38b456eb34
safe payload + reference
2021-09-02 00:04:06 +05:30
ff05dfd60b
Create CVE-2021-31856.yaml
2021-09-01 17:45:54 +05:30
8d5172ed62
Removed unused headers
...
Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-01 02:11:40 +05:30
f1f5add797
Added CVE-2021-26084
...
Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-01 02:10:27 +05:30
eb820fe1f2
Update CVE-2021-24288.yaml
2021-08-31 11:07:38 +05:30
886c06b53e
Rename CVE-2021-24288.yaml to cves/2021/CVE-2021-24288.yaml
2021-08-31 10:57:44 +05:30
0e9ce643db
Updated
2021-08-30 12:51:47 +03:00
ac68ef0e9a
misc updates
2021-08-29 14:44:12 +05:30
5f446d4553
Updated description
2021-08-29 09:47:35 +03:00
5526895971
Fix description
2021-08-29 09:45:32 +03:00
f6e9fea5c4
Update the description
2021-08-29 09:43:37 +03:00
a4250b8f2f
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-26 15:04:14 +03:00
7a2138a8c8
few updates
2021-08-26 15:27:01 +05:30
9ada252cdb
misc update
2021-08-26 15:25:05 +05:30
7a468632dc
Create CVE-2021-26086.yaml
2021-08-26 10:45:56 +07:00
05305904ef
more strict matchers
2021-08-26 02:43:53 +05:30
110f9c9ddd
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-24 20:38:11 +03:00
9e4b63b669
Merge pull request #2475 from pajoda/CVE-2021-37538
...
Create CVE-2021-37538.yaml
2021-08-24 18:35:53 +05:30
5410d9ab85
minor update
2021-08-24 18:35:13 +05:30
8361cbe8c3
Update CVE-2021-21234.yaml
2021-08-24 15:19:47 +05:30
bdd2f700be
Update CVE-2021-21234.yaml
2021-08-24 14:16:14 +05:30
63e208e3d7
Update CVE-2021-21234.yaml
2021-08-24 14:47:25 +07:00
11b6899c9e
Create CVE-2021-37538.yaml
2021-08-24 01:42:35 +00:00
91a429c5d1
minor update
2021-08-21 01:12:52 +05:30
611d5f76dd
Create CVE-2021-32819.yaml
2021-08-20 20:19:00 +07:00
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
3f803deb28
more updates
2021-08-20 02:14:42 +05:30
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
2510c01fac
Merge pull request #2419 from dwisiswant0/add/CVE-2021-38751
...
Add CVE-2021-38751
2021-08-19 20:09:48 +05:30
97d4f8705b
Fixed mistakes/typos
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
0b432b341b
Added comments with URLs under the "references" field
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
33ec4eddbf
Update regEx matcher
2021-08-19 06:39:09 +07:00
09cf9f35eb
Update matcher using regex instead
2021-08-18 20:54:49 +07:00
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
4c920b2552
Rename "references" to "reference" to match the expected template info structure
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
f021817d65
Update CVE-2021-38702.yaml
2021-08-17 22:06:37 +05:30
888c9a4573
Create CVE-2021-38702.yaml
2021-08-17 08:11:02 -05:00
7bb40042a3
Update CVE-2021-38751.yaml
2021-08-17 17:13:45 +05:30
ec9b83bd1f
Update CVE-2021-38751.yaml
2021-08-17 17:12:51 +05:30
beb11d77e3
Update CVE-2021-32030.yaml
2021-08-17 17:05:12 +05:30
8fa76f68f6
Add CVE-2021-38751
2021-08-17 02:18:49 +07:00
c11328da0b
Create CVE-2021-32030.yaml
...
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-16 20:13:22 +09:00
272dec095d
Update CVE-2021-33807.yaml
2021-08-16 13:55:31 +05:30
b426441cf4
Update CVE-2021-33807.yaml
2021-08-16 06:47:56 +07:00
fa8c120f90
Create CVE-2021-33807.yaml
2021-08-16 06:47:24 +07:00
e9e84a4b36
minor update
2021-08-15 00:57:33 +05:30
b15ed3324c
Include path for unpatched old versions
2021-08-14 19:18:15 +00:00
5d3d6ca911
Maintain matcher and extractor consistency
2021-08-14 18:56:37 +00:00
c9fa891245
Improve template metadata
2021-08-14 16:34:59 +00:00
180219cc63
Add CVE-2021-37704 template
2021-08-14 16:22:35 +00:00
09e48ac8b4
Merge pull request #2396 from geeknik/patch-18
...
