daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,391 Commits
17 Branches
0 Tags
160 MiB
Commit Graph

1158 Commits (bd5823ea54cd59ebb1b4d6cc6882b64121933f12)

Author SHA1 Message Date
MostInterestingBotInTheWorld 2af991eaac
Enhancement: cves/2021/CVE-2021-1497.yaml by cs (#3716) 2022-02-16 11:11:34 -05:00
MostInterestingBotInTheWorld e5e0e1ebf4
Dashboard Content Enhancements (#3711) 
* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1340.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1315.yaml by mp

* Enhancement: cves/2010/CVE-2010-1314.yaml by mp

* Enhancement: cves/2010/CVE-2010-1313.yaml by mp

* Enhancement: cves/2010/CVE-2010-1312.yaml by mp

* Enhancement: cves/2010/CVE-2010-1308.yaml by mp

* Enhancement: cves/2010/CVE-2010-1307.yaml by mp

* Enhancement: cves/2010/CVE-2010-1306.yaml by mp

* Enhancement: cves/2010/CVE-2010-1305.yaml by mp

* Enhancement: cves/2010/CVE-2010-1304.yaml by mp

* Enhancement: cves/2010/CVE-2010-1302.yaml by mp

* Enhancement: cves/2010/CVE-2010-1219.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1354.yaml by mp

* Enhancement: cves/2010/CVE-2010-1461.yaml by mp

* Enhancement: cves/2010/CVE-2010-1469.yaml by mp

* Enhancement: cves/2010/CVE-2010-1470.yaml by mp

* Enhancement: cves/2010/CVE-2010-1471.yaml by mp

* Enhancement: cves/2010/CVE-2010-1472.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1476.yaml by mp

* Enhancement: cves/2010/CVE-2010-1478.yaml by mp

* Enhancement: cves/2010/CVE-2010-1491.yaml by mp

* Enhancement: cves/2010/CVE-2010-1494.yaml by mp

* Enhancement: cves/2010/CVE-2010-1495.yaml by mp

* Enhancement: cves/2010/CVE-2010-1531.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: cves/2016/CVE-2016-4975.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-google.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs

* Enhancement: cves/2021/CVE-2021-1497.yaml by cs

* Spacing fixes and enhancement to CNVD-2019-01348.yaml

* Spacing fixes, and enhancement to CNVD-2019-01348.yaml

* Merge artifact

* Spacing

* Minor tags cleanup

* Enhancement: cves/2010/CVE-2010-1532.yaml by mp

* Enhancement: cves/2010/CVE-2010-1533.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1603.yaml by mp

* Enhancement: cves/2010/CVE-2010-1607.yaml by mp

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2010/CVE-2010-1657.yaml by mp

* Enhancement: cves/2010/CVE-2010-1657.yaml by mp

* Enhancement: cves/2010/CVE-2010-1658.yaml by mp

* Enhancement: cves/2010/CVE-2010-1659.yaml by mp

* Enhancement: cves/2010/CVE-2010-1714.yaml by mp

* Enhancement: cves/2010/CVE-2010-1715.yaml by mp

* Enhancement: cves/2010/CVE-2010-1532.yaml by mp

* Enhancement: cves/2010/CVE-2010-1533.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1717.yaml by mp

* Enhancement: cves/2010/CVE-2010-1718.yaml by mp

* Enhancement: cves/2010/CVE-2010-1719.yaml by mp

* Enhancement: cves/2010/CVE-2010-1722.yaml by mp

* Enhancement: cves/2010/CVE-2010-1723.yaml by mp

* Enhancement: cves/2010/CVE-2010-1858.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: cves/2010/CVE-2010-1875.yaml by mp

* Enhancement: cves/2010/CVE-2010-1878.yaml by mp

* Enhancement: cves/2010/CVE-2010-1952.yaml by mp

* Enhancement: cves/2010/CVE-2010-1953.yaml by mp

* Enhancement: cves/2010/CVE-2010-1954.yaml by mp

* Enhancement: cves/2010/CVE-2010-1955.yaml by mp

* Enhancement: cves/2010/CVE-2010-1956.yaml by mp

* Information Enhancements

Co-authored-by: sullo <sullo@cirt.net>
 2022-02-16 04:17:54 +05:30
MostInterestingBotInTheWorld 25938bc625
Dashboard (#3706) 
* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1340.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1315.yaml by mp

* Enhancement: cves/2010/CVE-2010-1314.yaml by mp

* Enhancement: cves/2010/CVE-2010-1313.yaml by mp

* Enhancement: cves/2010/CVE-2010-1312.yaml by mp

* Enhancement: cves/2010/CVE-2010-1308.yaml by mp

* Enhancement: cves/2010/CVE-2010-1307.yaml by mp

* Enhancement: cves/2010/CVE-2010-1306.yaml by mp

* Enhancement: cves/2010/CVE-2010-1305.yaml by mp

* Enhancement: cves/2010/CVE-2010-1304.yaml by mp

* Enhancement: cves/2010/CVE-2010-1302.yaml by mp

* Enhancement: cves/2010/CVE-2010-1219.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1354.yaml by mp

* Enhancement: cves/2010/CVE-2010-1461.yaml by mp

* Enhancement: cves/2010/CVE-2010-1469.yaml by mp

* Enhancement: cves/2010/CVE-2010-1470.yaml by mp

* Enhancement: cves/2010/CVE-2010-1471.yaml by mp

* Enhancement: cves/2010/CVE-2010-1472.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1476.yaml by mp

* Enhancement: cves/2010/CVE-2010-1478.yaml by mp

* Enhancement: cves/2010/CVE-2010-1491.yaml by mp

* Enhancement: cves/2010/CVE-2010-1494.yaml by mp

* Enhancement: cves/2010/CVE-2010-1495.yaml by mp

* Enhancement: cves/2010/CVE-2010-1531.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: cves/2016/CVE-2016-4975.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-google.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs

* Enhancement: cves/2021/CVE-2021-1497.yaml by cs

* Spacing fixes and enhancement to CNVD-2019-01348.yaml

* Spacing fixes, and enhancement to CNVD-2019-01348.yaml

* Merge artifact

* Spacing

Co-authored-by: sullo <sullo@cirt.net>
 2022-02-15 11:39:56 +05:30
Sandeep Singh 99c131b1a6
Added Cobbler provisioning server Templates (#3698) 
Co-Authored-By: csh <25989137+c-sh0@users.noreply.github.com>

