Commit Graph

1731 Commits (ce20d7267e743f5b8697f6672182fcae1dcae46b)

Author SHA1 Message Date
Prince Chaddha 84b9e66fba
Merge pull request #4073 from ritikchaddha/patch-16
Create pbootcms-database-file-download.yaml
2022-04-07 17:32:58 +05:30
Prince Chaddha 6f2ae23929
Merge pull request #4074 from ritikchaddha/patch-17
Create dss-download-fileread.yaml
2022-04-07 17:32:37 +05:30
Prince Chaddha d2c87cf12a
Update pbootcms-database-file-download.yaml 2022-04-07 17:30:29 +05:30
Prince Chaddha 465b904cf1
Update pbootcms-database-file-download.yaml 2022-04-07 17:24:43 +05:30
Prince Chaddha c509256843
Update dss-download-fileread.yaml 2022-04-07 17:07:42 +05:30
Prince Chaddha 3dafb4bbfe
Update kingsoft-v8-file-read.yaml 2022-04-07 16:58:32 +05:30
Ritik Chaddha 78625369df
Create dss-download-fileread.yaml 2022-04-07 16:01:28 +05:30
Ritik Chaddha cfee24aaa7
Create pbootcms-database-file-download.yaml 2022-04-07 15:53:09 +05:30
Ritik Chaddha 2f849a6620
Create kingsoft-v8-file-read.yaml 2022-04-07 15:15:14 +05:30
Prince Chaddha 0c6a333a38
Update ns-asg-file-read.yaml 2022-04-07 14:31:10 +05:30
Prince Chaddha 9bf3b9493c
Update ns-asg-file-read.yaml 2022-04-07 14:24:10 +05:30
Prince Chaddha 888c593257
Update ns-asg-file-read.yaml 2022-04-07 14:23:54 +05:30
Ritik Chaddha 37dc09b55b
Update ns-asg-file-read.yaml 2022-04-07 14:14:15 +05:30
sullo becdd7810b
Cleanup Joomla! Jvehicles template (#3983)
* Cleanup Joomla! Jvehicles template since it was labeled as SQLi but had a test for LFI
Create new template for the Jvehicles LFI

* Fix id

* path update

* Delete CVE-2010-1873.yaml

temporarily removing as it doesn't contain the exact matchers.

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-04-06 17:21:08 +05:30
Prince Chaddha 3b767cd5b6
Merge pull request #4055 from ritikchaddha/patch-5
Create kingdee-eas-directory-traversal.yaml
2022-04-06 13:34:12 +05:30
Prince Chaddha 0c07ddb3a7
Update kingdee-eas-directory-traversal.yaml 2022-04-06 13:32:42 +05:30
Prince Chaddha 7aa021fd1e
Merge pull request #4057 from ritikchaddha/patch-7
Create seacms-sqli.yaml
2022-04-06 13:32:19 +05:30
Prince Chaddha b5e81d3f54
Update kingdee-eas-directory-traversal.yaml 2022-04-06 13:31:21 +05:30
Prince Chaddha 831f53d205
Rename vulnerabilities/seacms-sqli.yaml to vulnerabilities/other/seacms-sqli.yaml 2022-04-06 13:21:30 +05:30
Prince Chaddha c3e409cff5
Update seacms-sqli.yaml 2022-04-06 10:18:53 +05:30
Prince Chaddha 9ade9247db
Merge pull request #4035 from projectdiscovery/3cx-management-console
Create 3cx-management-console.yaml
2022-04-06 09:37:38 +05:30
Prince Chaddha 0451a7c3ea
Update 3cx-management-console.yaml 2022-04-06 09:30:14 +05:30
Sandeep Singh 3d15307605
Fixed mobileiron-log4j-jndi-rce (#4060) 2022-04-05 23:02:05 +05:30
Ritik Chaddha 4e8eb2adc8
Create seacms-sqli.yaml 2022-04-05 18:42:45 +05:30
Ritik Chaddha cd16ff171d
Create kingdee-eas-directory-traversal.yaml 2022-04-05 17:20:57 +05:30
Prince Chaddha 1d0be90f62
Merge pull request #4044 from Splint3r7/master
Enhancement - PR#4009
2022-04-04 18:40:48 +05:30
Hassan Khan 45b992d75d Updating Templates 2022-04-03 14:17:31 +05:00
Prince Chaddha cbb575dddb
Create 3cx-management-console.yaml 2022-04-02 16:24:05 +05:30
Prince Chaddha ef807cd420
Merge pull request #4005 from daffainfo/patch-7
Create admin-word-count-column-lfi.yaml
2022-04-02 16:11:47 +05:30
Prince Chaddha 786636813e
Update admin-word-count-column-lfi.yaml 2022-04-02 16:09:39 +05:30
Prince Chaddha 58d84ce38a
Merge pull request #4004 from daffainfo/patch-6
Create amministrazione-aperta-lfi.yaml
2022-04-02 16:07:07 +05:30
Prince Chaddha 56b6ef7205
Update amministrazione-aperta-lfi.yaml 2022-04-02 16:04:50 +05:30
Prince Chaddha b09ac6b3bc
Merge pull request #4009 from Splint3r7/master
Add video-synchro-pdf & cab-fare-calculator - WordPress Plugin LFI
2022-04-02 15:32:30 +05:30
Prince Chaddha 0468dc5782
Update video-synchro-pdf-lfi.yaml 2022-04-02 15:30:18 +05:30
Prince Chaddha a13f72f634
Update cab-fare-calculator-lfi.yaml 2022-04-02 15:28:48 +05:30
Prince Chaddha 4a1d72d2a7
Update video-synchro-pdf-lfi.yaml 2022-04-02 15:25:19 +05:30
Prince Chaddha 87e5919079
Update cab-fare-calculator-lfi.yaml 2022-04-02 15:24:02 +05:30
MostInterestingBotInTheWorld 6ddfbac2b4
Dashboard Content Enhancement (#4020)
* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

