Dhiyaneshwaran
3d091e04be
fix trail space
2023-08-25 16:34:27 +05:30
XCapri
3abb16cf64
Create lemlist-takeover.yaml
...
subdomain takeover with lemlist
2023-08-25 16:34:27 +05:30
Dhiyaneshwaran
4e42bddecb
Rename dns/lemlist-takeover.yaml to http/takeovers/lemlist-takeover.yaml
2023-08-25 16:34:27 +05:30
Dhiyaneshwaran
0cc767f24e
Delete CVE-2021-24435.yaml
2023-08-25 16:34:27 +05:30
Dhiyaneshwaran
bf7ddd7e2a
fix trail space
2023-08-25 16:34:27 +05:30
XCapri
7b5070aa5b
Create lemlist-takeover.yaml
...
subdomain takeover with lemlist
2023-08-25 16:34:27 +05:30
GitHub Action
de8fbcbea3
Auto Generated Templates Checksum [Fri Aug 25 10:58:20 UTC 2023] 🤖
2023-08-25 10:58:20 +00:00
GitHub Action
cbdd8bfcf0
Auto Generated New Template Addition List [Fri Aug 25 10:58:16 UTC 2023] 🤖
2023-08-25 10:58:16 +00:00
Prince Chaddha
6a45695f5c
Merge pull request #8063 from king-alexander/kev-workflow
...
Create KEV workflow
2023-08-25 16:27:51 +05:30
Prince Chaddha
d2f6062e00
updated workflow
2023-08-25 15:31:45 +05:30
Dhiyaneshwaran
f6fd83053b
matcher condition fix
2023-08-25 14:36:05 +05:30
Dhiyaneshwaran
453c0ae94b
fix spacing
2023-08-25 14:34:46 +05:30
GitHub Action
e7768ef92d
Auto Generated Templates Checksum [Fri Aug 25 08:39:52 UTC 2023] 🤖
2023-08-25 08:39:53 +00:00
GitHub Action
dcd0110165
Auto Generated New Template Addition List [Fri Aug 25 08:39:45 UTC 2023] 🤖
2023-08-25 08:39:45 +00:00
pussycat0x
650b40cf5a
Merge pull request #8037 from projectdiscovery/CNVD-2021-32799
...
Create CNVD-2021-32799.yaml
2023-08-25 14:09:21 +05:30
GitHub Action
26a352067d
Auto Generated cves.json [Fri Aug 25 08:32:52 UTC 2023] 🤖
2023-08-25 08:32:52 +00:00
GitHub Action
832f9ded17
Auto Generated Templates Checksum [Fri Aug 25 08:31:39 UTC 2023] 🤖
2023-08-25 08:31:39 +00:00
GitHub Action
7c3a8a1505
Auto Generated New Template Addition List [Fri Aug 25 08:31:28 UTC 2023] 🤖
2023-08-25 08:31:28 +00:00
Dhiyaneshwaran
9e10dd794e
Merge pull request #8080 from projectdiscovery/CVE-2020-11798
...
Create CVE-2020-11798.yaml
2023-08-25 14:01:10 +05:30
Dhiyaneshwaran
60a0fe67f5
cvss added
2023-08-25 13:57:04 +05:30
Ritik Chaddha
f4faa84ffb
Create CVE-2020-11798.yaml
2023-08-25 11:38:13 +05:30
GitHub Action
12e5dd8345
TemplateMan Update [Fri Aug 25 05:39:18 UTC 2023] 🤖
2023-08-25 05:39:19 +00:00
GitHub Action
28442ecfc9
Auto Generated Templates Checksum [Fri Aug 25 05:37:31 UTC 2023] 🤖
2023-08-25 05:37:32 +00:00
GitHub Action
1d14f2a048
Auto Generated New Template Addition List [Fri Aug 25 05:37:10 UTC 2023] 🤖
2023-08-25 05:37:11 +00:00
pussycat0x
a6c7580952
Merge pull request #8078 from geeknik/main-2
...
Update weak-cipher-suites.yaml
2023-08-25 11:06:53 +05:30
GitHub Action
8f268672c9
Auto WordPress Plugins Update [Fri Aug 25 04:02:14 UTC 2023] 🤖
2023-08-25 04:02:14 +00:00
GitHub Action
1b6adaac8d
TemplateMan Update [Fri Aug 25 03:57:19 UTC 2023] 🤖
2023-08-25 03:57:20 +00:00
GitHub Action
ac0edd8108
Auto Generated Templates Checksum [Fri Aug 25 03:55:26 UTC 2023] 🤖
2023-08-25 03:55:26 +00:00
GitHub Action
22daf24bcf
Auto Generated New Template Addition List [Fri Aug 25 03:55:15 UTC 2023] 🤖
2023-08-25 03:55:15 +00:00
Dhiyaneshwaran
26b9028b55
Merge pull request #8072 from projectdiscovery/princechaddha-patch-3
...
