sandeep
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
Sandeep Singh
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
sandeep
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
sandeep
809668943f
minor changes
2021-06-24 23:54:29 +05:30
wyatt
16e5ad7fad
The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now
2021-06-24 13:37:45 -04:00
PikPikcU
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
GwanYeong Kim
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
GwanYeong Kim
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
sandeep
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
lulz
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
lulz
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
Sandeep Singh
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
lulz
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
Noam Rathaus
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
Sandeep Singh
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
sandeep
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
sandeep
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
Sandeep Singh
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
Prince Chaddha
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
Noam Rathaus
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
Dwi Siswanto
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00
Sandeep Singh
bfbd3ccdac
Merge pull request #1656 from Akokonunes/patch-4
...
Create CVE-2021-24237.yaml
2021-06-16 01:56:39 +05:30
sandeep
5cff973564
Added tags
2021-06-16 01:02:21 +05:30
sandeep
c36419c94c
Added CVE-2021-28854
2021-06-16 01:01:01 +05:30
Noam Rathaus
b5bdac494b
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates
2021-06-13 09:54:52 +03:00
Prince Chaddha
3779eb70e0
Moved template to cves folder
2021-06-11 16:48:05 +05:30
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
sandeep
ccdb667d3b
YML to YAML
2021-06-09 14:42:14 +05:30
sandeep
1299ae621f
Update CVE-2021-28164.yml
2021-06-09 14:39:19 +05:30
sandeep
eef5158207
Update CVE-2021-28164.yml
2021-06-09 14:38:12 +05:30
sandeep
23cb4c4d9f
moving files around
2021-06-09 14:37:40 +05:30
sandeep
0cdfd0468f
Update CVE-2021-24285.yaml
2021-06-09 04:01:21 +05:30
sandeep
2953942c3c
Added CVE-2021-24285
2021-06-09 03:13:23 +05:30
sandeep
8e13733d34
moving files around
2021-06-04 16:30:31 +05:30
Prince Chaddha
5269cc1c87
Update CVE-2021-22122.yaml
2021-06-02 13:17:00 +05:30
root
2678721174
Added new path for CVE-2021-22122.yaml
2021-06-02 00:06:20 +01:00
sandeep
19b73df6be
Update CVE-2021-21985.yaml
2021-05-31 19:44:44 +05:30
sandeep
633644b159
Added CVE-2021-21985
2021-05-31 19:20:59 +05:30
0xsapra
0d8c5607cb
CVE-2021-33564.yaml
2021-05-29 02:33:38 +05:30
sandeep
26fc5c2dfa
Added CVE-2021-27850
2021-05-21 09:04:16 +05:30
Geeknik Labs
67bf4fab3c
Update CVE-2021-29622.yaml
2021-05-20 13:14:28 +00:00
Geeknik Labs
dde1e5e736
Create CVE-2021-29622.yaml
2021-05-20 13:13:18 +00:00
Sandeep Singh
78abf0d8a2
Merge pull request #1480 from nrathaus/master
...
Changes to reference and description
2021-05-17 21:54:41 +05:30
Geeknik Labs
0cf6e5507e
Update and rename cves/2021/CVE-2021-31800.yaml to cves/2014/CVE-2014-3744.yaml
2021-05-17 13:18:10 +00:00
Sandeep Singh
c0d13a6def
Merge pull request #1475 from Ganofins/patch-3
...
Create CVE-2021-24176.yaml
2021-05-16 22:15:39 +05:30
sandeep
1d9cdf949b
Update CVE-2021-24176.yaml
2021-05-16 22:12:33 +05:30
Noam Rathaus
dbdf6e8b6e
Better description
2021-05-16 15:53:51 +03:00
sandeep
e46fcb9e9a
Adding CVE-2021-27651
2021-05-16 15:10:08 +05:30
Ganesh Bagaria
4170b2d3e3
Create CVE-2021-24176.yaml
2021-05-16 12:59:32 +05:30
Prince Chaddha
5e2eaaf7a7
Update CVE-2021-31800.yaml
2021-05-16 02:16:34 +05:30
Geeknik Labs
4e1c4986f8
Create CVE-2021-31800.yaml
2021-05-15 18:56:07 +00:00
sandeep
7b4d736b94
Adding additional matcher
2021-05-14 22:15:50 +05:30
Geeknik Labs
77b95af240
Update CVE-2021-31537.yaml
2021-05-12 20:27:33 +00:00
Geeknik Labs
8365697de4
Update CVE-2021-31537.yaml
2021-05-12 20:25:22 +00:00
Geeknik Labs
7dcfccff74
Create CVE-2021-31537.yaml
2021-05-12 20:23:19 +00:00
sandeep
988d09e2de
Added CVE-2021-28073
2021-05-07 20:30:23 +05:30
sandeep
c56111663f
Added CVE-2021-30461
2021-05-07 18:00:10 +05:30
Sandeep Singh
cee291e366
Merge pull request #1419 from dwisiswant0/add/GHSL-2020-325
...
