6bb5383073
Update weblogic-t3-detect.yaml
2021-06-24 22:14:38 +05:30
0d7348b33d
Added version extractors
2021-06-24 22:13:10 +05:30
7da6782e8e
Add files via upload
2021-06-24 22:13:08 +05:30
73f5c10e54
Merge pull request #1 from projectdiscovery/master
...
New
2021-06-24 22:08:20 +05:30
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
9cc9a52db2
Create CVE-2017-12794.yaml
2021-06-24 15:49:12 +00:00
cb18f313fd
Create huawei-hg659-lfi.yaml
2021-06-24 15:41:18 +00:00
19d80d9d0a
Create CVE-2020-3580.yaml
2021-06-24 15:34:19 +00:00
988b2f278c
Auto Update README [Thu Jun 24 14:36:56 UTC 2021] 🤖
2021-06-24 14:36:56 +00:00
1f9436c235
Merge pull request #1772 from projectdiscovery/flywheel-takeover
...
Create flywheel-takeover.yaml
2021-06-24 20:06:36 +05:30
2ccd670b66
Create flywheel-takeover.yaml
2021-06-24 20:05:36 +05:30
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
37261f7a2f
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml
2021-06-24 16:52:04 +05:30
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
2f1aa7e102
Auto Update README [Wed Jun 23 21:03:42 UTC 2021] 🤖
2021-06-23 21:03:42 +00:00
35cf8d1378
Merge pull request #1221 from projectdiscovery/princechaddha-patch-6
...
Create CVE-2018-9995.yaml
2021-06-24 02:33:20 +05:30
b129a117db
Auto Update README [Wed Jun 23 21:02:56 UTC 2021] 🤖
2021-06-23 21:02:56 +00:00
bc7e8a80db
Merge pull request #1336 from projectdiscovery/princechaddha-patch-5
...
Create resin-inputfile-fileread.yaml
2021-06-24 02:32:40 +05:30
0fbbfdd364
Update CVE-2018-9995.yaml
2021-06-24 02:32:23 +05:30
27d4958ec8
Auto Update README [Wed Jun 23 20:59:03 UTC 2021] 🤖
2021-06-23 20:59:03 +00:00
ed4c5a415d
Merge pull request #1335 from projectdiscovery/princechaddha-patch-4
...
Create resin-viewfile-lfr.yaml
2021-06-24 02:28:47 +05:30
c45ec90d5f
Update resin-inputfile-fileread.yaml
2021-06-24 02:28:18 +05:30
f38437ba47
Auto Update README [Wed Jun 23 20:56:39 UTC 2021] 🤖
2021-06-23 20:56:39 +00:00
9479826132
Merge pull request #1747 from Udyz/patch-3
...
Create CVE-2021-21389
2021-06-24 02:26:23 +05:30
2ea763517a
Auto Update README [Wed Jun 23 20:54:58 UTC 2021] 🤖
2021-06-23 20:54:58 +00:00
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
b2114008ad
Merge pull request #1595 from pikpikcu/patch-173
...
Create jeewms-lfi
2021-06-24 02:24:41 +05:30
c881807995
Auto Update README [Wed Jun 23 20:32:59 UTC 2021] 🤖
2021-06-23 20:32:59 +00:00
89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
...
New template added
2021-06-24 02:02:42 +05:30
07b0b7a1f2
Update webmodule-ee.yaml
2021-06-24 01:43:57 +05:30
c383c120b7
moved to wordpress folder
2021-06-24 01:39:09 +05:30
3e7269f2a4
Rename ALFA_DATA.yaml to alfacgiapi-wordpress.yaml
2021-06-24 01:37:45 +05:30
8c7e69fafd
Update ALFA_DATA.yaml
2021-06-24 01:36:47 +05:30
aeed665ff7
Update ALFA_DATA.yaml
2021-06-24 01:29:50 +05:30
5fa51dd043
Update phpmyadmin-sql.php-server.yaml
2021-06-24 01:26:51 +05:30
161204c20e
Rename wordpress-123ContactForm.yaml to wp-123contactform-plugin-listing.yaml
2021-06-24 01:13:42 +05:30
8f247c03c0
Removed trailing spaces
2021-06-24 01:11:14 +05:30
a4e439024e
Added missing condition
2021-06-24 01:10:33 +05:30
134a23aeab
Some fixes (WIP)
...
- Added missing matcher condition
- Updated severity to lowercase, as it's case sensitive
2021-06-24 01:03:41 +05:30
ee98801f00
more strict matcher
2021-06-24 00:52:08 +05:30
d16bf38838
Merge pull request #1764 from geeknik/patch-106
...
Update general-tokens.yaml
2021-06-24 00:41:03 +05:30
525c0cce48
misc changes
2021-06-24 00:38:16 +05:30
c3ec7fa236
Merge pull request #1763 from wdahlenburg/cve_2012_3153_hotfix
...
Added status to CVE-2012-3153
2021-06-24 00:21:04 +05:30
9386111906
making status check generic both case
2021-06-24 00:13:58 +05:30
459dd6b84b
misc changes
2021-06-23 23:48:34 +05:30
2dd0ce2664
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:37:14 +05:30
5ae899a66f
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:34:13 +05:30
c1f5c60700
Update wordpress-123ContactForm.yaml
2021-06-23 21:31:03 +05:30
418de400a7
Add files via upload
2021-06-23 21:27:43 +05:30
d7eae53622
Update general-tokens.yaml
...
fix more FP
2021-06-23 15:50:38 +00:00
sandeep
pussycat0x
PikPikcU
GitHub Action
Prince Chaddha
GwanYeong Kim
Sandeep Singh
Prince Chaddha
Geeknik Labs