Create hikvision-ivms-file-upload-bypass.yaml
2023-08-25 09:24:57 +05:30
geeknik
e3439d8417
Update weak-cipher-suites.yaml
...
Here are some potential justifications for lowering the severity of the weak cipher suites alert in Nuclei from medium to low:
- The risks associated with weak cipher suites are mainly related to interception of traffic and decryption of sensitive data in transit. This requires a man-in-the-middle position which limits the scale of potential abuse.
- For an external scan, it is difficult to determine the true impact of weak cipher suites without knowing details of the application architecture and data flows. There could be other protections in place that mitigate the risk.
- Weak cipher suites alone do not enable direct remote code execution or access to underlying resources. Additional vulnerabilities would need to be chained to result in system compromise.
- The classification of "weak" cipher suites is also subjective and changes over time. Something considered weak today may still be commonly used and considered acceptable by many organizations.
- The CVSS score ranges from none to low for interception of non-sensitive data in transit. For external scanning, it's uncertain if truly sensitive data is exposed.
- Remediation requires updating server configurations across potentially many hosts. While recommended in the long term, it is not always trivial for organizations to deploy in the short term.
- There are likely higher severity issues that should be prioritized for remediation first, rather than just the acceptable cipher suites.
While weak cipher suites are not advisable, their ease of exploitation is limited in many real-world scenarios. And when performing external testing, it's difficult to determine the true impact. Given these factors, lowering the severity rating seems reasonable compared to other more serious remote bugs. But organizations should still look to phase out weak ciphers in a responsible manner.
2023-08-25 01:11:23 +00:00
GitHub Action
94700c0ae0
Auto README Update [Thu Aug 24 18:05:18 UTC 2023] 🤖
2023-08-24 18:05:18 +00:00
GitHub Action
74cafea0d2
Auto Generated Templates Stats [Thu Aug 24 18:04:49 UTC 2023] 🤖
2023-08-24 18:04:49 +00:00
GitHub Action
d18f899e00
Auto Generated cves.json [Thu Aug 24 17:50:00 UTC 2023] 🤖
2023-08-24 17:50:11 +00:00
GitHub Action
6e2701102e
Auto Generated Templates Checksum [Thu Aug 24 17:49:59 UTC 2023] 🤖
2023-08-24 17:50:00 +00:00
GitHub Action
fd30717781
Auto Generated New Template Addition List [Thu Aug 24 17:49:52 UTC 2023] 🤖
2023-08-24 17:49:52 +00:00
Ritik Chaddha
17f6abec90
Merge pull request #8070 from projectdiscovery/CVE-2023-39026
...
Create CVE-2023-39026.yaml
2023-08-24 23:19:35 +05:30
Ritik Chaddha
bcf747cc69
update matchers|info
2023-08-24 23:15:24 +05:30
GitHub Action
cf21ef1cb3
Auto Generated Templates Checksum [Thu Aug 24 17:42:27 UTC 2023] 🤖
2023-08-24 17:42:27 +00:00
GitHub Action
de3f67aea6
Auto Generated cves.json [Thu Aug 24 17:41:05 UTC 2023] 🤖
2023-08-24 17:41:17 +00:00
GitHub Action
2961211203
Auto Generated New Template Addition List [Thu Aug 24 17:40:57 UTC 2023] 🤖
2023-08-24 17:40:57 +00:00
Dhiyaneshwaran
777a520c8e
Create CVE-2023-38035.yaml ( #8075 )
...
* Create CVE-2023-38035.yaml
* syntax fix
* working template
* misc updates
---------
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-24 23:10:37 +05:30
Prince Chaddha
c1bfdf2609
Update hikvision-ivms-file-upload-bypass.yaml
2023-08-24 18:25:47 +05:30
Prince Chaddha
b20726b619
updated POC with a valid file upload
2023-08-24 18:08:26 +05:30
Dhiyaneshwaran
3e8c8533b5
minor update
2023-08-24 17:14:56 +05:30
Prince Chaddha
9fc5093a3a
fixed lint
2023-08-24 16:19:35 +05:30
Prince Chaddha
5972c3fb32
Rename http/vulnerabilities/hikvision-ivms-file-upload-rce.yaml to http/vulnerabilities/hikvision/hikvision-ivms-file-upload-rce.yaml
2023-08-24 16:15:57 +05:30
Prince Chaddha
da3a426920
Create hikvision-ivms-file-upload-bypass.yaml
2023-08-24 16:14:56 +05:30
pengzy2
45f49c210a
Add Greenbone Security Assistant
2023-08-24 15:03:08 +08:00
GitHub Action
ce7d7f288c
TemplateMan Update [Thu Aug 24 06:15:35 UTC 2023] 🤖
2023-08-24 06:15:36 +00:00