Co-authored-by: csh <25989137+c-sh0@users.noreply.github.com>
 2022-02-14 22:50:32 +05:30
sullo 4cf3791eb3
Merge pull request #3686 from MostInterestingBotInTheWorld/dashboard 
Dashboard Updates: Multiple content enhancements
 2022-02-08 17:07:01 -05:00
sullo a459b22355 Duplicate comment 2022-02-08 17:03:36 -05:00
Prince Chaddha c19dcd5c2a
Merge pull request #3683 from cckuailong/master 
add some wp plugins cves
 2022-02-09 01:39:00 +05:30
Prince Chaddha ba7c71e081
Update CVE-2021-24488.yaml 2022-02-09 00:57:33 +05:30
Prince Chaddha ce903c73f2
Update CVE-2021-24947.yaml 2022-02-09 00:55:00 +05:30
Prince Chaddha b64401ab02
Update CVE-2021-25052.yaml 2022-02-09 00:53:44 +05:30
Prince Chaddha 4fe9243d9d
Update CVE-2021-25008.yaml 2022-02-09 00:49:53 +05:30
Prince Chaddha 4fea6b14f4
Update CVE-2021-24991.yaml 2022-02-09 00:42:32 +05:30
Prince Chaddha 81a4316d2e
Update CVE-2021-24947.yaml 2022-02-09 00:38:33 +05:30
Prince Chaddha 2d3240a98f
Update CVE-2021-24926.yaml 2022-02-09 00:36:16 +05:30
Prince Chaddha a167a69be6
Update CVE-2021-24488.yaml 2022-02-09 00:32:39 +05:30
Prince Chaddha 1dc5ff098a
Update CVE-2021-24300.yaml 2022-02-09 00:19:44 +05:30
Prince Chaddha a657179cf2
Merge pull request #3667 from projectdiscovery/wp-templates 
Moving authenticated wp templates from issues
 2022-02-09 00:07:52 +05:30
Prince Chaddha ce2d45b355
Update CVE-2021-24510.yaml 2022-02-08 23:59:45 +05:30
Prince Chaddha 49c2f2816a
Update CVE-2021-34640.yaml 2022-02-08 23:59:30 +05:30
Prince Chaddha 495ca9dc6c
Update CVE-2021-20792.yaml 2022-02-08 23:56:17 +05:30
Prince Chaddha 5519bd7d67
Update CVE-2021-34643.yaml 2022-02-08 23:50:44 +05:30
Prince Chaddha eb324d24f4
Update CVE-2021-39322.yaml 2022-02-08 23:46:35 +05:30
MostInterestingBotInTheWorld 9f550a29ef Enhancement: cves/2021/CVE-2021-37538.yaml by mp 2022-02-08 11:46:14 -05:00
MostInterestingBotInTheWorld 35bcf2e361 Enhancement: cves/2021/CVE-2021-42237.yaml by mp 2022-02-08 11:40:30 -05:00
cckuailong f29d2b20df add some wp plugins cves 2022-02-08 09:07:19 +08:00
sullo 929f8e0f64
Merge pull request #3665 from MostInterestingBotInTheWorld/dashboard 
Enhancements: Various text cleanups
 2022-02-07 09:00:27 -05:00
Prince Chaddha 71abfd0939
Update CVE-2021-24510.yaml 2022-02-05 01:05:57 +05:30
Prince Chaddha 1be67200cb
Create CVE-2021-39322.yaml 2022-02-05 00:51:50 +05:30
Prince Chaddha 96b7380c80
Create CVE-2021-34643.yaml 2022-02-05 00:50:43 +05:30
Prince Chaddha 9a702c2c16
Create CVE-2021-34640.yaml 2022-02-05 00:49:25 +05:30
Prince Chaddha d4b4e69752
Create CVE-2021-24510.yaml 2022-02-05 00:48:10 +05:30
Prince Chaddha dbfa7efae0
Create CVE-2021-20792.yaml 2022-02-05 00:46:00 +05:30
sullo 8461d21658 Remove trailing spaces 2022-02-04 14:09:21 -05:00
Prince Chaddha 685495df91
Update CVE-2021-20158.yaml 2022-02-04 23:31:10 +05:30
GwanYeong Kim fcc39f52ee Create CVE-2021-20158.yaml 
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-02-05 01:29:16 +09:00
MostInterestingBotInTheWorld 811dc2d70e Enhancement: cves/2021/CVE-2021-26855.yaml by mp 2022-02-04 11:13:25 -05:00
MostInterestingBotInTheWorld 163ae2f24e
Merge branch 'projectdiscovery:master' into dashboard 2022-02-04 09:19:12 -05:00
Prince Chaddha 480dea094b
Update CVE-2021-20150.yaml 2022-02-04 01:20:39 +05:30
Prince Chaddha f846faa127
Update CVE-2021-20150.yaml 2022-02-04 01:13:30 +05:30
Prince Chaddha d2e4be88e6
Update CVE-2021-20150.yaml 2022-02-04 01:13:00 +05:30
GwanYeong Kim bc87c82d9b Create CVE-2021-20150.yaml 
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-02-03 18:06:04 +09:00
Prince Chaddha 99931f2e0b
Merge pull request #3651 from dwisiswant0/add/CVE-2021-32853 
Add CVE-2021-32853
 2022-02-03 02:16:08 +05:30
Prince Chaddha b023c8206e
Update CVE-2021-32853.yaml 2022-02-03 02:14:21 +05:30
Prince Chaddha 9f63a2f4fb
Update CVE-2021-32853.yaml 2022-02-03 02:06:26 +05:30
Prince Chaddha 110704dd3e
Update CVE-2021-32853.yaml 2022-02-03 02:01:24 +05:30
Prince Chaddha 6c39177ddc
Delete CVE-2021-32818.yaml 2022-02-03 01:11:45 +05:30
MostInterestingBotInTheWorld 0d1f876866 Enhancement: cves/2021/CVE-2021-37538.yaml by mp 2022-02-02 12:15:24 -05:00
Sandeep Singh 633205a001
Update CVE-2021-32853.yaml 2022-02-02 13:56:12 +05:30
Dwi Siswanto 940db2f928 Add CVE-2021-32853 2022-02-02 13:27:36 +07:00
Prince Chaddha cf9821e3b1
Update CVE-2021-26247.yaml 2022-02-02 00:48:29 +05:30
GitHub Action 8868b0f56b Auto Generated CVE annotations [Tue Feb 1 06:10:46 UTC 2022] 🤖 2022-02-01 06:10:46 +00:00
Dhiyaneshwaran a5bd8630c8
Create CVE-2021-32818.yaml 2022-02-01 11:39:12 +05:30
GitHub Action a18a19ff3c Auto Generated CVE annotations [Tue Feb 1 06:06:15 UTC 2022] 🤖 2022-02-01 06:06:15 +00:00
Dhiyaneshwaran bcc7113677
Create CVE-2021-26247.yaml 2022-02-01 11:34:51 +05:30
Prince Chaddha 8efaa0754e
Merge pull request #3633 from cckuailong/master 
add CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 - Stored XSS)
 2022-01-31 23:38:53 +05:30
Prince Chaddha cd221355ee
Update CVE-2021-46005.yaml 2022-01-31 23:34:34 +05:30
Prince Chaddha fb48b67f39
Update CVE-2021-46005.yaml 2022-01-31 23:29:36 +05:30
Roberto Nunes 9c4df9e91a
Create CVE-2021-25864.yaml (#3631) 
* Create CVE-2021-25864.yaml

* moving template to cves folder

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-31 14:36:37 +05:30
Sandeep Singh cfb6fff36d
removing trailing spaces 2022-01-29 19:24:58 +05:30
cckuailong 80b60ef829 add CVE-2021-46005 2022-01-29 21:22:44 +08:00
GitHub Action 7ce2191287 Auto Generated CVE annotations [Fri Jan 28 09:01:49 UTC 2022] 🤖 2022-01-28 09:01:49 +00:00
Prince Chaddha 850ae90f55
Update CVE-2021-45380.yaml 2022-01-28 10:59:21 +05:30
PikPikcU 4beabd88f9
Create CVE-2021-45380.yaml 2022-01-27 13:40:43 -05:00
GitHub Action 4bd8b86a3e Auto Generated CVE annotations [Thu Jan 27 10:22:20 UTC 2022] 🤖 2022-01-27 10:22:20 +00:00
Sandeep Singh 53da8a8206
Added CVE-2021-21973 (#3615) 
* Added CVE-2021-21973

* minor update
 2022-01-27 15:50:44 +05:30
GitHub Action 3a1d847b57 Auto Generated CVE annotations [Wed Jan 26 17:59:10 UTC 2022] 🤖 2022-01-26 17:59:10 +00:00
Smaran Chand 0babc27b75
Added elFinder filemanger exposed (#3602) 
* Added elFinder filemanger exposed

* Template name / id update + more reference

* template name update

* matcher update

* Modified the matcher.

