Commit Graph

1579 Commits (dfef57de4478852328c7fea8a89e84d2fa38628b)

Author SHA1 Message Date
sandeep a736120dc0 minor updates 2021-06-25 00:02:05 +05:30
Sandeep Singh e84c784fa2
Merge pull request #1689 from nrathaus/master
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
sandeep a9a161f8c6 Update CVE-2021-28164.yaml 2021-06-24 23:56:33 +05:30
sandeep 809668943f minor changes 2021-06-24 23:54:29 +05:30
wyatt 16e5ad7fad The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now 2021-06-24 13:37:45 -04:00
PikPikcU b97d012636
Create CVE-2021-28169.yaml 2021-06-24 16:00:02 +00:00
GwanYeong Kim e7bb4bff23 Create CVE-2021-3223.yaml
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
GwanYeong Kim cc0dd04ac2 Create CVE-2021-21234.yaml
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
sandeep 416bafe2fa misc changes 2021-06-24 02:24:58 +05:30
lulz 04a7fda94a
Update CVE-2021-21389.yaml 2021-06-22 19:12:35 +07:00
lulz 014ca91e15
hmm just simple check...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
Sandeep Singh dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml 2021-06-22 04:05:42 +05:30
lulz 0d5a57bc23
Create CVE-2021-21389 2021-06-21 12:33:14 +07:00
Noam Rathaus bb6fa66dd9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-20 13:56:54 +03:00
Sandeep Singh 9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
sandeep b301c830a3 final improvements 2021-06-18 15:02:17 +05:30
sandeep 27d67855e8 misc changes 2021-06-18 14:42:13 +05:30
Sandeep Singh 4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
Prince Chaddha bfa70bacf5
Update CVE-2021-21975.yaml 2021-06-17 22:55:10 +05:30
Noam Rathaus 01b77a7ed2 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-17 16:54:18 +03:00
Dwi Siswanto 8a1d7bd7d2 Hotfix FP of CVE-2021-24146 2021-06-17 08:16:54 +07:00
Sandeep Singh bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4
Create CVE-2021-24237.yaml
2021-06-16 01:56:39 +05:30
sandeep 5cff973564 Added tags 2021-06-16 01:02:21 +05:30
sandeep c36419c94c Added CVE-2021-28854 2021-06-16 01:01:01 +05:30
Noam Rathaus b5bdac494b Merge branch 'master' of https://github.com/nrathaus/nuclei-templates 2021-06-13 09:54:52 +03:00
Prince Chaddha 3779eb70e0 Moved template to cves folder 2021-06-11 16:48:05 +05:30
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep ccdb667d3b YML to YAML 2021-06-09 14:42:14 +05:30
sandeep 1299ae621f Update CVE-2021-28164.yml 2021-06-09 14:39:19 +05:30
sandeep eef5158207 Update CVE-2021-28164.yml 2021-06-09 14:38:12 +05:30
sandeep 23cb4c4d9f moving files around 2021-06-09 14:37:40 +05:30
sandeep 0cdfd0468f Update CVE-2021-24285.yaml 2021-06-09 04:01:21 +05:30
sandeep 2953942c3c Added CVE-2021-24285 2021-06-09 03:13:23 +05:30
sandeep 8e13733d34 moving files around 2021-06-04 16:30:31 +05:30
Prince Chaddha 5269cc1c87