Create CVE-2021-37573.yaml
2021-08-14 14:43:11 +05:30
b5123f5abe
Update CVE-2021-37573.yaml
2021-08-14 14:40:52 +05:30
4c811a4dc2
Update CVE-2021-3017.yaml
2021-08-14 14:03:43 +05:30
09284afb09
Update CVE-2021-3017.yaml
2021-08-14 13:58:04 +05:30
916d421b98
Update CVE-2021-3017.yaml
2021-08-14 13:56:56 +05:30
29e8c790fc
Create CVE-2021-3017.yaml
2021-08-14 13:32:59 +07:00
344fba3089
Update CVE-2021-37573.yaml
2021-08-13 17:17:35 -05:00
eed8e2e573
Update CVE-2021-37573.yaml
2021-08-13 17:17:18 -05:00
1ea3dfe3b7
Create CVE-2021-37573.yaml
2021-08-13 17:14:13 -05:00
035ee06740
Update CVE-2021-35464.yaml
2021-08-13 16:22:36 +05:30
c537e2ccd4
minor update
2021-08-12 22:09:42 +05:30
a0275a9aeb
Merge pull request #2370 from evait-security/master
...
add ProxyShell detection template
2021-08-12 22:08:59 +05:30
b69cd23cf4
minor updates
2021-08-12 21:24:09 +05:30
a69a8718c7
removing extra headers
2021-08-12 14:11:49 +05:30
7c076d7e0e
Added CVE-2021-20092
2021-08-11 18:28:37 +05:30
b64f472b91
Added CVE-2021-20091
2021-08-11 17:58:20 +05:30
76d184331c
minor update
2021-08-11 17:57:58 +05:30
74a17976a8
Update CVE-2021-20090.yaml
2021-08-10 22:23:57 +05:30
d84eb0fd7e
Added CVE-2021-20090
2021-08-10 22:21:46 +05:30
36e43b66ec
follow redirect, compare body instead of status code, eliminate false positives
2021-08-10 10:53:58 +02:00
ff558bd94e
add second url for more stable detection
2021-08-10 10:17:37 +02:00
99d41391e7
add ProxyShell detection template
2021-08-10 09:59:06 +02:00
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
28f1036194
minor update
2021-08-08 22:57:07 +05:30
b59341b273
minor update
2021-08-06 21:23:46 +05:30
34f905286a
moving files around
2021-08-05 12:52:50 +05:30
40f3693456
Added page specific matcher
2021-08-04 21:32:50 +05:30
c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
7aa7401f3a
Merge pull request #2278 from gy741/rule-add-v44
...
Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30
a1d73379aa
Added CVE-2021-27561
2021-08-02 18:25:13 +05:30
c670df2925
Update CVE-2021-21816.yaml
2021-08-02 17:57:09 +05:30
5c7a745e04
Merge pull request #2298 from gy741/rule-add-v47
...
Create CVE-2021-3297.yaml
2021-08-02 17:18:29 +05:30
27f96f96c4
Update CVE-2021-3297.yaml
2021-08-02 17:12:42 +05:30
2c0ecb01b3
Update CVE-2021-3297.yaml
2021-08-02 17:09:52 +05:30
bae8422cfb
Update CVE-2021-3297.yaml
2021-08-02 17:06:07 +05:30
37608a954c
Description
2021-08-02 12:56:17 +03:00
6950d325e6
Update description
2021-08-02 12:55:21 +03:00
6f2d74337e
Add CVE-2021-29484.yaml
2021-08-02 13:28:24 +05:30
bfa043e51f
Create CVE-2021-3297.yaml
...
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 16:35:38 +09:00
81572ce596
Merge pull request #2292 from geeknik/patch-4
...
Update CVE-2021-31581.yaml
2021-08-02 02:09:32 +05:30
b04dc13dcd
Update CVE-2021-31581.yaml
2021-08-02 02:08:28 +05:30
d416aea142
Merge pull request #2279 from gy741/rule-add-v45
...
Create CVE-2021-36380.yaml
2021-08-02 01:36:56 +05:30
ebf1653d65
Update CVE-2021-36380.yaml
2021-08-02 01:33:10 +05:30
76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
...
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
5c22441bac
Update CVE-2021-3223.yaml
2021-08-02 01:11:43 +05:30
9cbb151600
Update CVE-2021-31581.yaml
...