* minor updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-26 23:27:45 +05:30
Sullo 9a8482172d Remove: 
- various nonstandard ascii chars in favor of the standard ones (mostly quotes)
 - spaces after : in some files
 2022-01-25 14:38:53 -05:00
GitHub Action 173f0ef2d3 Auto Generated CVE annotations [Tue Jan 25 16:51:00 UTC 2022] 🤖 2022-01-25 16:51:00 +00:00
Sandeep Singh 4401b9ebe9
Merge pull request #3599 from projectdiscovery/CVE-2021-24838 
Added CVE-2021-24838
 2022-01-25 22:19:30 +05:30
Sandeep Singh 494a80799c
Merge pull request #3600 from MostInterestingBotInTheWorld/dashboard 
Enhancement: cves/2021/CVE-2021-29156.yaml by cs
 2022-01-25 22:09:27 +05:30
sandeep 8c7ec49185 lint fix 2022-01-25 22:08:01 +05:30
sandeep 47e34dba46 Added CVE-2021-24838 2022-01-25 17:14:00 +05:30
Prince Chaddha 6a2ff6f09e
Update CVE-2021-39350.yaml 2022-01-25 17:08:01 +05:30
GwanYeong Kim 67b2955d98 Create CVE-2021-39350.yaml 
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-25 17:31:13 +09:00
Prince Chaddha 25e3537212
Update CVE-2021-43810.yaml 2022-01-25 12:34:20 +05:30
GwanYeong Kim c368e33117 Create CVE-2021-43810.yaml 
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-25 13:55:34 +09:00
MostInterestingBotInTheWorld 44d23ef3eb Enhancement: cves/2021/CVE-2021-29156.yaml by cs 2022-01-24 13:45:03 -05:00
GitHub Action f882764c9b Auto Generated CVE annotations [Mon Jan 24 07:12:56 UTC 2022] 🤖 2022-01-24 07:12:56 +00:00
Prince Chaddha fa30e05f61
Merge pull request #3586 from V35HR4J/master 
Create CVE-2021-39433.yaml
 2022-01-24 12:40:15 +05:30
Prince Chaddha 03697ed21a
Update CVE-2021-39433.yaml 2022-01-24 12:28:03 +05:30
Veshraj Ghimire df907cc2e3
Create CVE-2021-39433.yaml 2022-01-23 21:00:30 +05:45
Prince Chaddha 1d15a5464a
Update CVE-2021-24750.yaml 2022-01-23 14:51:25 +05:30
Prince Chaddha 3c9e02150d
Update CVE-2021-24750.yaml 2022-01-23 14:39:38 +05:30
Prince Chaddha 75184ca383
Update CVE-2021-24750.yaml 2022-01-23 14:38:12 +05:30
cckuailong dad34d012c add CVE-2021-24750 2022-01-23 13:17:20 +08:00
sandeep 2a8d8e1095 more updates 2022-01-22 23:27:52 +05:30
sandeep 6b14c6c6fc CVE-2021-40438 update 2022-01-22 23:18:07 +05:30
Sandeep Singh 1b0c7f1b7f
CVE-2021-22205 update (#3568) 
*moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml
*template extension update + added missing severity + misc updates
 2022-01-20 14:25:57 +05:30
Greg Johnson e0a2d35a8d
add passive fingerprinting template for CVE-2021-22205 (#3565) 
Co-authored-by: Greg Johnson (codeEmitter) <gjohnson@gitlab.com>
 2022-01-20 14:12:37 +05:30
pussycat0x 650a38ffde
Qualcomm 4G LTE WiFi VoIP-Router (#3555) 
* Add files via upload

* Auto Generated CVE annotations [Mon Jan 17 16:05:35 UTC 2022] 🤖

* Update CVE-2021-44528.yaml

* Update CVE-2021-45232.yaml

* Add files via upload

* removing duplicate template

* moving template around

* template fix

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-19 13:33:34 +05:30
sandeep e51d401214 template fix 2022-01-19 13:32:16 +05:30
sandeep fd023b42a8 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/3550 2022-01-19 13:25:06 +05:30
Roberto Nunes 2cadf76241
Create CVE-2021-32618.yaml (#3546) 
* Create CVE-2021-32618.yaml

* Update and rename CVE-2021-32618.yaml to cves/2021/CVE-2021-32618.yaml

* matcher update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-18 12:51:00 +05:30
GitHub Action 2c250d66c7 Auto Generated CVE annotations [Tue Jan 18 05:22:01 UTC 2022] 🤖 2022-01-18 05:22:01 +00:00
Dwi Siswanto b8dabfbcbb
Add CVE-2021-20038 (#3542) 
* Add CVE-2021-20038

* misc: Update author
 2022-01-18 10:50:14 +05:30
Prince Chaddha bc5fba6fbf
Update CVE-2021-45232.yaml 2022-01-17 22:20:44 +05:30
Prince Chaddha f988ad8ff4
Update CVE-2021-44528.yaml 2022-01-17 22:19:22 +05:30
GitHub Action 4f81203546 Auto Generated CVE annotations [Mon Jan 17 16:05:35 UTC 2022] 🤖 2022-01-17 16:05:35 +00:00
Patrick 1086ca1a30
added template for CVE-2021-42551 (#3541) 
* added template for CVE-2021-42551

* Update CVE-2021-42551.yaml

* Update CVE-2021-42551.yaml

* unbricked CVE-2021-42551

* additional page specific matcher

Co-authored-by: Patrick <patrick.schmid@redguard.ch>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-16 19:01:29 +05:30
gy741 e5958c1364
Update tags (#3538) 2022-01-16 02:08:21 +05:30
GitHub Action d5e2eb7d41 Auto Generated CVE annotations [Sat Jan 15 19:05:39 UTC 2022] 🤖 2022-01-15 19:05:39 +00:00
GitHub Action bc3fa19859 Auto Generated CVE annotations [Thu Jan 13 05:21:21 UTC 2022] 🤖 2022-01-13 05:21:21 +00:00
Muhammad Daffa 64cf0fa4ba
Rename maian cart rce (#3532) 
* Update and rename vulnerabilities/other/maian-cart-preauth-rce.yaml to cves/2021/CVE-2021-32172.yaml

* Update CVE-2021-32172.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-01-13 10:48:51 +05:30
sandeep 5c471a6168 removing duplicate template 2022-01-12 17:28:47 +05:30
Prince Chaddha a53ae7b694
Merge pull request #3518 from gy741/rule-add-v85 
Create CVE-2021-20167.yaml
 2022-01-11 14:54:05 +05:30
GitHub Action c40624e7d9 Auto Generated CVE annotations [Tue Jan 11 08:57:41 UTC 2022] 🤖 2022-01-11 08:57:41 +00:00
Prince Chaddha 70677b3b5a
Update CVE-2021–20837.yaml 2022-01-11 14:12:04 +05:30
Prince Chaddha 9afd4bcfd8
Update CVE-2021-20167.yaml 2022-01-11 13:57:07 +05:30
GwanYeong Kim d772fd884b Create CVE-2021-20167.yaml 
This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167. Netgear RAX43 version 1.0.3.96 contains a command injection and authbypass vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. and The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-11 15:00:56 +09:00
PikPikcU 83e431802e
Create CVE-2021–20837.yaml 2022-01-10 21:44:31 -05:00
Roberto Nunes 484d77de7c
Create CVE-2021-39501.yaml (#3501) 
* Create CVE-2021-39501.yaml

* moving template to cves directory

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-08 17:00:19 +05:30
GitHub Action 451313a0af Auto Generated CVE annotations [Sat Jan 8 10:57:43 UTC 2022] 🤖 2022-01-08 10:57:43 +00:00
JAS-37 0c7d13d152
add CVE-2021-31862 template (#3491) 
* add CVE-2021-31862 template

* updated matchers

* Added SysAid panel + workflow

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-07 13:28:38 +05:30
Aaron Chen d0f71c6d1b
Update CVE-2021-31589.yaml (#3489) 2022-01-06 12:05:23 +05:30
Ahmed Aboul-Ela f279bd78d1
Add CVE-2021-31589 (#3486) 
* Add CVE-2021-31589