Update CVE-2021-22122.yaml 2021-06-02 13:17:00 +05:30
root 2678721174 Added new path for CVE-2021-22122.yaml 2021-06-02 00:06:20 +01:00
sandeep 19b73df6be Update CVE-2021-21985.yaml 2021-05-31 19:44:44 +05:30
sandeep 633644b159 Added CVE-2021-21985 2021-05-31 19:20:59 +05:30
0xsapra 0d8c5607cb
CVE-2021-33564.yaml 2021-05-29 02:33:38 +05:30
sandeep 26fc5c2dfa Added CVE-2021-27850 2021-05-21 09:04:16 +05:30
Geeknik Labs 67bf4fab3c
Update CVE-2021-29622.yaml 2021-05-20 13:14:28 +00:00
Geeknik Labs dde1e5e736
Create CVE-2021-29622.yaml 2021-05-20 13:13:18 +00:00
Sandeep Singh 78abf0d8a2
Merge pull request #1480 from nrathaus/master
Changes to reference and description
2021-05-17 21:54:41 +05:30
Geeknik Labs 0cf6e5507e
Update and rename cves/2021/CVE-2021-31800.yaml to cves/2014/CVE-2014-3744.yaml 2021-05-17 13:18:10 +00:00
Sandeep Singh c0d13a6def
Merge pull request #1475 from Ganofins/patch-3
Create CVE-2021-24176.yaml
2021-05-16 22:15:39 +05:30
sandeep 1d9cdf949b Update CVE-2021-24176.yaml 2021-05-16 22:12:33 +05:30
Noam Rathaus dbdf6e8b6e Better description 2021-05-16 15:53:51 +03:00
sandeep e46fcb9e9a Adding CVE-2021-27651 2021-05-16 15:10:08 +05:30
Ganesh Bagaria 4170b2d3e3
Create CVE-2021-24176.yaml 2021-05-16 12:59:32 +05:30
Prince Chaddha 5e2eaaf7a7
Update CVE-2021-31800.yaml 2021-05-16 02:16:34 +05:30
Geeknik Labs 4e1c4986f8
Create CVE-2021-31800.yaml 2021-05-15 18:56:07 +00:00
sandeep 7b4d736b94 Adding additional matcher 2021-05-14 22:15:50 +05:30
Geeknik Labs 77b95af240
Update CVE-2021-31537.yaml 2021-05-12 20:27:33 +00:00
Geeknik Labs 8365697de4
Update CVE-2021-31537.yaml 2021-05-12 20:25:22 +00:00
Geeknik Labs 7dcfccff74
Create CVE-2021-31537.yaml 2021-05-12 20:23:19 +00:00
sandeep 988d09e2de Added CVE-2021-28073 2021-05-07 20:30:23 +05:30
sandeep c56111663f Added CVE-2021-30461 2021-05-07 18:00:10 +05:30
Sandeep Singh cee291e366
Merge pull request #1419 from dwisiswant0/add/GHSL-2020-325
Hotfix: Update operator
2021-05-07 16:46:43 +05:30
Dwi Siswanto 1f5cbe507c Update operator 2021-05-06 16:24:08 +07:00
Sandeep Singh 1198c7e724
Merge pull request #1382 from dwisiswant0/add/GHSL-2020-325
Add CVE-2021-29441
2021-05-05 18:26:10 +05:30
sandeep 22f123ff79 template update 2021-05-05 18:23:07 +05:30
Dwi Siswanto d2ea9d2da0 Using Get configurations open API endpoint 2021-05-04 13:18:55 +07:00
Dwi Siswanto 3a51f45be5 Update description 2021-04-28 21:01:25 +07:00
Prince Chaddha 56d09dda92
Update CVE-2021-29442.yaml 2021-04-28 18:30:55 +05:30
Dwi Siswanto 64a45f2439 Add CVE-2021-29442 2021-04-28 12:01:34 +07:00
Dwi Siswanto 486103e0d4 Add CVE-2021-29441 2021-04-28 11:54:36 +07:00
sandeep ee74145a98 template update 2021-04-23 15:38:41 +05:30
sandeep 76c08284ce Adding more references 2021-04-23 14:21:15 +05:30
sandeep c539514cdd Update CVE-2021-27905.yaml 2021-04-23 14:18:51 +05:30
