05:30
Prince Chaddha 0ac3b4da59
Merge pull request #3252 from projectdiscovery/pr-fix
Update CVE-2021-27931.yaml
2021-12-03 14:32:06 +05:30
Prince Chaddha 10c0f1b22f
Update CVE-2021-30213.yaml 2021-12-03 14:31:08 +05:30
Prince Chaddha 04bb340596
Update CVE-2021-27931.yaml 2021-12-03 14:30:44 +05:30
Prince Chaddha 5a36367340
Merge branch 'master' into pr-fix-1 2021-12-03 13:49:27 +05:30
Prince Chaddha 3cade85cc8
Merge branch 'master' into pr-fix 2021-12-03 13:23:33 +05:30
GitHub Action 6731cb176b Auto Generated CVE annotations [Fri Dec 3 07:23:34 UTC 2021] 🤖 2021-12-03 07:23:34 +00:00
Prince Chaddha ccca1add3f
Update CVE-2021-30213.yaml 2021-12-03 12:53:01 +05:30
Prince Chaddha e53cdde0c0
Merge pull request #3199 from alph4byt3/alph4byt3-patch-1
Create CVE-2021-30213.yaml
2021-12-03 12:52:11 +05:30
GitHub Action 5afe45cba5 Auto Generated CVE annotations [Fri Dec 3 07:19:34 UTC 2021] 🤖 2021-12-03 07:19:34 +00:00
Prince Chaddha 636a82effd
Update CVE-2021-27931.yaml 2021-12-03 12:48:47 +05:30
Prince Chaddha 025475d950
Merge pull request #3251 from projectdiscovery/pr-fix
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml
2021-12-03 12:48:01 +05:30
Prince Chaddha bac5f0f843
Merge pull request #3206 from alph4byt3/patch-1
Create CVE-2021-27931.yaml
2021-12-03 12:47:18 +05:30
Prince Chaddha 0457cbd6b2
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml 2021-12-03 12:42:37 +05:30
sandeep 1dabef2e6f Revert "CVE update - CVE-2021-22049"
This reverts commit 70128c2587.
2021-12-02 01:34:29 +05:30
sandeep 70128c2587 CVE update - CVE-2021-22049 2021-12-02 01:31:41 +05:30
sandeep 814bf92a00 File name update - CVE-2021-39226 2021-12-02 01:14:10 +05:30
Sandeep Singh 19fcafa546
CVE-2021-39226 (#3241)
* Added CVE-39226

Co-Authored-By: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>

Co-authored-by: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>
2021-12-02 01:07:40 +05:30
sullo 854b464b1d
Add remediation information to CVE-2021-40539 and CVE-2021-44427 (#3237)
* Added remediation to CVE-2021-40539

* Added remediation to CVE-2021-44427

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2021-12-01 22:23:24 +05:30
Prince Chaddha c9b6c8e463
Merge pull request #3235 from cckuailong/master
add CVE-2021-43778.yaml
2021-12-01 19:21:08 +05:30
Prince Chaddha 93f9f3ccac
Update CVE-2021-43778.yaml 2021-12-01 19:19:10 +05:30
GitHub Action d3649d4f43 Auto Generated CVE annotations [Wed Dec 1 13:42:24 UTC 2021] 🤖 2021-12-01 13:42:24 +00:00
cckuailong 2a8ca5d836 add CVE-2021-43778.yaml 2021-12-01 15:04:29 +08:00
GitHub Action fb048c7972 Auto Generated CVE annotations [Tue Nov 30 18:51:32 UTC 2021] 🤖 2021-11-30 18:51:32 +00:00
Sandeep Singh eb5a6ab341
Added CVE-2021-41266 (#3229)
Co-Authored-By: Lenin Alevski <1795553+Alevsk@users.noreply.github.com>
2021-12-01 00:19:41 +05:30
Prince Chaddha d484fed316
Merge pull request #3224 from xShuden/master
Create  CVE-2021-44427.yaml
2021-11-30 21:55:47 +04:00
Prince Chaddha f6a952d4be
Update CVE-2021-44427.yaml 2021-11-30 23:23:31 +05:30
Prince Chaddha ae078ecd51
Merge pull request #3223 from gy741/rule-add-v74
Create CVE-2021-41653.yaml
2021-11-30 20:54:55 +04:00
Prince Chaddha 0b82e570d1
Update CVE-2021-41653.yaml 2021-11-30 22:22:16 +05:30
Aaron Chen 38f147a716
create CVE-2021-41951 (#3202)
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2021-11-30 22:19:12 +05:30
Sandeep Singh 949cd0d5a6
CVE 2021 41951 (#3226)
* create CVE-2021-41951