Committer: Ahmed Aboul-Ela <ahmed.aboul3la@gmail.com>

* lint fixes

* updated matchers

* Added metadata

* Added Bomgar Login Panel detection

* Added Bomgar workflow

* Added favicon detection

Co-authored-by: Ahmed Aboul-Ela <ahmed@secgeek.local>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-05 18:39:53 +05:30
Prince Chaddha a9ef4d2612
Merge pull request #3480 from gy741/rule-add-v81 
Create CVE-2021-21881.yaml
 2022-01-05 13:01:57 +05:30
Prince Chaddha fefd3343eb
Update CVE-2021-21881.yaml 2022-01-05 13:00:40 +05:30
Prince Chaddha 616bea3a88
Update CVE-2021-21881.yaml 2022-01-05 12:59:27 +05:30
Pathtaga e281e5bf88
Updated all templates tags with technologies (#3478) 
* Updated tags for template sonicwall-email-security-detect.yaml

* Updated tags for template detect-sentry.yaml

* Updated tags for template kong-detect.yaml

* Updated tags for template openam-detect.yaml

* Updated tags for template shiro-detect.yaml

* Updated tags for template iplanet-web-server.yaml

* Updated tags for template graylog-api-browser.yaml

* Updated tags for template prtg-detect.yaml

* Updated tags for template node-red-detect.yaml

* Updated tags for template abyss-web-server.yaml

* Updated tags for template geo-webserver.yaml

* Updated tags for template autobahn-python-detect.yaml

* Updated tags for template default-lighttpd-page.yaml

* Updated tags for template microsoft-iis-8.yaml

* Updated tags for template lucee-detect.yaml

* Updated tags for template php-proxy-detect.yaml

* Updated tags for template jenkins-detect.yaml

* Updated tags for template cockpit-detect.yaml

* Updated tags for template csrfguard-detect.yaml

* Updated tags for template dwr-index-detect.yaml

* Updated tags for template netsweeper-webadmin-detect.yaml

* Updated tags for template weblogic-detect.yaml

* Updated tags for template s3-detect.yaml

* Updated tags for template tileserver-gl.yaml

* Updated tags for template springboot-actuator.yaml

* Updated tags for template terraform-detect.yaml

* Updated tags for template redmine-cli-detect.yaml

* Updated tags for template mrtg-detect.yaml

* Updated tags for template tableau-server-detect.yaml

* Updated tags for template magmi-detect.yaml

* Updated tags for template oidc-detect.yaml

* Updated tags for template tor-socks-proxy.yaml

* Updated tags for template synology-web-station.yaml

* Updated tags for template herokuapp-detect.yaml

* Updated tags for template gunicorn-detect.yaml

* Updated tags for template sql-server-reporting.yaml

* Updated tags for template google-bucket-service.yaml

* Updated tags for template kubernetes-mirantis.yaml

* Updated tags for template kubernetes-enterprise-manager.yaml

* Updated tags for template oracle-iplanet-web-server.yaml

* Updated tags for template dell-idrac7-detect.yaml

* Updated tags for template dell-idrac6-detect.yaml

* Updated tags for template dell-idrac9-detect.yaml

* Updated tags for template dell-idrac8-detect.yaml

* Updated tags for template apache-guacamole.yaml

* Updated tags for template aws-cloudfront-service.yaml

* Updated tags for template aws-bucket-service.yaml

* Updated tags for template nginx-linux-page.yaml

* Updated tags for template telerik-fileupload-detect.yaml

* Updated tags for template telerik-dialoghandler-detect.yaml

* Updated tags for template htaccess-config.yaml

* Updated tags for template microsoft-azure-error.yaml

* Updated tags for template detect-options-method.yaml

* Updated tags for template unpatched-coldfusion.yaml

* Updated tags for template moodle-changelog.yaml

* Updated tags for template detect-dns-over-https.yaml

* Updated tags for template CVE-2019-19134.yaml

* Updated tags for template CVE-2019-3929.yaml

* Updated tags for template CVE-2019-19908.yaml

* Updated tags for template CVE-2019-10475.yaml

* Updated tags for template CVE-2019-17382.yaml

* Updated tags for template CVE-2019-16332.yaml

* Updated tags for template CVE-2019-14974.yaml

* Updated tags for template CVE-2019-19368.yaml

* Updated tags for template CVE-2019-12725.yaml

* Updated tags for template CVE-2019-15501.yaml

* Updated tags for template CVE-2019-9733.yaml

* Updated tags for template CVE-2019-14322.yaml

* Updated tags for template CVE-2019-9955.yaml

* Updated tags for template CVE-2019-0230.yaml

* Updated tags for template CVE-2019-10232.yaml

* Updated tags for template CVE-2019-17506.yaml

* Updated tags for template CVE-2019-8449.yaml

* Updated tags for template CVE-2019-12593.yaml

* Updated tags for template CVE-2019-10092.yaml

* Updated tags for template CVE-2019-1821.yaml

* Updated tags for template CVE-2019-3401.yaml

* Updated tags for template CVE-2019-16662.yaml

* Updated tags for template CVE-2019-5418.yaml

* Updated tags for template CVE-2016-4975.yaml

* Updated tags for template CVE-2016-1000137.yaml

* Updated tags for template CVE-2016-7552.yaml

* Updated tags for template CVE-2016-10956.yaml

* Updated tags for template CVE-2016-1000146.yaml

* Updated tags for template CVE-2013-2251.yaml

* Updated tags for template CVE-2013-1965.yaml

* Updated tags for template CVE-2014-2323.yaml

* Updated tags for template CVE-2014-5111.yaml

* Updated tags for template CVE-2014-2962.yaml

* Updated tags for template CVE-2014-4561.yaml

* Updated tags for template CVE-2014-4558.yaml

* Updated tags for template CVE-2014-3120.yaml

* Updated tags for template CVE-2007-5728.yaml

* Updated tags for template CVE-2009-4679.yaml

* Updated tags for template CVE-2009-1558.yaml

* Updated tags for template CVE-2009-4202.yaml

* Updated tags for template CVE-2009-0932.yaml

* Updated tags for template CVE-2015-2068.yaml

* Updated tags for template CVE-2015-8813.yaml

* Updated tags for template CVE-2015-7450.yaml

* Updated tags for template CVE-2015-2067.yaml

* Updated tags for template CVE-2015-3306.yaml

* Updated tags for template CVE-2015-3337.yaml

* Updated tags for template CVE-2015-1427.yaml

* Updated tags for template CVE-2015-1503.yaml

* Updated tags for template CVE-2015-1880.yaml

* Updated tags for template CVE-2018-3810.yaml

* Updated tags for template CVE-2018-18069.yaml

* Updated tags for template CVE-2018-17246.yaml

* Updated tags for template CVE-2018-10141.yaml

* Updated tags for template CVE-2018-16341.yaml

* Updated tags for template CVE-2018-18777.yaml

* Updated tags for template CVE-2018-15138.yaml

* Updated tags for template CVE-2018-11784.yaml

* Updated tags for template CVE-2018-16299.yaml

* Updated tags for template CVE-2018-7251.yaml

* Updated tags for template CVE-2018-1273.yaml

* Updated tags for template CVE-2018-1271.yaml

* Updated tags for template CVE-2018-11759.yaml

* Updated tags for template CVE-2018-3167.yaml

* Updated tags for template CVE-2018-7490.yaml

* Updated tags for template CVE-2018-2628.yaml

* Updated tags for template CVE-2018-13380.yaml

* Updated tags for template CVE-2018-2893.yaml

* Updated tags for template CVE-2018-5316.yaml

* Updated tags for template CVE-2018-20985.yaml

* Updated tags for template CVE-2018-10818.yaml

* Updated tags for template CVE-2018-1000861.yaml

* Updated tags for template CVE-2018-0296.yaml

* Updated tags for template CVE-2018-19458.yaml