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285 . 👍🏻
2021-08-01 10:59:39 -05:00
03dfb4bff6
More references
2021-08-01 09:16:33 +03:00
3de7af6018
Better reference
2021-08-01 09:14:14 +03:00
0678e7d233
Create CVE-2021-36380.yaml
...
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
5b3529bad5
Create CVE-2021-21816.yaml
...
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
ae672521d9
Update CVE-2021-3223.yaml
2021-07-31 16:12:48 +07:00
12b832cc36
Create CVE-2021-32305.yaml
...
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 09:24:35 +09:00
9c66387f0f
More CVEs Template
2021-07-26 22:48:45 +05:30
b990243906
uniform tags
2021-07-26 14:25:43 +05:30
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
7d72783090
WIP improvements
2021-07-22 16:32:37 +05:30
938fdeec8f
Added CVE-2021-34429 and fixed related templates
2021-07-22 15:23:19 +05:30
8d8f39c26f
Create CVE-2021-32820.yaml
2021-07-21 10:40:13 +05:30
7020d17f13
Merge pull request #2107 from daffainfo/patch-90
...
Create CVE-2021-23241.yaml
2021-07-20 17:26:37 +05:30
8f8105bb99
Update CVE-2021-23241.yaml
2021-07-20 16:00:00 +05:30
41c9c3e3f9
Update CVE-2021-23241.yaml
2021-07-20 14:25:37 +05:30
86a7fad73a
Update CVE-2021-23241.yaml
2021-07-20 14:23:39 +05:30
1fc173982d
Update CVE-2021-21479.yaml
2021-07-20 14:22:31 +05:30
c63bb91bdb
Create CVE-2021-23241.yaml
2021-07-20 15:52:10 +07:00
94511129f6
Merge pull request #2076 from dwisiswant0/GHSL-2020-227
...
Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479
2021-07-20 14:20:31 +05:30
d738d2c9a3
Update CVE-2021-21479.yaml
2021-07-20 14:18:21 +05:30
b10b8a61b8
Update CVE-2021-21479.yaml
2021-07-20 14:16:30 +05:30
0af69ac0fd
Update CVE-2021-21479.yaml
2021-07-20 14:15:45 +05:30
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
eb15971f16
Merge pull request #2096 from geeknik/patch-4
...
Create CVE-2021-26475.yaml
2021-07-20 11:53:45 +05:30
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
9d19d5fb5b
description update
2021-07-20 00:12:01 +05:30
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30
39acc90454
Create CVE-2021-26475.yaml
...
CVE-2021-26475 -- EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
2021-07-19 08:34:21 -05:00
eec253fdd8
minor update
2021-07-19 16:53:47 +05:30
707083438e
Update CVE-2021-24389.yaml
2021-07-19 11:37:51 +05:30
751f4e099c
Update CVE-2021-24335.yaml
2021-07-19 11:37:18 +05:30
c8ee50bd9b
Update CVE-2021-24320.yaml
2021-07-19 11:36:45 +05:30
06a82e2c78
Update CVE-2021-24298.yaml
2021-07-19 11:36:11 +05:30
77fd227376
Update CVE-2021-24498.yaml
2021-07-19 10:45:58 +05:30
556a94136b
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-19 10:40:50 +05:30
f9c8314092
Merge pull request #2077 from gy741/rule-add-v27
...
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
2021-07-18 23:17:40 +05:30
c56680cef3
Additional matcher
2021-07-18 23:14:19 +05:30
9971674b36
Update CVE-2021-21479.yaml
2021-07-18 22:54:34 +05:30
3088fb5431
Removing CVE-2021-24213
...
As per blog - https://bentl.ee/posts/cve-givewp/
> This vulnerability requires user interaction from an admin in order to be exploited.
2021-07-18 22:39:37 +05:30
76e95ac1e5
Minor improvements
2021-07-18 22:36:15 +05:30
22fa4de8d8
Update CVE-2021-21307.yaml
2021-07-18 19:33:28 +05:30
e692d81999
Update CVE-2021-21307.yaml
2021-07-18 19:24:46 +05:30
0a8d2ffdcc
Create CVE-2021-21307.yaml
2021-07-18 19:19:19 +05:30
4414ff60db
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
...
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 22:12:01 +09:00
0a01f0cd79
Create CVE-2021-24213.yaml
2021-07-18 16:44:57 +05:30
e4b2316bf0
Add CVE-2021-21479
2021-07-18 11:11:56 +07:00
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
9360b48a90
Create CVE-2021-24235.yaml
2021-07-15 18:03:53 +07:00
456f5d6b15
Merge pull request #2014 from daffainfo/patch-57
...