Hotfix: Update operator
2021-05-07 16:46:43 +05:30
Dwi Siswanto
1f5cbe507c
Update operator
2021-05-06 16:24:08 +07:00
Sandeep Singh
1198c7e724
Merge pull request #1382 from dwisiswant0/add/GHSL-2020-325
...
Add CVE-2021-29441
2021-05-05 18:26:10 +05:30
sandeep
22f123ff79
template update
2021-05-05 18:23:07 +05:30
Dwi Siswanto
d2ea9d2da0
Using Get configurations open API endpoint
2021-05-04 13:18:55 +07:00
Dwi Siswanto
3a51f45be5
Update description
2021-04-28 21:01:25 +07:00
Prince Chaddha
56d09dda92
Update CVE-2021-29442.yaml
2021-04-28 18:30:55 +05:30
Dwi Siswanto
64a45f2439
Add CVE-2021-29442
2021-04-28 12:01:34 +07:00
Dwi Siswanto
486103e0d4
Add CVE-2021-29441
2021-04-28 11:54:36 +07:00
sandeep
ee74145a98
template update
2021-04-23 15:38:41 +05:30
sandeep
76c08284ce
Adding more references
2021-04-23 14:21:15 +05:30
sandeep
c539514cdd
Update CVE-2021-27905.yaml
2021-04-23 14:18:51 +05:30
sandeep
33c9b30143
Template fix and minor updates
2021-04-23 14:14:49 +05:30
Dhiyaneshwaran
6ca4f1c5d2
Create CVE-2021-27905
2021-04-23 12:53:49 +05:30
sandeep
2f434d0440
Update CVE-2021-24146.yaml
2021-04-23 08:50:02 +05:30
sandeep
6cd5b9d35c
CVE update
2021-04-23 08:47:52 +05:30
sandeep
65b6c57e9f
Temporarily removing this template
2021-04-22 09:46:29 +05:30
sandeep
6cb0b89738
minor update
2021-04-21 12:46:44 +05:30
SaN ThosH
f91c579fb3
Update CVE-2021-28480.yaml
2021-04-21 12:24:19 +05:30
SaN ThosH
beb1ac700e
Update CVE-2021-28480.yaml
2021-04-21 02:51:05 +05:30
SaN ThosH
8e8ef1a0dd
Update CVE-2021-28480.yaml
2021-04-21 02:42:50 +05:30
SaN ThosH
5a8949554c
Create CVE-2021-28480.yaml
2021-04-21 02:34:10 +05:30
Sandeep Singh
954fe60b85
Merge pull request #1286 from geeknik/patch-66
...
Create CVE-2021-3374.yaml
2021-04-17 20:45:29 +05:30
sandeep
6bf828d61d
Update CVE-2021-28937.yaml
2021-04-16 02:21:48 +05:30
Geeknik Labs
aa2ac6471d
Update CVE-2021-28937.yaml
2021-04-15 20:31:01 +00:00
Geeknik Labs
e7a1fde388
Update CVE-2021-28937.yaml
2021-04-15 20:24:24 +00:00
Geeknik Labs
6edf8c3a8b
Create CVE-2021-28937.yaml
2021-04-15 20:20:27 +00:00
Geeknik Labs
a6417c6fa5
Update CVE-2021-3374.yaml
2021-04-14 23:54:48 +00:00
Geeknik Labs
de7321344f
Create CVE-2021-3374.yaml
2021-04-14 20:56:03 +00:00
sandeep
b0b45dd599
Update CVE-2021-30151.yaml
2021-04-11 17:51:41 +05:30
Prince Chaddha
43e59a577e
Update CVE-2021-30151.yaml
2021-04-11 01:00:49 +05:30
Prince Chaddha
4c9cbc1692
Update CVE-2021-30151.yaml
2021-04-11 00:57:38 +05:30
Dhiyaneshwaran
1692ef1821
Update CVE-2021-30151.yaml
2021-04-10 23:47:02 +05:30
Dhiyaneshwaran
1e0b6ea383
Update CVE-2021-30151.yaml
2021-04-10 23:43:37 +05:30
Dhiyaneshwaran
3e3db1c972
Update CVE-2021-30151.yaml
2021-04-10 23:37:38 +05:30
Dhiyaneshwaran
e87a0671ee
Create CVE-2021-30151.yaml
2021-04-10 22:58:27 +05:30
Noam Rathaus
989ee9d9dd
Spelling
2021-04-06 13:38:03 +03:00
Dwi Siswanto
c2c7c9b0c2
Add header matcher
2021-04-02 07:17:18 +07:00
Dwi Siswanto
efae3ccd11
Update vulnerable paths
2021-04-02 07:11:37 +07:00
Dwi Siswanto
bb33d0597b
Update routes
2021-04-02 05:28:27 +07:00
Dwi Siswanto
029706a939
Add more vulnerable path
2021-04-02 05:17:29 +07:00
Dwi Siswanto
79c0046596
Update severity
2021-04-02 05:17:07 +07:00
Dwi Siswanto
ad69b05f11
🔥 Add CVE-2021-21402
2021-04-02 05:16:53 +07:00
sandeep
570cc1a220
Update CVE-2021-21975.yaml
2021-03-31 22:45:42 +05:30
sandeep
063d685ac5
Update CVE-2021-21975.yaml
2021-03-31 06:27:33 +05:30
sandeep
94a4c87c3f
safe matcher
2021-03-31 06:22:10 +05:30
daemonum
8f7e7cba24
Add CVE-2021-21975
2021-03-31 02:43:36 +03:00
Noam Rathaus
66f141f733
Better reference
2021-03-25 12:08:15 +02:00
PD-Team
5d8bf70470
Merge pull request #1137 from nrathaus/master
...