* Updated tags for template CVE-2018-3760.yaml

* Updated tags for template CVE-2018-12998.yaml

* Updated tags for template CVE-2018-9118.yaml

* Updated tags for template CVE-2018-1000130.yaml

* Updated tags for template CVE-2008-6668.yaml

* Updated tags for template CVE-2017-7269.yaml

* Updated tags for template CVE-2017-1000170.yaml

* Updated tags for template CVE-2017-16877.yaml

* Updated tags for template CVE-2017-1000486.yaml

* Updated tags for template CVE-2017-9822.yaml

* Updated tags for template CVE-2017-0929.yaml

* Updated tags for template CVE-2017-7921.yaml

* Updated tags for template CVE-2017-14535.yaml

* Updated tags for template CVE-2017-5521.yaml

* Updated tags for template CVE-2017-12637.yaml

* Updated tags for template CVE-2017-12635.yaml

* Updated tags for template CVE-2017-11610.yaml

* Updated tags for template CVE-2021-20114.yaml

* Updated tags for template CVE-2021-40856.yaml

* Updated tags for template CVE-2021-21972.yaml

* Updated tags for template CVE-2021-31602.yaml

* Updated tags for template CVE-2021-41773.yaml

* Updated tags for template CVE-2021-37704.yaml

* Updated tags for template CVE-2021-45046.yaml

* Updated tags for template CVE-2021-26084.yaml

* Updated tags for template CVE-2021-27931.yaml

* Updated tags for template CVE-2021-24291.yaml

* Updated tags for template CVE-2021-41648.yaml

* Updated tags for template CVE-2021-37216.yaml

* Updated tags for template CVE-2021-22005.yaml

* Updated tags for template CVE-2021-37573.yaml

* Updated tags for template CVE-2021-31755.yaml

* Updated tags for template CVE-2021-43287.yaml

* Updated tags for template CVE-2021-24274.yaml

* Updated tags for template CVE-2021-33564.yaml

* Updated tags for template CVE-2021-22145.yaml

* Updated tags for template CVE-2021-24237.yaml

* Updated tags for template CVE-2021-44848.yaml

* Updated tags for template CVE-2021-25646.yaml

* Updated tags for template CVE-2021-21816.yaml

* Updated tags for template CVE-2021-41649.yaml

* Updated tags for template CVE-2021-41291.yaml

* Updated tags for template CVE-2021-41293.yaml

* Updated tags for template CVE-2021-21801.yaml

* Updated tags for template CVE-2021-29156.yaml

* Updated tags for template CVE-2021-34370.yaml

* Updated tags for template CVE-2021-27132.yaml

* Updated tags for template CVE-2021-28151.yaml

* Updated tags for template CVE-2021-26812.yaml

* Updated tags for template CVE-2021-21985.yaml

* Updated tags for template CVE-2021-43778.yaml

* Updated tags for template CVE-2021-25281.yaml

* Updated tags for template CVE-2021-40539.yaml

* Updated tags for template CVE-2021-36749.yaml

* Updated tags for template CVE-2021-21234.yaml

* Updated tags for template CVE-2021-33221.yaml

* Updated tags for template CVE-2021-42013.yaml

* Updated tags for template CVE-2021-33807.yaml

* Updated tags for template CVE-2021-44228.yaml

* Updated tags for template CVE-2012-0896.yaml

* Updated tags for template CVE-2012-0991.yaml

* Updated tags for template CVE-2012-0392.yaml

* Updated tags for template CVE-2012-4940.yaml

* Updated tags for template CVE-2012-1226.yaml

* Updated tags for template CVE-2012-4878.yaml

* Updated tags for template CVE-2010-1304.yaml

* Updated tags for template CVE-2010-1217.yaml

* Updated tags for template CVE-2010-0759.yaml

* Updated tags for template CVE-2010-2307.yaml

* Updated tags for template CVE-2010-4231.yaml

* Updated tags for template CVE-2010-2861.yaml

* Updated tags for template CVE-2010-4282.yaml

* Updated tags for template CVE-2010-1302.yaml

* Updated tags for template CVE-2010-1461.yaml

* Updated tags for template CVE-2020-4463.yaml

* Updated tags for template CVE-2020-1943.yaml

* Updated tags for template CVE-2020-36289.yaml

* Updated tags for template CVE-2020-17518.yaml

* Updated tags for template CVE-2020-12800.yaml

* Updated tags for template CVE-2020-10770.yaml

* Updated tags for template CVE-2020-17506.yaml

* Updated tags for template CVE-2020-11547.yaml

* Updated tags for template CVE-2020-11034.yaml

* Updated tags for template CVE-2020-24589.yaml

* Updated tags for template CVE-2020-9054.yaml

* Updated tags for template CVE-2020-28976.yaml

* Updated tags for template CVE-2020-16952.yaml

* Updated tags for template CVE-2020-24312.yaml

* Updated tags for template CVE-2020-8512.yaml

* Updated tags for template CVE-2020-14179.yaml

* Updated tags for template CVE-2020-6308.yaml

* Updated tags for template CVE-2020-35846.yaml

* Updated tags for template CVE-2020-7318.yaml

* Updated tags for template CVE-2020-2140.yaml

* Updated tags for template CVE-2020-5410.yaml

* Updated tags for template CVE-2020-5777.yaml

* Updated tags for template CVE-2020-13700.yaml

* Updated tags for template CVE-2020-5775.yaml

* Updated tags for template CVE-2020-13167.yaml

* Updated tags for template CVE-2020-35848.yaml

* Updated tags for template CVE-2020-9484.yaml

* Updated tags for template CVE-2020-15505.yaml

* Updated tags for template CVE-2020-9047.yaml

* Updated tags for template CVE-2020-17519.yaml

* Updated tags for template CVE-2020-17505.yaml

* Updated tags for template CVE-2020-9376.yaml

* Updated tags for template CVE-2020-8497.yaml

* Updated tags for template CVE-2020-14092.yaml

* Updated tags for template CVE-2020-10148.yaml

* Updated tags for template CVE-2020-35847.yaml

* Updated tags for template CVE-2020-12116.yaml

* Updated tags for template CVE-2020-11930.yaml

* Updated tags for template CVE-2020-24186.yaml

* Updated tags for template CVE-2020-9496.yaml

* Updated tags for template CVE-2020-35489.yaml

* Updated tags for template CVE-2020-26413.yaml

* Updated tags for template CVE-2020-2096.yaml

* misc updates

* misc update

* more updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-05 01:04:16 +05:30
GwanYeong Kim d572716df0 Create CVE-2021-21881.yaml 
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-01-04 23:14:12 +09:00
GitHub Action 86c11d1b40 Auto Generated CVE annotations [Tue Jan 4 11:55:25 UTC 2022] 🤖 2022-01-04 11:55:25 +00:00
pajoda c45934891f
Create CVE-2021-36748.yaml (#2446) 
* Create CVE-2021-36748.yaml

* Update indentation

* minor update

* Update CVE-2021-36748.yaml

* Additional unique matchers + easily readable syntax

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-01-04 17:23:56 +05:30
sandeep 6f3591f920 rseenet tags update 2022-01-01 12:28:32 +05:30
sandeep 7eba1c5a0a added reference for rce 2021-12-31 17:53:27 +05:30
GitHub Action e238128b1c Auto Generated CVE annotations [Thu Dec 30 11:40:55 UTC 2021] 🤖 2021-12-30 11:40:55 +00:00
Sandeep Singh de7bef1300
Added CVE-2021-42567 (Apereo CAS Reflected XSS) (#3450) 
* Added CVE-2021-42567 (Apereo CAS Reflected XSS)

* Added login panel detection
 2021-12-30 17:09:29 +05:30
Prince Chaddha a94c5d62a1
Update CVE-2021-40859.yaml 2021-12-30 12:15:22 +05:30
Prince Chaddha f3deec4325
Update CVE-2021-40859.yaml 2021-12-30 12:15:02 +05:30
Sandeep Singh a10aff06e5
Merge branch 'master' into master 2021-12-29 21:28:30 +05:30
sandeep 8744282d5b removing matcher to avoid false negative result. 2021-12-29 12:10:51 +05:30
东方有鱼名为咸 7a05f1b538
add CVE-2021-45232.yaml (#3437) 
* Create CVE-2021-45232.yaml

