bauthard
6f7aa0570e
Merge pull request #204 from Techbrunch/patch-2
...
Create CVE-2019-8451.yaml
2020-07-06 22:16:27 +05:30
Harsh Bothra
8b4cf6bd46
Create CVE-2018-11759.yaml
...
Apache Tomcat JK Status Manager Access
2020-07-06 21:58:42 +05:30
bauthard
c278396f2e
Merge pull request #203 from melbadry9/patch-2
...
Update open-redirect.yaml
2020-07-06 21:52:55 +05:30
Harsh Bothra
ebcf1ec0f6
Create CVE-2020-5405.yaml
...
Spring Cloud Directory Traversal
2020-07-06 21:52:18 +05:30
Techbrunch
1b0683e4a3
Create jira-unauthenticated-projects.yaml
...
If public sharing is ON it allows users to share projects with all users including those that are not logged in. Those projects could reveal potentially sensitive information.
2020-07-06 18:03:33 +02:00
Techbrunch
981979d905
Create jira-unauthenticated-dashboards.yaml
...
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
2020-07-06 18:02:11 +02:00
Techbrunch
a525139cbe
Update jira-unauthenticated-popular-filters.yaml
2020-07-06 17:58:12 +02:00
Techbrunch
40238f677f
Create jira-unauthenticated-popular-filters.yaml
...
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
2020-07-06 17:56:34 +02:00
Techbrunch
59661b1eb6
Update CVE-2019-8451.yaml
...
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
Techbrunch
3a44d74762
Create CVE-2019-8451.yaml
...
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00
dw1
d19f00bf82
❌ Update RAW payloads due to can't use helper function
2020-07-06 21:45:44 +07:00
Mohamed Elbadry
3381eed789
Update open-redirect.yaml
2020-07-06 16:21:43 +02:00
bauthard
4337755cbe
Merge pull request #202 from melbadry9/patch-1
...
Update crlf-injection.yaml
2020-07-06 19:48:11 +05:30
Mohamed Elbadry
d2f024dc32
Update crlf-injection.yaml
2020-07-06 16:16:27 +02:00
Mohamed Elbadry
e255561721
Update crlf-injection.yaml
2020-07-06 16:11:29 +02:00
bauthard
8ef6e99ab3
Merge pull request #200 from dwisiswant0/update-cve-2020-5902
...
Update CVE-2020-5902 matchers & requests
2020-07-06 19:15:28 +05:30
dw1
2479e51afb
📝 Fix indentation on RAW requests
2020-07-06 18:28:20 +07:00
dw1
f4da7bec43
🔨 Update CVE-2020-5902 matchers & requests to reduce false-positive results
2020-07-06 18:14:01 +07:00
bauthard
0036549365
Merge pull request #199 from Techbrunch/patch-1
...
Create jira-unauthenticated-user-picker.yaml
2020-07-06 15:59:07 +05:30
Techbrunch
d2eb42f149
Update jira-unauthenticated-user-picker.yaml
...
Fix spaces
2020-07-06 12:28:08 +02:00
Techbrunch
0fc1212d8f
Create jira-unauthenticated-user-picker.yaml
...
Through the user picker functionality within Jira your user base information could be available to anonymous users. The Browse User Global Permission allows a user to view a list of all Jira user names and group names, share issues, and @mention people on issues. This is used for selecting users/groups in popup screens and also enables auto-completion of usernames in most 'User Picker' menus and popups.
If you grant this permission to the Anyone group, you will be allowing anonymous users access to the endpoints that provide a list of users.
Remediation: Ensure that this permission is restricted to specific groups that require it. You can restrict it in Administration > System > Global Permissions.
2020-07-06 12:23:09 +02:00
bauthard
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
bauthard
295f836a39
updated condition
2020-07-06 13:54:03 +05:30
bauthard
69e4f714e3
Merge pull request #196 from dwisiswant0/custom-workflows
...
Updating current workflows & Add BIG-IP Pwner Workflow
2020-07-06 10:59:10 +05:30
dw1
257dca57fe
🔨 Update Springboot Actuators detection
2020-07-06 11:26:40 +07:00
dw1
abac4ea061
📝 Update current examples of workflows
2020-07-06 10:06:05 +07:00
dw1
72fcb6ac03
🔥 Add BIG-IP Pwner Workflow
2020-07-06 08:46:04 +07:00
dw1
c3a0b6c5a6
🔨 Update BIG-IP Configuration Utility detection matchers
2020-07-06 08:45:33 +07:00
dw1
550a559108
✏️ Replace '-' to '_' on variable workflows
2020-07-06 08:39:23 +07:00
dw1
25d5c5afb0
🔥 BIG-IP Configuration Utility detection
2020-07-06 08:36:25 +07:00
dw1
3d150d7825
➖ Remove BIG-IP Config Utility Detect
2020-07-06 08:33:50 +07:00
bauthard
aece3c81f1
Merge pull request #195 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 22:28:56 +05:30
SaN ThosH
dfe6244c7e
Update CVE-2020-5902.yaml
2020-07-05 21:51:24 +05:30
bauthard
22c21c3b4a
Merge pull request #194 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 21:50:21 +05:30
SaN ThosH
0fe4c5ee3d
Update CVE-2020-5902.yaml
2020-07-05 21:47:48 +05:30
bauthard
a06dbcecf2
Merge pull request #193 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 21:46:47 +05:30
SaN ThosH
4f63a86229
Update CVE-2020-5902.yaml
2020-07-05 21:45:24 +05:30
bauthard
142b96e8bc
Merge pull request #192 from Mad-robot/master
...
Create CVE-2018-3714.yaml
2020-07-05 21:28:53 +05:30
SaN ThosH
06388ed981
Create CVE-2018-3714.yaml
...
https://hackerone.com/reports/309124
2020-07-05 21:19:09 +05:30
bauthard
0719260160
Merge pull request #191 from bsysop/patch-1
...
Rename wordpress-user-enumaration.yaml to wordpress-user-enumeration.…
2020-07-05 18:47:30 +05:30
bsysop
8a221a61e0
Rename wordpress-user-enumaration.yaml to wordpress-user-enumeration.yaml
...
Typo fix
2020-07-05 10:14:24 -03:00
bauthard
a1eaee2af4
Merge pull request #188 from dwisiswant0/add-custom-workflows
...
Add custom workflows
2020-07-05 14:06:24 +05:30
dw1
7d9e2ee2e9
🔥 Add custom workflows
2020-07-05 15:30:28 +07:00
Ice3man
27ddfd3d15
Merge pull request #187 from Mad-robot/master
...
CVE-2020-5902 F5 BIG-IP TMUI
2020-07-05 01:13:54 -07:00
SaN ThosH
193d536685
CVE-2020-5902 F5 BIG-IP TMUI
...
Version:
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
2020-07-05 13:41:58 +05:30
dw1
79291e9e54
🔥 BIG-IP Configuration Utility detection
2020-07-05 15:04:32 +07:00
dw1
695afb7a96
✏️ Rename to CVE-2019-16759
2020-07-05 14:20:36 +07:00
bauthard
3d0898c8fb
Merge pull request #185 from bing0o/master
...
Create CVE-2019-15043.yaml
2020-07-05 10:04:07 +05:30
dw1
8a338f93cb
⚠️ Clear Yamllint warnings
2020-07-04 23:32:47 +07:00
dw1
40e627d9db
🔨 Escaping payload - CVE-2020-7961
2020-07-04 23:29:12 +07:00