8b94298c81
Merge pull request #2341 from daffainfo/patch-135
...
Create CVE-2016-2389.yaml
2021-08-07 12:36:38 +05:30
881936676b
Update CVE-2011-4804.yaml
2021-08-07 12:28:08 +05:30
335b7ce0a0
Update CVE-2016-2389.yaml
2021-08-07 12:27:03 +05:30
9039bef1dd
Create CVE-2016-2389.yaml
2021-08-07 00:35:56 +07:00
8be55281c4
Create CVE-2011-4804.yaml
2021-08-07 00:34:28 +07:00
12c2c849b9
Create CVE-2006-1681.yaml
2021-08-06 11:58:00 -05:00
dfce16a682
Create CVE-2005-4385.yaml
2021-08-06 11:35:36 -05:00
eee5d8b22e
Merge pull request #2334 from daffainfo/patch-133
...
Create CVE-2014-5368.yaml
2021-08-06 21:57:54 +05:30
b4573b1392
Create CVE-2008-6668.yaml
2021-08-06 11:24:01 -05:00
7bd7a40793
Merge pull request #2333 from daffainfo/patch-132
...
Create CVE-2010-2682.yaml
2021-08-06 21:45:42 +05:30
2ca144c36a
Merge pull request #2329 from pikpikcu/patch-245
...
Added AvantFAX
2021-08-06 21:41:40 +05:30
e75efd42da
minor update
2021-08-06 21:39:24 +05:30
b59341b273
minor update
2021-08-06 21:23:46 +05:30
d60171ed9d
Added additional matchers
2021-08-06 20:16:35 +05:30
03a67a3738
Create CVE-2014-5368.yaml
2021-08-06 06:09:11 +07:00
79d29e355b
Create CVE-2010-2682.yaml
2021-08-06 06:06:54 +07:00
9646633d30
Added CVE-2017-14651 Template
2021-08-05 16:59:36 +00:00
f63f7af8aa
Update CVE-2017-18024.yaml
2021-08-05 20:40:16 +05:30
105a093c91
Merge pull request #2328 from daffainfo/patch-130
...
Create CVE-2010-4617.yaml
2021-08-05 13:29:38 +05:30
34f905286a
moving files around
2021-08-05 12:52:50 +05:30
9ff9493341
Create CVE-2017-18024.yaml
2021-08-05 12:48:55 +07:00
9feedb27af
Create CVE-2010-4617.yaml
2021-08-05 08:36:32 +07:00
40f3693456
Added page specific matcher
2021-08-04 21:32:50 +05:30
c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
fc0085797b
Merge pull request #2321 from daffainfo/patch-129
...
Create CVE-2015-2807.yaml
2021-08-04 14:10:46 +05:30
ca92425071
Update CVE-2015-2807.yaml
2021-08-04 14:07:35 +05:30
2dec4a0326
Merge pull request #2320 from daffainfo/patch-128
...
Create CVE-2015-9414.yaml
2021-08-04 14:06:00 +05:30
80f52746e3
Update CVE-2015-9414.yaml
2021-08-04 14:03:38 +05:30
325c8a53f6
Merge pull request #2322 from gy741/rule-add-v51
...
Create CVE-2018-15745.yaml, CVE-2018-15517.yaml
2021-08-04 13:46:10 +05:30
0b3a307294
Update CVE-2018-15517.yaml
2021-08-04 13:44:42 +05:30
8cc213cec1
Update CVE-2018-15745.yaml
2021-08-04 13:42:14 +05:30
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
812d4faca2
Create CVE-2018-15517.yaml
...
Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:25:54 +09:00
adce7d2c39
Create CVE-2018-15745.yaml
...
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:16:24 +09:00
1d888e8b4e
Create CVE-2015-2807.yaml
2021-08-04 00:09:09 +07:00
e9313b15be
Create CVE-2015-9414.yaml
2021-08-04 00:07:14 +07:00
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
a4628d1f58
Merge pull request #2195 from daffainfo/patch-107
...