* matcher fixes

* more reference

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-28 19:43:00 +05:30
GitHub Action c33766a93f Auto Generated CVE annotations [Fri Dec 24 13:38:52 UTC 2021] 🤖 2021-12-24 13:38:52 +00:00
Prince Chaddha 415f37a7a6
Update CVE-2021-27358.yaml 2021-12-24 19:02:18 +05:30
sandeep f892a053a2 Added Grafana unauthenticated snapshot creation 2021-12-24 17:47:55 +05:30
sandeep 54e064767d Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-12-23 21:46:10 +05:30
sandeep 99f5a47202 minor update 2021-12-23 21:40:28 +05:30
GitHub Action 132108f849 Auto Generated CVE annotations [Thu Dec 23 15:43:46 UTC 2021] 🤖 2021-12-23 15:43:46 +00:00
ImNightmaree a76a9baaf4
Create CVE-2021-45046 (#3378) 
* Create CVE-2021-45046

* Update and rename CVE-2021-45046 to CVE-2021-45046.yaml

* minor update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-23 21:11:50 +05:30
Mohamed Elbadry d2d47bfcb0
Update CVE-2021-44228.yaml - Extract DNS interaction IP (#3396) 
* Update CVE-2021-44228.yaml

* lint fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 18:17:30 +05:30
GitHub Action d253ff84ef Auto Generated CVE annotations [Wed Dec 22 06:47:35 UTC 2021] 🤖 2021-12-22 06:47:35 +00:00
pussycat0x 8a77db7919
unauthorized Puppet Node Manager (#3388) 
* Add files via upload

* Update unauthorized-puppet-node-manager-detect.yaml

* Add files via upload

* Add files via upload

* Update CVE-2021-40859.yaml

* misc updates

* minor updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 12:16:05 +05:30
sandeep df2418ce18 misc updates 2021-12-22 12:10:38 +05:30
pussycat0x 08d097a751
Update CVE-2021-40859.yaml 2021-12-22 09:33:06 +05:30
pussycat0x 4b6a46f06f
Add files via upload 2021-12-22 09:30:36 +05:30
GitHub Action 10ba4de0d7 Auto Generated CVE annotations [Tue Dec 21 12:32:40 UTC 2021] 🤖 2021-12-21 12:32:40 +00:00
Prince Chaddha b622f5145d
Merge pull request #3383 from projectdiscovery/princechaddha-patch-2 
Create CVE-2021-26085.yaml
 2021-12-21 18:00:47 +05:30
GitHub Action 19bfb84638 Auto Generated CVE annotations [Tue Dec 21 11:06:14 UTC 2021] 🤖 2021-12-21 11:06:14 +00:00
GitHub Action 7fe5c23627 Auto Generated CVE annotations [Mon Dec 20 14:33:22 UTC 2021] 🤖 2021-12-20 14:33:22 +00:00
Prince Chaddha b8ee43e27a
Create CVE-2021-26085.yaml 2021-12-20 15:20:14 +05:30
Prince Chaddha ca6146a4af
Update CVE-2021-44228.yaml 2021-12-19 14:52:29 +05:30
Prince Chaddha fc566d27a8
Create CVE-2021-45092.yaml (#3372) 
* Create CVE-2021-45092.yaml

* Added Thinfinity Iframe Injection

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* Added Thinfinity VirtualUI User Enumeration

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* added missing tag

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
 2021-12-18 14:32:44 +05:30
Abhiram V dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers (#3334) 
* Updated with common headers which can be exploited

Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part

* fix: lint update

* Update CVE-2021-44228.yaml

* Update CVE-2021-44228.yaml

* Updated changed matchers and extractors regex according to v8.7.3 update

* payload updates for CVE-2021-44228

- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points

Source - https://twitter.com/0xceba/status/1471664540542648322

Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
 2021-12-18 10:51:45 +05:30
sandeep b8fa0d5857 update: added more reference 2021-12-15 21:26:35 +05:30
Geeknik Labs 9c169bd682
Create CVE-2021-44528.yaml (#3342) 2021-12-15 20:43:07 +05:30
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
sandeep 34d4557dad update: making it compatible with self-hosted interactsh server 2021-12-14 03:21:47 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298) 
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
 2021-12-14 02:22:26 +05:30
Nicolas 1411edf332
Updated CVE-2021-44228.yaml (#3335) 
Co-authored-by: olacin <olacin@users.noreply.github.com>
 2021-12-13 20:24:06 +05:30
5tr1x 5dc71681c5
Add X-Forwarded-For and Authentication headers 2021-12-11 15:43:22 -06:00
Mohamed Elbadry 33fbe53930
Create CVE-2021-44228.yaml (#3319) 
* Create CVE-2021-44228.yaml

* fix: syntax fix

* update: added additional path based payload

* update: strict matcher + pulling hostname information of the system

* update: added path based payload

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-12 00:56:50 +05:30
GitHub Action a19b941193 Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖 2021-12-08 11:18:20 +00:00
Sandeep Singh 2521cb62bf
Added CVE-2021-43798 (#3296) 
* Added CVE-2021-43798

* updated with default plugin list

* Update grafana-file-read.yaml
 2021-12-08 16:46:47 +05:30
Prince Chaddha 548980ae5b
Update CVE-2021-40856.yaml 2021-12-08 10:25:18 +05:30
GwanYeong Kim 48c6834de6 Create CVE-2021-40856.yaml 
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-08 09:54:30 +09:00
sandeep b8d068416f update: added reference for CVE-2021-38314 2021-12-04 22:17:25 +05:30
sandeep f64926808d Added missing tag 2021-12-04 12:50:04 +05:30
GitHub Action 01cb3156ce Auto Generated CVE annotations [Sat Dec 4 07:17:12 UTC 2021] 🤖 2021-12-04 07:17:12 +00:00
sandeep d2d0d4bf8d minor update to description 2021-12-04 12:44:08 +05:30
alph4byt3 09468dc0f8 Create CVE-2021-29490.yaml 2021-12-04 12:40:47 +05:30
alph4byt3 5180d138bf Delete CVE-2021-29490 2021-12-04 12:40:47 +05:30
alph4byt3 41148c9f86 Create CVE-2021-29490 2021-12-04 12:40:47 +05:30
GitHub Action ee1c16543d Auto Generated CVE annotations [Fri Dec 3 09:17:18 UTC 2021] 🤖 2021-12-03 09:17:18 +00:00
Prince Chaddha 7a32fc3941
Update and rename CVE-2021-27310.yaml to cves/2021/CVE-2021-27310.yaml 2021-12-03 14:43:25 +05:30
Prince Chaddha 7bd27557d8
Merge pull request #3253 from projectdiscovery/pr-fix-1 
Update CVE-2021-30213.yaml
 2021-12-03 14:32:47 +05:30
Prince Chaddha 0ac3b4da59
Merge pull request #3252 from projectdiscovery/pr-fix 
Update CVE-2021-27931.yaml
 2021-12-03 14:32:06 +05:30
Prince Chaddha 10c0f1b22f
Update CVE-2021-30213.yaml 2021-12-03 14:31:08 +05:30
Prince Chaddha 04bb340596
Update CVE-2021-27931.yaml 2021-12-03 14:30:44 +05:30
Prince Chaddha 5a36367340
Merge branch 'master' into pr-fix-1 2021-12-03 13:49:27 +05:30
Prince Chaddha 3cade85cc8
Merge branch 'master' into pr-fix 2021-12-03 13:23:33 +05:30
GitHub Action 6731cb176b Auto Generated CVE annotations [Fri Dec 3 07:23:34 UTC 2021] 🤖 2021-12-03 07:23:34 +00:00
Prince Chaddha ccca1add3f
Update CVE-2021-30213.yaml 2021-12-03 12:53:01 +05:30
Prince Chaddha e53cdde0c0
Merge pull request #3199 from alph4byt3/alph4byt3-patch-1 
Create CVE-2021-30213.yaml
 2021-12-03 12:52:11 +05:30
GitHub Action 5afe45cba5 Auto Generated CVE annotations [Fri Dec 3 07:19:34 UTC 2021] 🤖 2021-12-03 07:19:34 +00:00
Prince Chaddha 636a82effd
Update CVE-2021-27931.yaml 2021-12-03 12:48:47 +05:30
Prince Chaddha 025475d950
Merge pull request #3251 from projectdiscovery/pr-fix 
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml
 2021-12-03 12:48:01 +05:30
Prince Chaddha bac5f0f843
Merge pull request #3206 from alph4byt3/patch-1 
Create CVE-2021-27931.yaml
 2021-12-03 12:47:18 +05:30
Prince Chaddha 0457cbd6b2
Update and rename CVE-2021-40542.yaml to cves/2021/CVE-2021-40542.yaml 2021-12-03 12:42:37 +05:30
sandeep 1dabef2e6f Revert "CVE update - CVE-2021-22049" 
This reverts commit 70128c2587.
 2021-12-02 01:34:29 +05:30
sandeep 70128c2587 CVE update - CVE-2021-22049 2021-12-02 01:31:41 +05:30
sandeep 814bf92a00 File name update - CVE-2021-39226 2021-12-02 01:14:10 +05:30
Sandeep Singh 19fcafa546
CVE-2021-39226 (#3241) 
* Added CVE-39226