sandeep 33c9b30143 Template fix and minor updates 2021-04-23 14:14:49 +05:30
Dhiyaneshwaran 6ca4f1c5d2
Create CVE-2021-27905 2021-04-23 12:53:49 +05:30
sandeep 2f434d0440 Update CVE-2021-24146.yaml 2021-04-23 08:50:02 +05:30
sandeep 6cd5b9d35c CVE update 2021-04-23 08:47:52 +05:30
sandeep 65b6c57e9f Temporarily removing this template 2021-04-22 09:46:29 +05:30
sandeep 6cb0b89738 minor update 2021-04-21 12:46:44 +05:30
SaN ThosH f91c579fb3
Update CVE-2021-28480.yaml 2021-04-21 12:24:19 +05:30
SaN ThosH beb1ac700e
Update CVE-2021-28480.yaml 2021-04-21 02:51:05 +05:30
SaN ThosH 8e8ef1a0dd
Update CVE-2021-28480.yaml 2021-04-21 02:42:50 +05:30
SaN ThosH 5a8949554c
Create CVE-2021-28480.yaml 2021-04-21 02:34:10 +05:30
Sandeep Singh 954fe60b85
Merge pull request #1286 from geeknik/patch-66
Create CVE-2021-3374.yaml
2021-04-17 20:45:29 +05:30
sandeep 6bf828d61d Update CVE-2021-28937.yaml 2021-04-16 02:21:48 +05:30
Geeknik Labs aa2ac6471d
Update CVE-2021-28937.yaml 2021-04-15 20:31:01 +00:00
Geeknik Labs e7a1fde388
Update CVE-2021-28937.yaml 2021-04-15 20:24:24 +00:00
Geeknik Labs 6edf8c3a8b
Create CVE-2021-28937.yaml 2021-04-15 20:20:27 +00:00
Geeknik Labs a6417c6fa5
Update CVE-2021-3374.yaml 2021-04-14 23:54:48 +00:00
Geeknik Labs de7321344f
Create CVE-2021-3374.yaml 2021-04-14 20:56:03 +00:00
sandeep b0b45dd599 Update CVE-2021-30151.yaml 2021-04-11 17:51:41 +05:30
Prince Chaddha 43e59a577e
Update CVE-2021-30151.yaml 2021-04-11 01:00:49 +05:30
Prince Chaddha 4c9cbc1692
Update CVE-2021-30151.yaml 2021-04-11 00:57:38 +05:30
Dhiyaneshwaran 1692ef1821
Update CVE-2021-30151.yaml 2021-04-10 23:47:02 +05:30
Dhiyaneshwaran 1e0b6ea383
Update CVE-2021-30151.yaml 2021-04-10 23:43:37 +05:30
Dhiyaneshwaran 3e3db1c972
Update CVE-2021-30151.yaml 2021-04-10 23:37:38 +05:30
Dhiyaneshwaran e87a0671ee
Create CVE-2021-30151.yaml 2021-04-10 22:58:27 +05:30
Noam Rathaus 989ee9d9dd Spelling 2021-04-06 13:38:03 +03:00
Dwi Siswanto c2c7c9b0c2 Add header matcher 2021-04-02 07:17:18 +07:00
Dwi Siswanto efae3ccd11 Update vulnerable paths 2021-04-02 07:11:37 +07:00
Dwi Siswanto bb33d0597b Update routes 2021-04-02 05:28:27 +07:00
Dwi Siswanto 029706a939 Add more vulnerable path 2021-04-02 05:17:29 +07:00
Dwi Siswanto 79c0046596 Update severity 2021-04-02 05:17:07 +07:00
Dwi Siswanto ad69b05f11 🔥 Add CVE-2021-21402 2021-04-02 05:16:53 +07:00
sandeep 570cc1a220 Update CVE-2021-21975.yaml 2021-03-31 22:45:42 +05:30
sandeep 063d685ac5 Update CVE-2021-21975.yaml 2021-03-31 06:27:33 +05:30
sandeep 94a4c87c3f safe matcher 2021-03-31 06:22:10 +05:30
daemonum 8f7e7cba24
Add CVE-2021-21975 2021-03-31 02:43:36 +03:00
Noam Rathaus 66f141f733 Better reference 2021-03-25 12:08:15 +02:00
PD-Team 5d8bf70470
Merge pull request #1137 from nrathaus/master
Description and References on some templates were missing