Create CVE-2016-1000153.yaml
2021-08-03 20:34:28 +05:30
cc715bd005
Merge pull request #2196 from daffainfo/patch-108
...
Create CVE-2016-1000155.yaml
2021-08-03 20:33:18 +05:30
a5f74e0484
Update CVE-2016-1000153.yaml
2021-08-03 20:33:02 +05:30
e6ea819b9c
Update CVE-2016-1000155.yaml
2021-08-03 20:31:20 +05:30
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
...
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
...
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
b927288f30
Update CVE-2020-6637.yaml
2021-08-03 19:25:06 +05:30
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
107c3594bf
Update CVE-2020-6637.yaml
2021-08-03 13:24:31 +05:30
41b06a2ed7
Merge pull request #2216 from pikpikcu/patch-223
...
Add Zimbra XSS
2021-08-03 13:22:42 +05:30
c4acd62307
Update CVE-2018-14013.yaml
2021-08-03 13:13:57 +05:30
1c83792023
Merge pull request #2314 from daffainfo/patch-126
...
Create CVE-2018-20470.yaml
2021-08-03 13:08:36 +05:30
3c03e28e55
Update CVE-2020-7796.yaml
2021-08-03 12:50:22 +05:30
d8007437ae
Update CVE-2020-7796.yaml
2021-08-03 12:50:10 +05:30
b02ea3266b
Update CVE-2020-7796.yaml
2021-08-03 12:47:55 +05:30
9620f4616e
Update CVE-2020-7796.yaml
2021-08-03 12:42:56 +05:30
9c16967fa5
Create CVE-2020-7796.yaml
...
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 09:31:23 +09:00
6e13d833ef
Create CVE-2018-19458.yaml
2021-08-03 06:20:58 +07:00
02d3258f2a
Create CVE-2018-20470.yaml
2021-08-03 06:19:42 +07:00
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
1939842ab6
Merge pull request #2219 from pikpikcu/patch-225
...
Add Dolibarr xss
2021-08-02 22:32:24 +05:30
f924e58b8e
Update CVE-2018-10095.yaml
2021-08-02 22:31:01 +05:30
dca1dd56b1
Merge pull request #2220 from pikpikcu/patch-226
...
Add Grav CMS XSS
2021-08-02 22:26:37 +05:30
e359b030f2
Update CVE-2018-5233.yaml
2021-08-02 22:25:21 +05:30
df1348ee5c
Merge pull request #2232 from daffainfo/patch-112
...
Create CVE-2014-8799.yaml
2021-08-02 22:00:52 +05:30
f93858622d
Update CVE-2014-8799.yaml
2021-08-02 21:59:27 +05:30
18722cd4f4
Merge pull request #2311 from gy741/rule-add-v48
...
Create CVE-2020-27361.yaml
2021-08-02 21:56:57 +05:30
347a850911
Merge pull request #2233 from pikpikcu/patch-232
...
Add Tiki Wiki CMS Groupware XSS
2021-08-02 21:48:20 +05:30
8627aadce0
Create CVE-2020-27361.yaml
...
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 01:17:48 +09:00
7d0e2be80a
Update CVE-2011-4336.yaml
2021-08-02 21:47:19 +05:30
7aa7401f3a
Merge pull request #2278 from gy741/rule-add-v44
...
Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30
a1d73379aa
Added CVE-2021-27561
2021-08-02 18:25:13 +05:30
c670df2925
Update CVE-2021-21816.yaml
2021-08-02 17:57:09 +05:30
5c7a745e04
Merge pull request #2298 from gy741/rule-add-v47
...
Create CVE-2021-3297.yaml
2021-08-02 17:18:29 +05:30
8810d6fd64
Merge pull request #2294 from daffainfo/patch-123
...
Create CVE-2016-1000148.yaml
2021-08-02 17:18:22 +05:30
fb0c113fb6
Merge pull request #2281 from daffainfo/patch-121
...
Create CVE-2016-10993.yaml
2021-08-02 17:18:07 +05:30
434b69608a
Update CVE-2016-10993.yaml
2021-08-02 17:16:58 +05:30
a3cba3b1e1
Merge pull request #2280 from daffainfo/patch-120
...
