b5123f5abe
Update CVE-2021-37573.yaml
2021-08-14 14:40:52 +05:30
4c811a4dc2
Update CVE-2021-3017.yaml
2021-08-14 14:03:43 +05:30
09284afb09
Update CVE-2021-3017.yaml
2021-08-14 13:58:04 +05:30
916d421b98
Update CVE-2021-3017.yaml
2021-08-14 13:56:56 +05:30
29e8c790fc
Create CVE-2021-3017.yaml
2021-08-14 13:32:59 +07:00
344fba3089
Update CVE-2021-37573.yaml
2021-08-13 17:17:35 -05:00
eed8e2e573
Update CVE-2021-37573.yaml
2021-08-13 17:17:18 -05:00
1ea3dfe3b7
Create CVE-2021-37573.yaml
2021-08-13 17:14:13 -05:00
035ee06740
Update CVE-2021-35464.yaml
2021-08-13 16:22:36 +05:30
c537e2ccd4
minor update
2021-08-12 22:09:42 +05:30
a0275a9aeb
Merge pull request #2370 from evait-security/master
...
add ProxyShell detection template
2021-08-12 22:08:59 +05:30
b69cd23cf4
minor updates
2021-08-12 21:24:09 +05:30
a69a8718c7
removing extra headers
2021-08-12 14:11:49 +05:30
7c076d7e0e
Added CVE-2021-20092
2021-08-11 18:28:37 +05:30
b64f472b91
Added CVE-2021-20091
2021-08-11 17:58:20 +05:30
76d184331c
minor update
2021-08-11 17:57:58 +05:30
74a17976a8
Update CVE-2021-20090.yaml
2021-08-10 22:23:57 +05:30
d84eb0fd7e
Added CVE-2021-20090
2021-08-10 22:21:46 +05:30
36e43b66ec
follow redirect, compare body instead of status code, eliminate false positives
2021-08-10 10:53:58 +02:00
ff558bd94e
add second url for more stable detection
2021-08-10 10:17:37 +02:00
99d41391e7
add ProxyShell detection template
2021-08-10 09:59:06 +02:00
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
28f1036194
minor update
2021-08-08 22:57:07 +05:30
b59341b273
minor update
2021-08-06 21:23:46 +05:30
34f905286a
moving files around
2021-08-05 12:52:50 +05:30
40f3693456
Added page specific matcher
2021-08-04 21:32:50 +05:30
c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
7aa7401f3a
Merge pull request #2278 from gy741/rule-add-v44
...
Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30
a1d73379aa
Added CVE-2021-27561
2021-08-02 18:25:13 +05:30
c670df2925
Update CVE-2021-21816.yaml
2021-08-02 17:57:09 +05:30
5c7a745e04
Merge pull request #2298 from gy741/rule-add-v47
...
Create CVE-2021-3297.yaml
2021-08-02 17:18:29 +05:30
27f96f96c4
Update CVE-2021-3297.yaml
2021-08-02 17:12:42 +05:30
2c0ecb01b3
Update CVE-2021-3297.yaml
2021-08-02 17:09:52 +05:30
bae8422cfb
Update CVE-2021-3297.yaml
2021-08-02 17:06:07 +05:30
37608a954c
Description
2021-08-02 12:56:17 +03:00
6950d325e6
Update description
2021-08-02 12:55:21 +03:00
6f2d74337e
Add CVE-2021-29484.yaml
2021-08-02 13:28:24 +05:30
bfa043e51f
Create CVE-2021-3297.yaml
...
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 16:35:38 +09:00
81572ce596
Merge pull request #2292 from geeknik/patch-4
...
Update CVE-2021-31581.yaml
2021-08-02 02:09:32 +05:30
b04dc13dcd
Update CVE-2021-31581.yaml
2021-08-02 02:08:28 +05:30
d416aea142
Merge pull request #2279 from gy741/rule-add-v45
...
Create CVE-2021-36380.yaml
2021-08-02 01:36:56 +05:30
ebf1653d65
Update CVE-2021-36380.yaml
2021-08-02 01:33:10 +05:30
76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
...
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
5c22441bac
Update CVE-2021-3223.yaml
2021-08-02 01:11:43 +05:30
9cbb151600
Update CVE-2021-31581.yaml
...
