0036549365
Merge pull request #199 from Techbrunch/patch-1
...
Create jira-unauthenticated-user-picker.yaml
2020-07-06 15:59:07 +05:30
d2eb42f149
Update jira-unauthenticated-user-picker.yaml
...
Fix spaces
2020-07-06 12:28:08 +02:00
0fc1212d8f
Create jira-unauthenticated-user-picker.yaml
...
Through the user picker functionality within Jira your user base information could be available to anonymous users. The Browse User Global Permission allows a user to view a list of all Jira user names and group names, share issues, and @mention people on issues. This is used for selecting users/groups in popup screens and also enables auto-completion of usernames in most 'User Picker' menus and popups.
If you grant this permission to the Anyone group, you will be allowing anonymous users access to the endpoints that provide a list of users.
Remediation: Ensure that this permission is restricted to specific groups that require it. You can restrict it in Administration > System > Global Permissions.
2020-07-06 12:23:09 +02:00
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
295f836a39
updated condition
2020-07-06 13:54:03 +05:30
69e4f714e3
Merge pull request #196 from dwisiswant0/custom-workflows
...
Updating current workflows & Add BIG-IP Pwner Workflow
2020-07-06 10:59:10 +05:30
257dca57fe
🔨 Update Springboot Actuators detection
2020-07-06 11:26:40 +07:00
abac4ea061
📝 Update current examples of workflows
2020-07-06 10:06:05 +07:00
72fcb6ac03
🔥 Add BIG-IP Pwner Workflow
2020-07-06 08:46:04 +07:00
c3a0b6c5a6
🔨 Update BIG-IP Configuration Utility detection matchers
2020-07-06 08:45:33 +07:00
550a559108
✏️ Replace '-' to '_' on variable workflows
2020-07-06 08:39:23 +07:00
25d5c5afb0
🔥 BIG-IP Configuration Utility detection
2020-07-06 08:36:25 +07:00
3d150d7825
➖ Remove BIG-IP Config Utility Detect
2020-07-06 08:33:50 +07:00
aece3c81f1
Merge pull request #195 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 22:28:56 +05:30
dfe6244c7e
Update CVE-2020-5902.yaml
2020-07-05 21:51:24 +05:30
22c21c3b4a
Merge pull request #194 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 21:50:21 +05:30
0fe4c5ee3d
Update CVE-2020-5902.yaml
2020-07-05 21:47:48 +05:30
a06dbcecf2
Merge pull request #193 from Mad-robot/master
...
Update CVE-2020-5902.yaml
2020-07-05 21:46:47 +05:30
4f63a86229
Update CVE-2020-5902.yaml
2020-07-05 21:45:24 +05:30
142b96e8bc
Merge pull request #192 from Mad-robot/master
...
Create CVE-2018-3714.yaml
2020-07-05 21:28:53 +05:30
06388ed981
Create CVE-2018-3714.yaml
...
https://hackerone.com/reports/309124
2020-07-05 21:19:09 +05:30
0719260160
Merge pull request #191 from bsysop/patch-1
...
Rename wordpress-user-enumaration.yaml to wordpress-user-enumeration.…
2020-07-05 18:47:30 +05:30
8a221a61e0
Rename wordpress-user-enumaration.yaml to wordpress-user-enumeration.yaml
...
Typo fix
2020-07-05 10:14:24 -03:00
a1eaee2af4
Merge pull request #188 from dwisiswant0/add-custom-workflows
...
Add custom workflows
2020-07-05 14:06:24 +05:30
7d9e2ee2e9
🔥 Add custom workflows
2020-07-05 15:30:28 +07:00
27ddfd3d15
Merge pull request #187 from Mad-robot/master
...
CVE-2020-5902 F5 BIG-IP TMUI
2020-07-05 01:13:54 -07:00
193d536685
CVE-2020-5902 F5 BIG-IP TMUI
...
Version:
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
2020-07-05 13:41:58 +05:30
79291e9e54
🔥 BIG-IP Configuration Utility detection
2020-07-05 15:04:32 +07:00
695afb7a96
✏️ Rename to CVE-2019-16759
2020-07-05 14:20:36 +07:00
3d0898c8fb
Merge pull request #185 from bing0o/master
...
Create CVE-2019-15043.yaml
2020-07-05 10:04:07 +05:30
8a338f93cb
⚠️ Clear Yamllint warnings
2020-07-04 23:32:47 +07:00
40e627d9db
🔨 Escaping payload - CVE-2020-7961
2020-07-04 23:29:12 +07:00
09df55940c
🔥 Add 0day RCE in vBulletin v5.0.0-v5.5.4
2020-07-04 22:56:10 +07:00
56e21957a3
🔨 Update payload & matchers - CVE-2020-7961
2020-07-04 22:55:40 +07:00
c40cd5259f
Create CVE-2019-15043.yaml
2020-07-04 14:05:56 +01:00
84f05e3fec
Update s3-subtakeover.yaml
2020-07-04 17:00:35 +05:30
b8e86d44f7
Merge pull request #183 from secureITmania/master
...
S3 takeover pattern
2020-07-04 16:57:49 +05:30
54140411ce
S3 takeover pattern
2020-07-04 16:40:36 +05:30
30cebddb8a
Delete s3-takeover.yaml
...
YAML format error
2020-07-04 16:38:46 +05:30
e2e9261db0
Update s3-takeover.yaml
...
YAML-formatter validate
2020-07-04 14:57:49 +05:30
86e4b5a478
S3 takeover pattern
...
I recently identified a subdomain takeover in one of Bug Bounty programs. I notice this pattern was not defined in the old templates. So I added this pattern
Happy Hunting
2020-07-04 13:41:27 +05:30
765b15d79a
Update ntlm-directories.yaml
2020-07-04 10:58:15 +05:30
6004fdeb88
Merge pull request #181 from manuelbua/ntlm-dirs-fixes
...
NTLM directories detection fixes
2020-07-04 10:57:41 +05:30
cd4da8998a
Perform comparison on the normalized header name
2020-07-03 23:07:32 +02:00
ec5b66a941
Remove duplicate entries
2020-07-03 23:06:50 +02:00
243e478cdd
Merge pull request #178 from dwisiswant0/add-cves
...
Add CVEs (CVE-2020-9757, CVE-2020-8982, CVE-2020-8091, CVE-2020-8982)
2020-07-03 23:45:43 +05:30
fc3bc06f65
🔥 Add SEOmatic SSTI (CVE-2020-9757)
2020-07-04 00:56:51 +07:00
53a9952dc7
🔥 Add Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read (CVE-2020-8982)
2020-07-04 00:56:16 +07:00
b427cfc641
🔥 TYPO3 XSS (CVE-2020-8091)
2020-07-04 00:55:17 +07:00
919d657c41
🔥 Add Liferay Portal Unauthenticated RCE (CVE-2020-8982)
2020-07-04 00:54:34 +07:00
bauthard
Techbrunch
dw1
SaN ThosH
bsysop
Ice3man
med pro
secureITmania
Manuel Bua