Create CVE-2021-24320.yaml
2021-07-15 14:51:34 +05:30
d00d4f37f5
Update CVE-2021-24320.yaml
2021-07-15 14:43:35 +05:30
39def9b6e1
Merge pull request #2008 from daffainfo/patch-53
...
Create CVE-2021-24335.yaml
2021-07-15 14:35:27 +05:30
d73599eb3c
Merge pull request #2006 from daffainfo/patch-51
...
Create CVE-2021-24389.yaml
2021-07-15 14:32:09 +05:30
799e7109c3
Update CVE-2021-24389.yaml
2021-07-15 14:30:23 +05:30
7a1e276d7b
Update CVE-2021-24335.yaml
2021-07-15 14:27:55 +05:30
2f41c4de62
Update CVE-2021-24298.yaml
2021-07-15 14:15:49 +05:30
1c729ab1ea
Create CVE-2021-31755.yaml
...
Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 15:09:26 +09:00
031cd24480
Create CVE-2021-24298.yaml
2021-07-15 10:52:21 +07:00
ca75afe52c
Create CVE-2021-24320.yaml
2021-07-15 10:38:35 +07:00
e34ec6c05c
Create CVE-2021-24335.yaml
2021-07-15 07:06:50 +07:00
6a0d2d2b90
Create CVE-2021-24389.yaml
2021-07-15 06:54:35 +07:00
b6ec1c2abb
Added reference
2021-07-13 19:22:59 +05:30
b4e21feadd
Rename cve-2021-24472.yaml to CVE-2021-24472.yaml
2021-07-13 19:21:21 +05:30
6d6b30e9cf
matcher update
2021-07-13 19:20:10 +05:30
9aeac41fbc
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-07-13 18:42:05 +05:30
9a09d52520
Merge pull request #1951 from gy741/rule-add-v22
...
Create CVE-2021-33544.yaml
2021-07-13 16:30:44 +05:30
43d4644164
Update CVE-2021-33544.yaml
2021-07-13 16:29:55 +05:30
bb53177a74
Update CVE-2021-33544.yaml
2021-07-13 16:26:33 +05:30
89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148
2021-07-13 05:01:01 +05:30
a91516cbb5
Misplaced of CVE-2020-24148
2021-07-13 05:24:03 +07:00
e23f378fe8
Merge pull request #1943 from gy741/rule-add-v21
...
Create CVE-2021-30497.yaml
2021-07-13 01:00:59 +05:30
dec41b5631
Merge pull request #1950 from dwisiswant0/add/CVE-2020-24148
...
Add CVE-2020-24148
2021-07-13 00:52:08 +05:30
0e1e727bb1
Create CVE-2021-33544.yaml
...
Multiple vulnerabilities in the web-based management interface of Geutebruck could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
CVE-2021-33543 : Authentication Bypass
CVE-2021-33544 : Command injection multiple parameters
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-12 13:10:31 +09:00
4ea2c71a3d
Add CVE-2020-24148
2021-07-12 09:24:50 +07:00
c0f5105dcf
Create CVE-2021-30497.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-11 18:31:18 +09:00
25dcb930ad
Added CVE-2021-29156
2021-07-11 14:39:41 +05:30
01ae482fe8
Added CVE-2021-34621
2021-07-10 22:31:08 +05:30
97023903a0
Merge pull request #1918 from gy741/rule-add-v19
...
Create Hongdian Vulnerability
2021-07-10 21:24:56 +05:30
5ca472b43e
Merge pull request #1880 from gy741/rule-add-v13
...
Create CVE-2021-1497.yaml
2021-07-10 20:55:14 +05:30
1cd29628aa
more reference
2021-07-10 20:54:04 +05:30
7f37050361
Added HTTP check
2021-07-10 20:53:23 +05:30
dd9e85a29c
Added missing condition
2021-07-10 20:47:20 +05:30
1e8aa5288f
Update CVE-2021-1497.yaml
2021-07-10 20:45:00 +05:30
767f173f88
minor updates
2021-07-10 18:45:09 +05:30
3bf1c929ed
Create Hongdian Vulnerability
...