Create CVE-2020-35598.yaml
2021-08-02 17:14:38 +05:30
e4817b6e19
Merge pull request #2282 from daffainfo/patch-122
...
Create CVE-2012-4253.yaml
2021-08-02 17:13:52 +05:30
27f96f96c4
Update CVE-2021-3297.yaml
2021-08-02 17:12:42 +05:30
2c0ecb01b3
Update CVE-2021-3297.yaml
2021-08-02 17:09:52 +05:30
bae8422cfb
Update CVE-2021-3297.yaml
2021-08-02 17:06:07 +05:30
37608a954c
Description
2021-08-02 12:56:17 +03:00
6950d325e6
Update description
2021-08-02 12:55:21 +03:00
6f2d74337e
Add CVE-2021-29484.yaml
2021-08-02 13:28:24 +05:30
bfa043e51f
Create CVE-2021-3297.yaml
...
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 16:35:38 +09:00
1d58b2abd2
Merge pull request #2295 from daffainfo/patch-124
...
Create CVE-2016-1000149.yaml
2021-08-02 12:57:51 +05:30
0757721d24
Update CVE-2016-1000149.yaml
2021-08-02 12:56:49 +05:30
0c7025f30d
Update CVE-2016-1000148.yaml
2021-08-02 12:55:51 +05:30
02dc911dc9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-08-02 12:53:44 +05:30
e896a8982d
misc updates
2021-08-02 12:53:35 +05:30
dfcd364059
update to CVE-2017-5487, added extractor
2021-08-02 01:08:39 -04:00
6347e02b91
Create CVE-2016-1000149.yaml
2021-08-02 06:10:17 +07:00
54f927329d
Create CVE-2016-1000148.yaml
2021-08-02 06:09:14 +07:00
81572ce596
Merge pull request #2292 from geeknik/patch-4
...
Update CVE-2021-31581.yaml
2021-08-02 02:09:32 +05:30
b04dc13dcd
Update CVE-2021-31581.yaml
2021-08-02 02:08:28 +05:30
a24977aab9
Update CVE-2020-6637.yaml
2021-08-02 01:42:01 +05:30
d416aea142
Merge pull request #2279 from gy741/rule-add-v45
...
Create CVE-2021-36380.yaml
2021-08-02 01:36:56 +05:30
ebf1653d65
Update CVE-2021-36380.yaml
2021-08-02 01:33:10 +05:30
454e11f6c4
Merge pull request #2271 from pikpikcu/patch-240
...
Update JIRA SSRF
2021-08-02 01:31:27 +05:30
f5982c5d28
Update CVE-2019-8451.yaml
2021-08-02 01:30:00 +05:30
5023dd6f9c
Update CVE-2019-8451.yaml
2021-08-02 01:27:40 +05:30
c7778257c3
Update CVE-2019-8451.yaml
2021-08-02 01:22:49 +05:30
56d3a2f1bd
Merge pull request #2284 from pikpikcu/patch-242
...
Update CVE-2019-0221
2021-08-02 01:17:36 +05:30
76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
...
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
5c22441bac
Update CVE-2021-3223.yaml
2021-08-02 01:11:43 +05:30
9cbb151600
Update CVE-2021-31581.yaml
...
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285 . 👍🏻
2021-08-01 10:59:39 -05:00
03dfb4bff6
More references
2021-08-01 09:16:33 +03:00
3de7af6018
Better reference
2021-08-01 09:14:14 +03:00
ac70ba03c7
description and reference
2021-08-01 09:12:12 +03:00
21b17993be
Better references
2021-08-01 09:10:14 +03:00
9dc30c37a2
Description and reference
2021-08-01 08:57:40 +03:00
734dde35cc
Fix FP - https://github.com/projectdiscovery/nuclei-templates/issues/2217
2021-08-01 08:52:30 +03:00
0653fdc498
Update CVE-2019-0221.yaml
2021-08-01 09:43:53 +07:00
7f608a2d57
Create CVE-2012-4253.yaml
2021-08-01 07:33:05 +07:00
8801d2c380
Create CVE-2016-10993.yaml
2021-08-01 06:41:54 +07:00
b826d82268
Create CVE-2020-35598.yaml
2021-08-01 06:40:11 +07:00
0678e7d233
Create CVE-2021-36380.yaml
...