Co-authored-by: Aaron Chen <aaronchen.lisp@gmail.com>
2021-11-30 22:15:32 +05:30
Furkan Sayım 3ae4c1b484
Create CVE-2021-44427.yaml 2021-11-30 16:56:38 +01:00
GwanYeong Kim 3dd0c78fff Create CVE-2021-41653.yaml
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-11-30 14:35:25 +09:00
forgedhallpass 7ef4f90cf0
feat: CVE-2021-22053 (#3220)
* feat: CVE-2021-22053
2021-11-29 18:42:08 +05:30
GitHub Action 302227a09d Auto Generated CVE annotations [Sun Nov 28 20:31:30 UTC 2021] 🤖 2021-11-28 20:31:30 +00:00
sandeep d00dea3f6b removed unwanted headers 2021-11-29 00:05:36 +05:30
sandeep 685c46640e Added Apache Airflow - Unauthenticated variable Import 2021-11-28 23:47:12 +05:30
sandeep 63b23a4848 Added additional reference 2021-11-28 17:22:02 +05:30
sandeep 7345869864 Added additional matcher 2021-11-27 10:04:24 +05:30
rotemr 0595a1dcf1 Add template for CVE-2021-24278 2021-11-27 01:32:48 +02:00
alph4byt3 3c1ae20146
Create CVE-2021-27931.yaml 2021-11-25 17:39:09 +02:00
alph4byt3 f2ff7a1a7e
Create CVE-2021-30213.yaml 2021-11-24 17:43:59 +02:00
GitHub Action 2e3c57379f Auto Generated CVE annotations [Tue Nov 23 03:59:46 UTC 2021] 🤖 2021-11-23 03:59:46 +00:00
Prince Chaddha e787e67010
Update CVE-2021-43495.yaml 2021-11-23 07:46:15 +04:00
PikPikcU 05a366d141
Create CVE-2021-43495.yaml 2021-11-23 08:30:30 +07:00
sandeep a175effdc4 Added few additional information 2021-11-20 17:19:24 +05:30
GitHub Action 440a0e7114 Auto Generated CVE annotations [Thu Nov 18 20:31:47 UTC 2021] 🤖 2021-11-18 20:31:47 +00:00
sandeep a7594322a3 removed spaces 2021-11-19 01:40:36 +05:30
sandeep cf34d5b0ee Added Apache ShenYu Admin JWT authentication bypass (CVE-2021-37580) 2021-11-19 01:38:23 +05:30
Bourne Haber ff16039083
Change word -> regex for type 'regex' 2021-11-16 23:51:30 +05:30
sandeep b2aa8f9f5b misc updates 2021-11-13 23:01:53 +05:30
sandeep b0860f2275 Template update to confirm RCE 2021-11-13 16:36:43 +05:30
sandeep 0e9faf2419 misc updates 2021-11-13 00:37:40 +05:30
GitHub Action d77afde6f2 Auto Generated CVE annotations [Fri Nov 12 19:00:28 UTC 2021] 🤖 2021-11-12 19:00:28 +00:00
sandeep e649bcc493 template fix 2021-11-13 00:29:04 +05:30
Sandeep Singh e50e82d61b
Merge pull request #3129 from httpvoid/master
Add CVE-2021-41349
2021-11-13 00:28:42 +05:30
rootxharsh 29bcd6b821 Add CVE-2021-41349 2021-11-12 23:55:15 +05:30
sandeep ca0b7890dc misc update 2021-11-11 14:35:58 +05:30
Sandeep Singh c0d875c623
Update CVE-2021-42237.yaml 2021-11-11 14:32:24 +05:30
Prince Chaddha e396e30ac5
Merge branch 'master' into master 2021-11-11 11:19:57 +05:30
Prince Chaddha a6039654a1
Update CVE-2021-31602.yaml 2021-11-11 11:17:25 +05:30
Prince Chaddha 7a08bde65d
Update CVE-2021-42237.yaml 2021-11-11 11:16:37 +05:30
GitHub Action 206b056506 Auto Generated CVE annotations [Thu Nov 11 05:29:39 UTC 2021] 🤖 2021-11-11 05:29:39 +00:00
GitHub Action 2cfad99d03 Auto Generated CVE annotations [Wed Nov 10 16:04:38 UTC 2021] 🤖 2021-11-10 16:04:38 +00:00
sandeep cb74944f43 misc updates 2021-11-08 15:45:54 +05:30
GitHub Action 268f6c7c86 Auto Generated CVE annotations [Mon Nov 8 06:51:55 UTC 2021] 🤖 2021-11-08 06:51:55 +00:00
GitHub Action 2f7b3d7e00 Auto Generated CVE annotations [Sat Nov 6 22:43:41 UTC 2021] 🤖 2021-11-06 22:43:41 +00:00
sandeep 2beb8767ff Added CVE-2021-41174 2021-11-07 04:08:43 +05:30
Sandeep Singh cd59d38e3d
Merge pull request #3083 from pussycat0x/master
Pentaho <= 9.1 Authentication Bypass of Spring APIs
2021-11-06 16:52:44 +05:30
sandeep 0963b5f289 Added stop-at-first-match 2021-11-06 16:52:33 +05:30
sandeep 1d4ff44b88 misc update 2021-11-06 16:51:03 +05:30
sandeep 5fa10c4b64 cves update 2021-11-06 12:34:04 +05:30
sandeep 3e12441f6d matcher update 2021-11-06 03:56:14 +05:30
Prince Chaddha c1e8682918
Update CVE-2021-31602.yaml 2021-11-05 21:20:29 +05:30
pussycat0x 70425f1be2
Update CVE-2021-31602.yaml 2021-11-05 14:11:44 +05:30
pussycat0x 802607241d
Update CVE-2021-31602.yaml 2021-11-05 13:59:09 +05:30
pussycat0x 153a00af52
Add files via upload 2021-11-05 13:45:21 +05:30