Commit Graph

33751 Commits (a1a8e6568b33415ff49fc3dbcbbd6c8b8413b1df)

Author SHA1 Message Date
GitHub Action de8fbcbea3 Auto Generated Templates Checksum [Fri Aug 25 10:58:20 UTC 2023] 🤖 2023-08-25 10:58:20 +00:00
GitHub Action cbdd8bfcf0 Auto Generated New Template Addition List [Fri Aug 25 10:58:16 UTC 2023] 🤖 2023-08-25 10:58:16 +00:00
Prince Chaddha 6a45695f5c
Merge pull request #8063 from king-alexander/kev-workflow
Create KEV workflow
2023-08-25 16:27:51 +05:30
Prince Chaddha d2f6062e00 updated workflow 2023-08-25 15:31:45 +05:30
Dhiyaneshwaran f6fd83053b
matcher condition fix 2023-08-25 14:36:05 +05:30
Dhiyaneshwaran 453c0ae94b
fix spacing 2023-08-25 14:34:46 +05:30
GitHub Action e7768ef92d Auto Generated Templates Checksum [Fri Aug 25 08:39:52 UTC 2023] 🤖 2023-08-25 08:39:53 +00:00
GitHub Action dcd0110165 Auto Generated New Template Addition List [Fri Aug 25 08:39:45 UTC 2023] 🤖 2023-08-25 08:39:45 +00:00
pussycat0x 650b40cf5a
Merge pull request #8037 from projectdiscovery/CNVD-2021-32799
Create CNVD-2021-32799.yaml
2023-08-25 14:09:21 +05:30
GitHub Action 26a352067d Auto Generated cves.json [Fri Aug 25 08:32:52 UTC 2023] 🤖 2023-08-25 08:32:52 +00:00
GitHub Action 832f9ded17 Auto Generated Templates Checksum [Fri Aug 25 08:31:39 UTC 2023] 🤖 2023-08-25 08:31:39 +00:00
GitHub Action 7c3a8a1505 Auto Generated New Template Addition List [Fri Aug 25 08:31:28 UTC 2023] 🤖 2023-08-25 08:31:28 +00:00
Dhiyaneshwaran 9e10dd794e
Merge pull request #8080 from projectdiscovery/CVE-2020-11798
Create CVE-2020-11798.yaml
2023-08-25 14:01:10 +05:30
Dhiyaneshwaran 60a0fe67f5
cvss added 2023-08-25 13:57:04 +05:30
Ritik Chaddha f4faa84ffb
Create CVE-2020-11798.yaml 2023-08-25 11:38:13 +05:30
GitHub Action 12e5dd8345 TemplateMan Update [Fri Aug 25 05:39:18 UTC 2023] 🤖 2023-08-25 05:39:19 +00:00
GitHub Action 28442ecfc9 Auto Generated Templates Checksum [Fri Aug 25 05:37:31 UTC 2023] 🤖 2023-08-25 05:37:32 +00:00
GitHub Action 1d14f2a048 Auto Generated New Template Addition List [Fri Aug 25 05:37:10 UTC 2023] 🤖 2023-08-25 05:37:11 +00:00
pussycat0x a6c7580952
Merge pull request #8078 from geeknik/main-2
Update weak-cipher-suites.yaml
2023-08-25 11:06:53 +05:30
GitHub Action 8f268672c9 Auto WordPress Plugins Update [Fri Aug 25 04:02:14 UTC 2023] 🤖 2023-08-25 04:02:14 +00:00
GitHub Action 1b6adaac8d TemplateMan Update [Fri Aug 25 03:57:19 UTC 2023] 🤖 2023-08-25 03:57:20 +00:00
GitHub Action ac0edd8108 Auto Generated Templates Checksum [Fri Aug 25 03:55:26 UTC 2023] 🤖 2023-08-25 03:55:26 +00:00
GitHub Action 22daf24bcf Auto Generated New Template Addition List [Fri Aug 25 03:55:15 UTC 2023] 🤖 2023-08-25 03:55:15 +00:00
Dhiyaneshwaran 26b9028b55
Merge pull request #8072 from projectdiscovery/princechaddha-patch-3
Create hikvision-ivms-file-upload-bypass.yaml
2023-08-25 09:24:57 +05:30
geeknik e3439d8417
Update weak-cipher-suites.yaml
Here are some potential justifications for lowering the severity of the weak cipher suites alert in Nuclei from medium to low:

- The risks associated with weak cipher suites are mainly related to interception of traffic and decryption of sensitive data in transit. This requires a man-in-the-middle position which limits the scale of potential abuse.

- For an external scan, it is difficult to determine the true impact of weak cipher suites without knowing details of the application architecture and data flows. There could be other protections in place that mitigate the risk.

- Weak cipher suites alone do not enable direct remote code execution or access to underlying resources. Additional vulnerabilities would need to be chained to result in system compromise.