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
5b3529bad5
Create CVE-2021-21816.yaml
...
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
bc48231304
Merge pull request #2192 from gy741/rule-add-v41
...
Create CVE-2018-10818.yaml
2021-07-31 22:56:26 +05:30
620cd107c6
Update CVE-2018-10818.yaml
2021-07-31 22:55:55 +05:30
ae672521d9
Update CVE-2021-3223.yaml
2021-07-31 16:12:48 +07:00
3cb1abc436
Merge pull request #2268 from daffainfo/patch-117
...
Create CVE-2014-4535.yaml
2021-07-31 09:02:23 +05:30
dccd46c576
Merge pull request #2267 from daffainfo/patch-116
...
Create CVE-2019-12276.yaml
2021-07-31 09:00:52 +05:30
077191496a
Update CVE-2014-4535.yaml
2021-07-31 09:00:47 +05:30
8246b2356c
Update CVE-2019-12276.yaml
2021-07-31 08:58:19 +05:30
9c758ea8fb
Merge pull request #2275 from daffainfo/patch-118
...
Create CVE-2014-4536.yaml
2021-07-31 08:48:36 +05:30
b2e3670c91
Update CVE-2014-4536.yaml
2021-07-31 08:43:27 +05:30
9a47b53434
Update CVE-2012-0991.yaml
2021-07-31 08:41:41 +05:30
afe800c0db
Create CVE-2012-0991.yaml
2021-07-31 06:04:14 +07:00
3afcf2a755
Create CVE-2014-4536.yaml
2021-07-31 06:01:46 +07:00
1cce455f1c
Update CVE-2020-13927.yaml
...
Following the discussion https://github.com/projectdiscovery/nuclei-templates/discussions/1477 .
According to NIST, It's a critical issue.
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
2021-07-30 16:40:41 +02:00
ff344b0e49
Update CVE-2019-8451.yaml
2021-07-30 17:35:48 +05:30
5bf63d1811
Update JIRA SSRF
2021-07-30 18:50:31 +07:00
010f1a8700
Create CVE-2014-4535.yaml
2021-07-30 05:51:07 +07:00
189f59ba9d
Create CVE-2019-12276.yaml
2021-07-30 05:49:59 +07:00
10b35b4051
Merge pull request #2231 from daffainfo/patch-111
...
Create CVE-2009-5114.yaml
2021-07-29 18:35:08 +05:30
da3ba72db3
Create CVE-2020-11455.yaml
2021-07-29 05:43:07 +07:00
60be63be57
Merge pull request #2238 from pikpikcu/patch-235
...
Add iTop XSS
2021-07-29 00:23:17 +05:30
feb0af88eb
Update CVE-2015-6544.yaml
2021-07-29 00:16:01 +05:30
b3fdcb6bb3
Merge pull request #2240 from daffainfo/patch-113
...
Create CVE-2019-14312.yaml
2021-07-29 00:11:17 +05:30
249766aff1
Merge pull request #2243 from pikpikcu/patch-238
...
Add CVE-2015-8349
2021-07-29 00:09:55 +05:30
f6b2676b00
Update CVE-2015-8349.yaml
2021-07-28 23:24:32 +05:30
2b719b9fdb
Update CVE-2015-3648.yaml
2021-07-28 15:28:21 +05:30
56a7c8095e
Create CVE-2015-3648.yaml
2021-07-28 13:00:02 +07:00
e3af07706d
Create CVE-2015-8349.yaml
2021-07-28 12:45:44 +07:00
Prince Chaddha
Prince Chaddha
Muhammad Daffa
Geeknik Labs
Sandeep Singh
mass0ma
PikPikcU
GwanYeong Kim
Dwi Siswanto
Harsh Jaiswal
Noam Rathaus
r3dg33k
Toufik Airane