* Remove empty cve lines and relocate tags

* Remove blank cve lines & move tags

* Fix merge errors

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-2551.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Syntax cleanup

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Syntax and a title change

* Enhancement: cves/2021/CVE-2021-38702.yaml by mp

* Fix references

* Enhancement: cves/2021/CVE-2021-38704.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-44529.yaml by mp

* Conflicts resolved

* Fix quoting

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-23779.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp

* Enhancement: default-logins/emqx/emqx-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Update CVE-2020-25223.yaml

* Update CVE-2020-26214.yaml

* Update CVE-2020-25506.yaml

* Update CVE-2020-2551.yaml

* Update CVE-2020-26919.yaml

* Update CVE-2021-44529.yaml

* Update CVE-2020-28871.yaml

* Update CVE-2020-28188.yaml

* Update CVE-2021-45967.yaml

* Update hue-default-credential.yaml

* Update CVE-2021-44529.yaml

* misc syntax update

* Syntax  restore some characters

* Spacing

* Enhancement: vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml by mp

* Enhancement: vulnerabilities/wordpress/issuu-panel-lfi.yaml by mp

* Enhancement: cves/2019/CVE-2019-10068.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-11580.yaml by mp

* Enhancement: cves/2019/CVE-2019-11581.yaml by mp

* Enhancement: cves/2019/CVE-2019-12314.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Link wrapping issue

* Enhancement: cves/2019/CVE-2019-13462.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16759.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cves/2019/CVE-2019-16278.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-12725.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-10543.yaml by cs

* Enhancement: cves/2021/CVE-2021-33807.yaml by mp

* Enhancement: cves/2010/CVE-2010-0943.yaml by mp

* Enhancement: cves/2008/CVE-2008-6172.yaml by mp

* Enhancement: vulnerabilities/simplecrm/simple-crm-sql-injection.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: network/cisco-smi-exposure.yaml by mp

* Enhancement: cves/2021/CVE-2021-37704.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2019/CVE-2019-16313.yaml by mp

* Enhancement: cves/2021/CVE-2021-3017.yaml by mp

* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-5278.yaml by mp

* Enhancement: cves/2021/CVE-2021-37573.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2018/CVE-2018-11709.yaml by mp

* Enhancement: cves/2014/CVE-2014-2321.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Manual enhancement

* Manual enhancement push due to dashboard failure

* Testing of dashboard accidentally commited to dashboard branch

* Spacing
Put some CVEs in the classification

* Add missing cve-id fields to templates in cve/

Co-authored-by: sullo <sullo@cirt.net>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-04-01 14:21:42 +05:30
sandeep b06d02b2fe template id update 2022-03-30 15:16:52 +05:30
Hassan Khan e667127067 Merge branch 'master' of https://github.com/Splint3r7/nuclei-templates 2022-03-30 10:42:37 +05:00
Hassan Khan df4bc6693d WordPress LFI 2022-03-30 10:42:22 +05:00
Hassan Khan 1da098f499 Will push again 2022-03-30 10:39:37 +05:00
Hassan Khan 1f815786c0 LFI Templates 2022-03-30 10:35:04 +05:00
Muhammad Daffa 10fe7186ca
Create admin-word-count-column-lfi.yaml 2022-03-29 19:59:12 +07:00
Muhammad Daffa 605bb41f03
Update amministrazione-aperta-lfi.yaml 2022-03-29 19:58:21 +07:00
Muhammad Daffa 613a5800ae
Create amministrazione-aperta-lfi.yaml 2022-03-29 19:55:33 +07:00
sandeep e82f14ee67 additional reference + path update 2022-03-28 22:28:04 +05:30
Sandeep Singh 5f28041069
Added Spring Boot Log4j Remote Code Injection (#3993)
* Added Spring Boot Log4j Remote Code Injection

* minor improvements to CVE-2021-44228

* URI based payload update to catch injection point
2022-03-28 01:46:50 +05:30
gy741 04ec5b6b6d
Create netgear-wac124-router-auth-bypass.yaml (#3986)
* Create netgear-wac124-router-auth-bypass.yaml

This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-27 20:40:41 +05:30
东方有鱼名为咸 38a902317f
add springcloud-function-spel-rce (#3991)
* add springcloud-function-spel-rce

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-27 20:17:28 +05:30