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285 . 👍🏻
2021-08-01 10:59:39 -05:00
03dfb4bff6
More references
2021-08-01 09:16:33 +03:00
3de7af6018
Better reference
2021-08-01 09:14:14 +03:00
0678e7d233
Create CVE-2021-36380.yaml
...
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
5b3529bad5
Create CVE-2021-21816.yaml
...
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
ae672521d9
Update CVE-2021-3223.yaml
2021-07-31 16:12:48 +07:00
12b832cc36
Create CVE-2021-32305.yaml
...
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 09:24:35 +09:00
9c66387f0f
More CVEs Template
2021-07-26 22:48:45 +05:30
b990243906
uniform tags
2021-07-26 14:25:43 +05:30
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
7d72783090
WIP improvements
2021-07-22 16:32:37 +05:30
938fdeec8f
Added CVE-2021-34429 and fixed related templates
2021-07-22 15:23:19 +05:30
8d8f39c26f
Create CVE-2021-32820.yaml
2021-07-21 10:40:13 +05:30
7020d17f13
Merge pull request #2107 from daffainfo/patch-90
...
Create CVE-2021-23241.yaml
2021-07-20 17:26:37 +05:30
8f8105bb99
Update CVE-2021-23241.yaml
2021-07-20 16:00:00 +05:30
41c9c3e3f9
Update CVE-2021-23241.yaml
2021-07-20 14:25:37 +05:30
86a7fad73a
Update CVE-2021-23241.yaml
2021-07-20 14:23:39 +05:30
1fc173982d
Update CVE-2021-21479.yaml
2021-07-20 14:22:31 +05:30
c63bb91bdb
Create CVE-2021-23241.yaml
2021-07-20 15:52:10 +07:00
94511129f6
Merge pull request #2076 from dwisiswant0/GHSL-2020-227
...
Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479
2021-07-20 14:20:31 +05:30
d738d2c9a3
Update CVE-2021-21479.yaml
2021-07-20 14:18:21 +05:30
b10b8a61b8
Update CVE-2021-21479.yaml
2021-07-20 14:16:30 +05:30
0af69ac0fd
Update CVE-2021-21479.yaml
2021-07-20 14:15:45 +05:30
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
eb15971f16
Merge pull request #2096 from geeknik/patch-4
...
Create CVE-2021-26475.yaml
2021-07-20 11:53:45 +05:30
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
9d19d5fb5b
description update
2021-07-20 00:12:01 +05:30
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30
39acc90454
Create CVE-2021-26475.yaml
...
CVE-2021-26475 -- EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
2021-07-19 08:34:21 -05:00
eec253fdd8
minor update
2021-07-19 16:53:47 +05:30
707083438e
Update CVE-2021-24389.yaml
2021-07-19 11:37:51 +05:30
751f4e099c
Update CVE-2021-24335.yaml
2021-07-19 11:37:18 +05:30
c8ee50bd9b
Update CVE-2021-24320.yaml
2021-07-19 11:36:45 +05:30
06a82e2c78
Update CVE-2021-24298.yaml
2021-07-19 11:36:11 +05:30
77fd227376
Update CVE-2021-24498.yaml
2021-07-19 10:45:58 +05:30
556a94136b
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-19 10:40:50 +05:30
f9c8314092
Merge pull request #2077 from gy741/rule-add-v27
...
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
2021-07-18 23:17:40 +05:30
c56680cef3
Additional matcher
2021-07-18 23:14:19 +05:30
9971674b36
Update CVE-2021-21479.yaml
2021-07-18 22:54:34 +05:30
3088fb5431
Removing CVE-2021-24213
...
As per blog - https://bentl.ee/posts/cve-givewp/
> This vulnerability requires user interaction from an admin in order to be exploited.
2021-07-18 22:39:37 +05:30
76e95ac1e5
Minor improvements
2021-07-18 22:36:15 +05:30
22fa4de8d8
Update CVE-2021-21307.yaml
2021-07-18 19:33:28 +05:30
Prince Chaddha
PikPikcU
Geeknik Labs
SaN ThosH
sandeep
Paul Werther
Prince Chaddha
Dwi Siswanto
Muhammad Daffa
Harsh Jaiswal
Noam Rathaus
GwanYeong Kim
Dhiyaneshwaran
Suman Kar
Suman Kar