- The classification of "weak" cipher suites is also subjective and changes over time. Something considered weak today may still be commonly used and considered acceptable by many organizations.

- The CVSS score ranges from none to low for interception of non-sensitive data in transit. For external scanning, it's uncertain if truly sensitive data is exposed.

- Remediation requires updating server configurations across potentially many hosts. While recommended in the long term, it is not always trivial for organizations to deploy in the short term.

- There are likely higher severity issues that should be prioritized for remediation first, rather than just the acceptable cipher suites.

While weak cipher suites are not advisable, their ease of exploitation is limited in many real-world scenarios. And when performing external testing, it's difficult to determine the true impact. Given these factors, lowering the severity rating seems reasonable compared to other more serious remote bugs. But organizations should still look to phase out weak ciphers in a responsible manner.
2023-08-25 01:11:23 +00:00
GitHub Action 94700c0ae0 Auto README Update [Thu Aug 24 18:05:18 UTC 2023] 🤖 2023-08-24 18:05:18 +00:00
GitHub Action 74cafea0d2 Auto Generated Templates Stats [Thu Aug 24 18:04:49 UTC 2023] 🤖 2023-08-24 18:04:49 +00:00
GitHub Action d18f899e00 Auto Generated cves.json [Thu Aug 24 17:50:00 UTC 2023] 🤖 2023-08-24 17:50:11 +00:00
GitHub Action 6e2701102e Auto Generated Templates Checksum [Thu Aug 24 17:49:59 UTC 2023] 🤖 2023-08-24 17:50:00 +00:00
GitHub Action fd30717781 Auto Generated New Template Addition List [Thu Aug 24 17:49:52 UTC 2023] 🤖 2023-08-24 17:49:52 +00:00
Ritik Chaddha 17f6abec90
Merge pull request #8070 from projectdiscovery/CVE-2023-39026
Create CVE-2023-39026.yaml
2023-08-24 23:19:35 +05:30
Ritik Chaddha bcf747cc69
update matchers|info 2023-08-24 23:15:24 +05:30
GitHub Action cf21ef1cb3 Auto Generated Templates Checksum [Thu Aug 24 17:42:27 UTC 2023] 🤖 2023-08-24 17:42:27 +00:00
GitHub Action de3f67aea6 Auto Generated cves.json [Thu Aug 24 17:41:05 UTC 2023] 🤖 2023-08-24 17:41:17 +00:00
GitHub Action 2961211203 Auto Generated New Template Addition List [Thu Aug 24 17:40:57 UTC 2023] 🤖 2023-08-24 17:40:57 +00:00
Dhiyaneshwaran 777a520c8e
Create CVE-2023-38035.yaml (#8075)
* Create CVE-2023-38035.yaml

* syntax fix

* working template

* misc updates

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-24 23:10:37 +05:30
Prince Chaddha c1bfdf2609
Update hikvision-ivms-file-upload-bypass.yaml 2023-08-24 18:25:47 +05:30
Prince Chaddha b20726b619
updated POC with a valid file upload 2023-08-24 18:08:26 +05:30
Dhiyaneshwaran 3e8c8533b5
minor update 2023-08-24 17:14:56 +05:30
Prince Chaddha 9fc5093a3a
fixed lint 2023-08-24 16:19:35 +05:30
Prince Chaddha 5972c3fb32
Rename http/vulnerabilities/hikvision-ivms-file-upload-rce.yaml to http/vulnerabilities/hikvision/hikvision-ivms-file-upload-rce.yaml 2023-08-24 16:15:57 +05:30
Prince Chaddha da3a426920
Create hikvision-ivms-file-upload-bypass.yaml 2023-08-24 16:14:56 +05:30
pengzy2 45f49c210a Add Greenbone Security Assistant 2023-08-24 15:03:08 +08:00
GitHub Action ce7d7f288c TemplateMan Update [Thu Aug 24 06:15:35 UTC 2023] 🤖 2023-08-24 06:15:36 +00:00
GitHub Action 89cb779bed Auto Generated Templates Checksum [Thu Aug 24 06:14:12 UTC 2023] 🤖 2023-08-24 06:14:13 +00:00
GitHub Action b4ffd7a151 Auto Generated New Template Addition List [Thu Aug 24 06:14:03 UTC 2023] 🤖 2023-08-24 06:14:03 +00:00
pussycat0x c63f2ee0ce
Merge pull request #8060 from projectdiscovery/CVE-2023-39141
Create CVE-2023-39141.yaml WebUI-Aria2 - Path traversal
2023-08-24 11:43:42 +05:30
pussycat0x eeb0288c31
dsl -update 2023-08-24 11:37:23 +05:30
Dhiyaneshwaran ec2d108430
Create CVE-2023-39026.yaml 2023-08-24 11:10:31 +05:30
GitHub Action 51bcfd3ee4 Auto WordPress Plugins Update [Thu Aug 24 04:19:42 UTC 2023] 🤖 2023-08-24 04:19:42 +00:00