2021-03-24 23:02:15 +05:30
SaN ThosH bc5ab99237 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH 8e781f97d0 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
sandeep 7a8d56ee65 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
sandeep 635cc7fae7 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH 9987dc0c36 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH 33e3fac8da Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH c55a72a168 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH 38daf751a3 Update CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
SaN ThosH 3876cb6b55 Create CVE-2021-26295.yaml 2021-03-24 22:57:35 +05:30
Noam Rathaus 93bc3a76b1 Better references and description 2021-03-24 08:48:11 +02:00
sandeep ca66fa321b Update CVE-2021-22986.yaml 2021-03-22 18:21:42 +05:30
sandeep 339077ff43 misc fixes 2021-03-22 01:19:30 +05:30
sandeep d021e2084e Update CVE-2021-22986.yml 2021-03-21 21:48:27 +05:30
Rahul Maini 71886cb8ca Adding F5 BIG-IP iControl REST Pre-Auth RCE 2021-03-21 20:08:00 +04:00
sandeep ad84ecb792 tag improvements 2021-03-18 13:24:36 +05:30
PD-Team 110617aa03
Merge pull request #961 from Mad-robot/master
CVE-2021-25281 wheel_async unauth access
2021-03-13 21:19:16 +05:30
sandeep 06945d56a8 fixing typos 2021-03-10 19:33:49 +05:30
Noam Rathaus d6c3028f60 Spelling mistake 2021-03-10 13:49:34 +02:00
PD-Team 0161c03b65
Merge pull request #1027 from dwisiswant0/add/cves/2021/CVE-2021-21978
Add CVE-2021-21978
2021-03-10 01:56:23 +05:30
Noam Rathaus d04f747147 Spelling mistake in the parameter 2021-03-08 16:17:59 +02:00
sandeep 3f840d0783 minor update 2021-03-08 19:41:41 +05:30
sandeep 3c01c4df56 minor fix 2021-03-08 13:43:06 +05:30
aron 0c761a2e85 No need for internet connection and leak to burp 2021-03-08 08:55:22 +01:00
sandeep 855da4abcd Additional references 2021-03-06 16:25:24 +05:30
sandeep c6deb0c2fc misc changes 2021-03-06 13:04:26 +05:30
SaN ThosH 61327f4d96
Update CVE-2021-26855.yaml 2021-03-06 13:02:30 +05:30
SaN ThosH 9ac013952d
Update CVE-2021-26855.yaml 2021-03-06 12:46:45 +05:30
SaN ThosH d12120355c
Update CVE-2021-26855.yaml 2021-03-06 12:37:41 +05:30
SaN ThosH 55e4c5d32e
Create CVE-2021-26855.yaml 2021-03-06 12:30:59 +05:30
Dwi Siswanto df24aca916 ✏️ Fix misspelling of 'image' in content-type 2021-03-05 15:29:13 +07:00
Dwi Siswanto b2e4914f98 🔥 Add CVE-2021-21978 2021-03-05 15:27:05 +07:00
sandeep 1a652283db Update CVE-2021-21315.yaml 2021-03-04 20:28:32 +05:30
PD-Team db15888b10
Merge pull request #998 from pikpikcu/patch-102
Create CVE-2021-21315
2021-03-04 20:27:55 +05:30
sandeep 7c32ecd13e improved matcher 2021-03-04 20:25:34 +05:30
sandeep 6f9c901ca7 misc updates 2021-03-03 11:58:28 +05:30
PikPikcU a236c53d68
Update CVE-2021-21315.yaml 2021-03-03 00:43:48 +07:00
PD-Team 883bfacbdd