CVE-2021-28149 : Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
CVE-2021-28150 : Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
CVE-2021-28151 : Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-10 21:16:35 +09:00
c2f87a94c6
Added complete RCE chain
2021-07-10 13:42:09 +05:30
d5cbcec079
Update CVE-2021-22214.yaml
...
dns interaction doesn't prove exploitability
2021-07-07 03:50:13 +00:00
2aa91bbf24
Rename cve-2021-24387.yaml to CVE-2021-24387.yaml
2021-07-06 20:29:47 +05:30
78617f6012
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
2021-07-06 19:51:53 +05:30
59199ad35e
Update CVE-2021-28918.yaml
...
Removed version as multiple reference includes multiple versions.
2021-07-06 12:45:50 +05:30
7fb23a24b9
minor update
2021-07-06 12:41:16 +05:30
ede7ca07d0
Fixing Trailing Spaces
...
As stated.
2021-07-06 01:05:03 -06:00
5d74f7e2e4
Update CVE-2021-28918.yaml
...
Fixing trailing spaces.
2021-07-06 01:03:18 -06:00
7dd0795296
Create Netmask SSRF Template
...
The basic test to fuzz for the netmask SSRF vulnerability would be to use an Octal payload that resolves to the localhost. I limited it to 4 basic testing payloads as to not slow down the speed of a full-length CVE directories test.
2021-07-06 00:50:43 -06:00
6dd96ede94
Added additional reference
2021-07-06 12:12:09 +05:30
fc68a95803
Template Name/ID update as per assigned CVE
2021-07-06 12:07:53 +05:30
71dd0de29d
Create CVE-2021-1497.yaml
...
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-06 09:30:13 +09:00
56ccb9f3a4
Merge pull request #1822 from Akokonunes/patch-13
...
Create CVE-2021-24210.yaml
2021-07-01 00:00:03 +05:30
f44c3e597f
Update and rename CVE-2021-24210.yaml to cves/2021/CVE-2021-24210.yaml
2021-06-30 23:45:27 +05:30
87a1d1acce
Merge pull request #1823 from Akokonunes/patch-14
...
Create CVE-2021-24406.yaml
2021-06-30 23:44:03 +05:30
6a6607c282
Update and rename CVE-2021-24406.yaml to cves/2021/CVE-2021-24406.yaml
2021-06-30 23:43:06 +05:30
dbcdbe907e
Merge pull request #1797 from Mad-robot/patch-2
...
Create CVE-2021-29203.yaml
2021-06-30 21:27:35 +05:30
2d63ddfa20
minor update
2021-06-30 21:27:06 +05:30
3602eebf6c
Merge pull request #1780 from wwilson83H3/master
...
The default request never flagged druid in my env. Replaced with MSF …
2021-06-30 20:32:14 +05:30
d1f47657a9
Update CVE-2021-25646.yaml
2021-06-30 20:31:15 +05:30
cfcb739fbc
more changes
2021-06-30 20:28:41 +05:30
498586e854
Added additional matcher and full exploit chain details
2021-06-30 03:01:13 +05:30
8b0b2a169d
Update CVE-2021-35464.yaml
2021-06-29 18:02:33 +05:30
2d4c8cb434
Create CVE-2021-35464.yaml
2021-06-29 17:26:37 +05:30
8ae56492d8
Update CVE-2021-29203.yaml
2021-06-29 10:13:41 +05:30
40782db039
Merge pull request #1771 from gy741/rule-add-v7
...
Create CVE-2021-3223.yaml
2021-06-28 21:43:59 +05:30
b97811a143
Update CVE-2021-3223.yaml
2021-06-28 21:43:04 +05:30
cb5c53aef3
Create CVE-2021-29203.yaml
2021-06-26 13:40:30 +05:30
bae4998f81
Merge pull request #1766 from gy741/rule-add-v6
...
Create CVE-2021-21234.yaml
2021-06-25 16:50:36 +05:30
2d40d90715
Update CVE-2021-21234.yaml
2021-06-25 12:53:22 +05:30
426abedcfa
severity updates as per CVE database
2021-06-25 00:05:59 +05:30
e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187
...
Create CVE-2021-28169.yaml
2021-06-25 00:02:51 +05:30
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
809668943f
minor changes
2021-06-24 23:54:29 +05:30
16e5ad7fad
The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now
2021-06-24 13:37:45 -04:00
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00
sandeep
Prince Chaddha
Noam Rathaus
forgedhallpass
Bùi Đại Gia
Prince Chaddha
PikPikcU
pajoda
Dwi Siswanto
Geeknik Labs
GwanYeong Kim
Muhammad Daffa
SaN ThosH
Paul Werther
Harsh Jaiswal
Dhiyaneshwaran
Suman Kar
Suman Kar
John Jackson
sandeep
wyatt
lulz