Co-Authored-By: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>

Co-authored-by: Evan Rubinstein <70485623+evanRubinsteinIT@users.noreply.github.com>
 2021-12-02 01:07:40 +05:30
sullo 854b464b1d
Add remediation information to CVE-2021-40539 and CVE-2021-44427 (#3237) 
* Added remediation to CVE-2021-40539

* Added remediation to CVE-2021-44427

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2021-12-01 22:23:24 +05:30
Prince Chaddha c9b6c8e463
Merge pull request #3235 from cckuailong/master 
add CVE-2021-43778.yaml
 2021-12-01 19:21:08 +05:30
Prince Chaddha 93f9f3ccac
Update CVE-2021-43778.yaml 2021-12-01 19:19:10 +05:30
GitHub Action d3649d4f43 Auto Generated CVE annotations [Wed Dec 1 13:42:24 UTC 2021] 🤖 2021-12-01 13:42:24 +00:00
cckuailong 2a8ca5d836 add CVE-2021-43778.yaml 2021-12-01 15:04:29 +08:00
GitHub Action fb048c7972 Auto Generated CVE annotations [Tue Nov 30 18:51:32 UTC 2021] 🤖 2021-11-30 18:51:32 +00:00
Sandeep Singh eb5a6ab341
Added CVE-2021-41266 (#3229) 
Co-Authored-By: Lenin Alevski <1795553+Alevsk@users.noreply.github.com>
 2021-12-01 00:19:41 +05:30
Prince Chaddha d484fed316
Merge pull request #3224 from xShuden/master 
Create  CVE-2021-44427.yaml
 2021-11-30 21:55:47 +04:00
Prince Chaddha f6a952d4be
Update CVE-2021-44427.yaml 2021-11-30 23:23:31 +05:30
Prince Chaddha ae078ecd51
Merge pull request #3223 from gy741/rule-add-v74 
Create CVE-2021-41653.yaml
 2021-11-30 20:54:55 +04:00
Prince Chaddha 0b82e570d1
Update CVE-2021-41653.yaml 2021-11-30 22:22:16 +05:30
Aaron Chen 38f147a716
create CVE-2021-41951 (#3202) 
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2021-11-30 22:19:12 +05:30
Sandeep Singh 949cd0d5a6
CVE 2021 41951 (#3226) 
* create CVE-2021-41951