Merge pull request #993 from geeknik/patch-43
Create CVE-2021-27132.yaml
2021-03-02 21:45:35 +05:30
PikPikcU 723ea55285
Create CVE-2021-21315.yaml 2021-03-02 11:02:08 +00:00
sandeep c56ba05165 Update CVE-2021-27330.yaml 2021-03-02 14:20:19 +05:30
sandeep 5b690a9003 improving matcher 2021-03-02 12:36:11 +05:30
Geeknik Labs 15f52ad586
Update CVE-2021-27132.yaml
omg typo
2021-03-01 20:34:15 +00:00
Geeknik Labs 9a598c5335
Update CVE-2021-27132.yaml 2021-03-01 14:17:25 +00:00
Geeknik Labs a07d7bca4e
Create CVE-2021-27132.yaml 2021-03-01 14:15:30 +00:00
PikPikcU da44a0face
Create CVE-2021-27330.yaml 2021-03-01 11:46:14 +00:00
PD-Team 2b1c3aa29c
Merge pull request #985 from dwisiswant0/add/cves/2021/CVE-2021-3378
Add FortiLogger Unauthenticated Arbitrary File Upload
2021-03-01 14:20:36 +05:30
sandeep bea2bfee01 Added complete poc 2021-03-01 14:15:16 +05:30
sandeep f0e0bcfd04 Update CVE-2021-3378.yaml 2021-03-01 12:50:00 +05:30
sandeep 4a4c9c3437 misc update 2021-03-01 12:27:18 +05:30
Dwi Siswanto bb60b70454 🔨 Add missing matchers-condition 2021-03-01 07:33:25 +07:00
Dwi Siswanto 998216b8c0 🔥 Add CVE-2021-3378 2021-03-01 07:32:59 +07:00
sandeep 530658c9da Update CVE-2021-3129.yaml 2021-02-27 23:56:53 +05:30
sandeep 6cb87158a7 improved matcher 2021-02-27 23:54:39 +05:30
sandeep 705b0d05f3 Update CVE-2021-3129.yaml 2021-02-27 18:31:48 +05:30
sandeep dcd939ad97 Update CVE-2021-3129.yaml 2021-02-27 18:30:16 +05:30
sandeep d6e5c4df85 Update CVE-2021-3129.yaml 2021-02-27 18:27:42 +05:30
sandeep 0781aa3d66 Adding CVE-2021-3129 2021-02-27 18:26:57 +05:30
sandeep 586d4c7e8d Update CVE-2021-25281.yaml 2021-02-26 18:12:25 +05:30
sandeep 125f592c47 adding condition 2021-02-26 17:55:38 +05:30
SaN ThosH c11420de46
Update CVE-2021-25281.yaml 2021-02-26 14:35:50 +05:30
SaN ThosH d308f8734d
Update CVE-2021-25281.yaml 2021-02-26 14:32:59 +05:30
SaN ThosH d719d890a0
Create CVE-2021-25281.yaml 2021-02-26 14:32:30 +05:30
Dwi Siswanto 6d514eee84 🔥 Add CVE-2021-21972 2021-02-25 07:37:02 +07:00
PikPikcU e1768ccede
Added CVE-2021-26710 (#822)
* Created CVE-2021-26710 🔥
2021-02-09 18:28:32 +05:30
PikPikcU cb926dc3b9
Added CVE-2021-26722 🔥 (#821) 2021-02-08 01:39:58 +05:30
PikPikcU 316f0d5daa
Added CVE-2021-26723 🔥 (#819) 2021-02-07 21:11:09 +05:30
PD-Team 00d26c0608
Added tags to cves 😎 (#813)
* Added tags to cves 😎
2021-02-06 01:14:41 +05:30
PD-Team 33ae9284e2 Update CVE-2021-22122.yaml 2021-02-04 19:43:13 +05:30
Dwi Siswanto 2cae0785ca 🔥 Add CVE-2021-22122 2021-02-04 20:33:19 +07:00
PD-Team b33a15f3e2 Update CVE-2021-25646.yaml 2021-02-03 21:42:03 +05:30
PikPikcU 85db9df19d
CVE-2021-25646 2021-02-03 09:24:49 +00:00
PikPikcU aa7420713b
Create CVE-2021-3019.yaml 2021-01-30 12:22:35 +00:00
PD-Team 865c778d4b few updates 2021-01-29 23:35:27 +05:30
pudsec 5e7ae851f1 Added CVE-2021-22873 2021-01-24 19:37:25 +08:00