9c8104f937
Create CVE-2020-10204.yaml
2020-07-07 01:54:18 +05:30
2499aaa0a6
Update CVE-2018-1247.yaml
2020-07-07 00:37:01 +05:30
24eafa3648
updated matcher
2020-07-07 00:34:27 +05:30
ebb2f1f3ac
Merge pull request #210 from harsh-bothra/patch-5
...
Create CVE-2018-11759.yaml
2020-07-06 22:44:05 +05:30
ba2fe4bf75
Update CVE-2018-11759.yaml
2020-07-06 22:43:45 +05:30
1714fa6674
Merge pull request #209 from harsh-bothra/patch-4
...
Create CVE-2020-5405.yaml
2020-07-06 22:41:09 +05:30
8362fb3dc2
Update CVE-2020-5405.yaml
2020-07-06 22:40:05 +05:30
63289fb700
Merge pull request #205 from dwisiswant0/update-cve-2020-5902
...
Update RAW payloads due to can't use helper function - CVE-2020-5902
2020-07-06 22:19:31 +05:30
8b4cf6bd46
Create CVE-2018-11759.yaml
...
Apache Tomcat JK Status Manager Access
2020-07-06 21:58:42 +05:30
ebcf1ec0f6
Create CVE-2020-5405.yaml
...
Spring Cloud Directory Traversal
2020-07-06 21:52:18 +05:30
59661b1eb6
Update CVE-2019-8451.yaml
...
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
3a44d74762
Create CVE-2019-8451.yaml
...
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00
d19f00bf82
❌ Update RAW payloads due to can't use helper function
2020-07-06 21:45:44 +07:00
8ef6e99ab3
Merge pull request #200 from dwisiswant0/update-cve-2020-5902
...
Update CVE-2020-5902 matchers & requests
2020-07-06 19:15:28 +05:30
2479e51afb
📝 Fix indentation on RAW requests
2020-07-06 18:28:20 +07:00
f4da7bec43
🔨 Update CVE-2020-5902 matchers & requests to reduce false-positive results
2020-07-06 18:14:01 +07:00
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
295f836a39
updated condition
2020-07-06 13:54:03 +05:30
dfe6244c7e
Update CVE-2020-5902.yaml
2020-07-05 21:51:24 +05:30
0fe4c5ee3d
Update CVE-2020-5902.yaml
2020-07-05 21:47:48 +05:30
4f63a86229
Update CVE-2020-5902.yaml
2020-07-05 21:45:24 +05:30
06388ed981
Create CVE-2018-3714.yaml
...
https://hackerone.com/reports/309124
2020-07-05 21:19:09 +05:30
193d536685
CVE-2020-5902 F5 BIG-IP TMUI
...
Version:
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
2020-07-05 13:41:58 +05:30
c40cd5259f
Create CVE-2019-15043.yaml
2020-07-04 14:05:56 +01:00
fc3bc06f65
🔥 Add SEOmatic SSTI (CVE-2020-9757)
2020-07-04 00:56:51 +07:00
53a9952dc7
🔥 Add Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read (CVE-2020-8982)
2020-07-04 00:56:16 +07:00
b427cfc641
🔥 TYPO3 XSS (CVE-2020-8091)
2020-07-04 00:55:17 +07:00
919d657c41
🔥 Add Liferay Portal Unauthenticated RCE (CVE-2020-8982)
2020-07-04 00:54:34 +07:00
5756349c14
⚡ Add Apache Tomcat RCE by deserialization - CVE-2020-9484
2020-07-03 12:39:02 +07:00
caf833c28e
🔧 Fix for false-positive CVE-2018-16341 results
2020-07-02 17:45:29 +07:00
14494ba4d3
Update CVE-2019-8449.yaml
2020-07-02 15:36:11 +05:30
906e6e918d
Update CVE-2017-7529.yaml
2020-06-30 16:54:48 +05:30
dbaa71a763
Create CVE-2017-7529.yaml
...
Remote Integer Overflow in Nginx allows an attacker to extract sensitive information from memory buffer by triggering specially crafted requests.
2020-06-30 16:44:33 +05:30
2f59c74b28
Update CVE-2019-8449.yaml
2020-06-30 16:31:20 +05:30
fc95489690
Update CVE-2019-8449.yaml
2020-06-30 16:13:35 +05:30
d6027b67d2
Create CVE-2019-8449.yaml
...
CVE-2019-8449 which allows an Unauthenticated Attacker to enumerate all the users and their information such as Username, Avatars, Emails, Keys, etc.
Reference - https://www.doyler.net/security-not-included/more-jira-enumeration
2020-06-30 16:06:15 +05:30
ba30333045
updating trailing space
2020-06-30 15:55:45 +05:30
53a47cc1bc
Create CVE-2018-11409.yaml
...
CVE-2018-11409 allows an unauthenticated user to get sensitive information such as license key from a Splunk instance by appending /__raw/services/server/info/server-info?output_mode=json to a query.
2020-06-30 15:49:43 +05:30
b9ea4ecaf3
Update CVE-2020-12720.yaml
2020-06-30 02:04:13 +05:30
c718848a88
Update CVE-2020-8512.yaml
2020-06-30 01:59:13 +05:30
01378933c6
Update CVE-2020-12720.yaml
2020-06-29 19:25:45 +05:30
75e2166cc5
updating CVE-2020-12720
2020-06-29 19:24:56 +05:30
084a745600
added CVE-2020-8512
2020-06-26 09:14:54 +05:30
2d56871bd0
Update CVE-2019-3799.yaml
2020-06-23 03:22:51 +05:30
2d8efb04ba
Update CVE-2018-20824.yaml
2020-06-23 03:21:54 +05:30
d8a79274ae
Update CVE-2018-19439.yaml
2020-06-23 03:17:00 +05:30
b7103a2197
Pushing newly added cves
2020-06-22 19:05:37 +05:30
32d9373273
adding more path with recent PR
2020-06-22 03:50:29 +05:30
3b3ab42984
Merge pull request #144 from maverickNerd/master
...
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config
2020-06-18 16:48:30 +05:30
68450463c2
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config Server
2020-06-18 10:16:29 +00:00
Aditya Soni
bauthard
Harsh Bothra
Techbrunch
dw1
SaN ThosH
med pro
Sachin Grover