Co-authored-by: Aaron Chen <aaronchen.lisp@gmail.com>
 2021-11-30 22:15:32 +05:30
Furkan Sayım 3ae4c1b484
Create CVE-2021-44427.yaml 2021-11-30 16:56:38 +01:00
GwanYeong Kim 3dd0c78fff Create CVE-2021-41653.yaml 
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-11-30 14:35:25 +09:00
forgedhallpass 7ef4f90cf0
feat: CVE-2021-22053 (#3220) 
* feat: CVE-2021-22053
 2021-11-29 18:42:08 +05:30
GitHub Action 302227a09d Auto Generated CVE annotations [Sun Nov 28 20:31:30 UTC 2021] 🤖 2021-11-28 20:31:30 +00:00
sandeep d00dea3f6b removed unwanted headers 2021-11-29 00:05:36 +05:30
sandeep 685c46640e Added Apache Airflow - Unauthenticated variable Import 2021-11-28 23:47:12 +05:30
sandeep 63b23a4848 Added additional reference 2021-11-28 17:22:02 +05:30
sandeep 7345869864 Added additional matcher 2021-11-27 10:04:24 +05:30
rotemr 0595a1dcf1 Add template for CVE-2021-24278 2021-11-27 01:32:48 +02:00
alph4byt3 3c1ae20146
Create CVE-2021-27931.yaml 2021-11-25 17:39:09 +02:00
alph4byt3 f2ff7a1a7e
Create CVE-2021-30213.yaml 2021-11-24 17:43:59 +02:00
GitHub Action 2e3c57379f Auto Generated CVE annotations [Tue Nov 23 03:59:46 UTC 2021] 🤖 2021-11-23 03:59:46 +00:00
Prince Chaddha e787e67010
Update CVE-2021-43495.yaml 2021-11-23 07:46:15 +04:00
PikPikcU 05a366d141
Create CVE-2021-43495.yaml 2021-11-23 08:30:30 +07:00
sandeep a175effdc4 Added few additional information 2021-11-20 17:19:24 +05:30
GitHub Action 440a0e7114 Auto Generated CVE annotations [Thu Nov 18 20:31:47 UTC 2021] 🤖 2021-11-18 20:31:47 +00:00
sandeep a7594322a3 removed spaces 2021-11-19 01:40:36 +05:30
sandeep cf34d5b0ee Added Apache ShenYu Admin JWT authentication bypass (CVE-2021-37580) 2021-11-19 01:38:23 +05:30
Bourne Haber ff16039083
Change word -> regex for type 'regex' 2021-11-16 23:51:30 +05:30
sandeep b2aa8f9f5b misc updates 2021-11-13 23:01:53 +05:30
sandeep b0860f2275 Template update to confirm RCE 2021-11-13 16:36:43 +05:30
sandeep 0e9faf2419 misc updates 2021-11-13 00:37:40 +05:30
GitHub Action d77afde6f2 Auto Generated CVE annotations [Fri Nov 12 19:00:28 UTC 2021] 🤖 2021-11-12 19:00:28 +00:00
sandeep e649bcc493 template fix 2021-11-13 00:29:04 +05:30
Sandeep Singh e50e82d61b
Merge pull request #3129 from httpvoid/master 
Add CVE-2021-41349
 2021-11-13 00:28:42 +05:30
rootxharsh 29bcd6b821 Add CVE-2021-41349 2021-11-12 23:55:15 +05:30
sandeep ca0b7890dc misc update 2021-11-11 14:35:58 +05:30
Sandeep Singh c0d875c623
Update CVE-2021-42237.yaml 2021-11-11 14:32:24 +05:30
Prince Chaddha e396e30ac5
Merge branch 'master' into master 2021-11-11 11:19:57 +05:30
Prince Chaddha a6039654a1
Update CVE-2021-31602.yaml 2021-11-11 11:17:25 +05:30
Prince Chaddha 7a08bde65d
Update CVE-2021-42237.yaml 2021-11-11 11:16:37 +05:30
GitHub Action 206b056506 Auto Generated CVE annotations [Thu Nov 11 05:29:39 UTC 2021] 🤖 2021-11-11 05:29:39 +00:00
GitHub Action 2cfad99d03 Auto Generated CVE annotations [Wed Nov 10 16:04:38 UTC 2021] 🤖 2021-11-10 16:04:38 +00:00
sandeep cb74944f43 misc updates 2021-11-08 15:45:54 +05:30
GitHub Action 268f6c7c86 Auto Generated CVE annotations [Mon Nov 8 06:51:55 UTC 2021] 🤖 2021-11-08 06:51:55 +00:00
GitHub Action 2f7b3d7e00 Auto Generated CVE annotations [Sat Nov 6 22:43:41 UTC 2021] 🤖 2021-11-06 22:43:41 +00:00
sandeep 2beb8767ff Added CVE-2021-41174 2021-11-07 04:08:43 +05:30
Sandeep Singh cd59d38e3d
Merge pull request #3083 from pussycat0x/master 
Pentaho <= 9.1 Authentication Bypass of Spring APIs
 2021-11-06 16:52:44 +05:30
sandeep 0963b5f289 Added stop-at-first-match 2021-11-06 16:52:33 +05:30
sandeep 1d4ff44b88 misc update 2021-11-06 16:51:03 +05:30
sandeep 5fa10c4b64 cves update 2021-11-06 12:34:04 +05:30
sandeep 3e12441f6d matcher update 2021-11-06 03:56:14 +05:30
Prince Chaddha c1e8682918
Update CVE-2021-31602.yaml 2021-11-05 21:20:29 +05:30
pussycat0x 70425f1be2
Update CVE-2021-31602.yaml 2021-11-05 14:11:44 +05:30
pussycat0x 802607241d
Update CVE-2021-31602.yaml 2021-11-05 13:59:09 +05:30
pussycat0x 153a00af52
Add files via upload 2021-11-05 13:45:21 +05:30
Pradeepch99 8c5987b2b2
Update CVE-2021-36260.yaml 2021-11-05 08:44:19 +05:30
ImNightmaree acc8d46849
Updates "whoami" regex 
Fixes #3060
 2021-11-03 17:43:48 +00:00
GitHub Action ba5d199dbb Auto Generated CVE annotations [Tue Nov 2 20:23:01 UTC 2021] 🤖 2021-11-02 20:23:01 +00:00
sandeep 36bda42c27 misc update 2021-11-03 01:49:51 +05:30
Prince Chaddha 94c49907ce
Update CVE-2021-38704.yaml 2021-11-02 23:35:14 +05:30
Prince Chaddha 3541fb5754
Update CVE-2021-38704.yaml 2021-11-02 23:25:17 +05:30
Prince Chaddha 19ca42a3d6
Update CVE-2021-38704.yaml 2021-11-02 23:23:11 +05:30
Prince Chaddha 5e774b4e9b
Create CVE-2021-38704.yaml 2021-11-02 23:16:22 +05:30
Sandeep Singh c2a167939e
Merge pull request #3031 from gy741/rule-add-v70 
Create CVE-2021-31682.yaml
 2021-10-31 17:09:29 +05:30
sandeep fe6dbc8b4d misc update 2021-10-31 16:56:16 +05:30
GitHub Action 4cc2a7a205 Auto Generated CVE annotations [Sat Oct 30 11:41:59 UTC 2021] 🤖 2021-10-30 11:41:59 +00:00
sandeep 8c3f98c767 fixed invalid template syntax 2021-10-30 16:47:35 +05:30
GwanYeong Kim 43629d5f49 Create CVE-2021-31682.yaml 
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-30 19:36:29 +09:00
sandeep 9a7111c936 updating author details 2021-10-29 22:16:25 +05:30
sandeep 1fdf1ce10a name update 2021-10-29 21:36:05 +05:30
sandeep d6fbf8b35c misc updates 2021-10-29 21:33:59 +05:30
GitHub Action 4236ca70b5 Auto Generated CVE annotations [Fri Oct 29 12:45:06 UTC 2021] 🤖 2021-10-29 12:45:07 +00:00
Dhiyaneshwaran afbd8f0448
Create CVE-2021-20837.yaml 2021-10-29 18:13:32 +05:30
Sandeep Singh ba04bc0d3a
Merge pull request #3022 from projectdiscovery/CVE-2021-36260 
Added Hikvision RCE (CVE-2021-36260)
 2021-10-29 17:09:01 +05:30
GitHub Action b46d572636 Auto Generated CVE annotations [Fri Oct 29 10:29:18 UTC 2021] 🤖 2021-10-29 10:29:18 +00:00
sandeep f635c80512 Adding metadata 2021-10-29 14:49:58 +05:30
sandeep a451cfb48a misc update 2021-10-29 14:24:20 +05:30
sandeep 8f4a90f33a Added Hikvision RCE (CVE-2021-36260) 2021-10-29 13:47:09 +05:30
Prince Chaddha 3aadf53a95
Merge pull request #3014 from Mad-robot/patch-2 
Create CVE-2021-42566.yaml
 2021-10-29 00:29:05 +05:30
Prince Chaddha e58e1ef96d
Update CVE-2021-42566.yaml 2021-10-29 00:25:45 +05:30
Prince Chaddha 7f9490d762
Update CVE-2021-42565.yaml 2021-10-29 00:25:12 +05:30
Prince Chaddha 263fb400e9
Update CVE-2021-42566.yaml 2021-10-29 00:22:29 +05:30
SaN ThosH ca73e75974
Create CVE-2021-42566.yaml 2021-10-27 20:13:56 +05:30
SaN ThosH 0675ba8c67
Update and rename CVE-2021-42566.yaml to CVE-2021-42565.yaml 2021-10-27 20:10:59 +05:30
SaN ThosH bbe3e7b542
Create CVE-2021-42566.yaml 2021-10-27 20:08:59 +05:30
sandeep 2d19236680 misc update 2021-10-27 18:21:06 +05:30
sandeep 6490a968b3 Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 18:01:04 +05:30
sandeep 2fa9791bdc misc update 2021-10-26 14:32:23 +05:30
sandeep 1986e1211d Adding condition between word matcher 2021-10-26 14:25:37 +05:30
Dwi Siswanto 9773130879 Remove blank lines 2021-10-26 15:31:41 +07:00
Dwi Siswanto bf7070dbc7 Add CVE-2021-42258 2021-10-26 15:26:22 +07:00
Prince Chaddha 1db2405c25
Create CVE-2021-36749.yaml 2021-10-25 17:30:48 +05:30
GitHub Action ed4d1afd12 Auto Generated CVE annotations [Fri Oct 22 09:40:47 UTC 2021] 🤖 2021-10-22 09:40:47 +00:00
Prince Chaddha b39200b8e4
Update CVE-2021-33044.yaml 2021-10-21 15:47:46 +05:30
Philippe Delteil 56b0f60d5a
Update CVE-2021-41773.yaml 
Fixes false positive due to IPS/ 

 'Request denied by WatchGuard Firewall.</p><p><b> Reason: </b> IPS detected for "WEB Apache HTTP Server Path traversal (CVE-2021-41773)"'
 2021-10-21 00:57:23 -03:00
GitHub Action f05e7364ca Auto Generated CVE annotations [Wed Oct 20 22:40:20 UTC 2021] 🤖 2021-10-20 22:40:20 +00:00
Prince Chaddha 10ebb22fb8
Merge pull request #2910 from gy741/rule-add-v65 
Create CVE-2021-20031.yaml
 2021-10-19 18:23:40 +05:30
Prince Chaddha 181dda73ec
Update CVE-2021-33044.yaml 2021-10-19 17:44:06 +05:30
GwanYeong Kim 02655a9f22 Create CVE-2021-33044.yaml 
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-19 12:50:07 +09:00
sandeep 3175b12b22 Additional matcher 2021-10-19 03:19:32 +05:30
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
Prince Chaddha 9e37e202bd
Update CVE-2021-20031.yaml 2021-10-18 20:55:47 +05:30
Prince Chaddha 6346c6e93a
Update CVE-2021-20031.yaml 2021-10-18 20:52:36 +05:30
GwanYeong Kim c7fc202ef1 Create CVE-2021-20031.yaml 
A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-10-18 08:24:29 +09:00