Description and References on some templates were missing
2021-03-24 23:02:15 +05:30
SaN ThosH
bc5ab99237
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
8e781f97d0
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
sandeep
7a8d56ee65
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
sandeep
635cc7fae7
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
9987dc0c36
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
33e3fac8da
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
c55a72a168
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
38daf751a3
Update CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
SaN ThosH
3876cb6b55
Create CVE-2021-26295.yaml
2021-03-24 22:57:35 +05:30
Noam Rathaus
93bc3a76b1
Better references and description
2021-03-24 08:48:11 +02:00
sandeep
ca66fa321b
Update CVE-2021-22986.yaml
2021-03-22 18:21:42 +05:30
sandeep
339077ff43
misc fixes
2021-03-22 01:19:30 +05:30
sandeep
d021e2084e
Update CVE-2021-22986.yml
2021-03-21 21:48:27 +05:30
Rahul Maini
71886cb8ca
Adding F5 BIG-IP iControl REST Pre-Auth RCE
2021-03-21 20:08:00 +04:00
sandeep
ad84ecb792
tag improvements
2021-03-18 13:24:36 +05:30
PD-Team
110617aa03
Merge pull request #961 from Mad-robot/master
...
CVE-2021-25281 wheel_async unauth access
2021-03-13 21:19:16 +05:30
sandeep
06945d56a8
fixing typos
2021-03-10 19:33:49 +05:30
Noam Rathaus
d6c3028f60
Spelling mistake
2021-03-10 13:49:34 +02:00
PD-Team
0161c03b65
Merge pull request #1027 from dwisiswant0/add/cves/2021/CVE-2021-21978
...
Add CVE-2021-21978
2021-03-10 01:56:23 +05:30
Noam Rathaus
d04f747147
Spelling mistake in the parameter
2021-03-08 16:17:59 +02:00
sandeep
3f840d0783
minor update
2021-03-08 19:41:41 +05:30
sandeep
3c01c4df56
minor fix
2021-03-08 13:43:06 +05:30
aron
0c761a2e85
No need for internet connection and leak to burp
2021-03-08 08:55:22 +01:00
sandeep
855da4abcd
Additional references
2021-03-06 16:25:24 +05:30
sandeep
c6deb0c2fc
misc changes
2021-03-06 13:04:26 +05:30
SaN ThosH
61327f4d96
Update CVE-2021-26855.yaml
2021-03-06 13:02:30 +05:30
SaN ThosH
9ac013952d
Update CVE-2021-26855.yaml
2021-03-06 12:46:45 +05:30
SaN ThosH
d12120355c
Update CVE-2021-26855.yaml
2021-03-06 12:37:41 +05:30
SaN ThosH
55e4c5d32e
Create CVE-2021-26855.yaml
2021-03-06 12:30:59 +05:30
Dwi Siswanto
df24aca916
✏️ Fix misspelling of 'image' in content-type
2021-03-05 15:29:13 +07:00
Dwi Siswanto
b2e4914f98
🔥 Add CVE-2021-21978
2021-03-05 15:27:05 +07:00
sandeep
1a652283db
Update CVE-2021-21315.yaml
2021-03-04 20:28:32 +05:30
PD-Team
db15888b10
Merge pull request #998 from pikpikcu/patch-102
...
Create CVE-2021-21315
2021-03-04 20:27:55 +05:30
sandeep
7c32ecd13e
improved matcher
2021-03-04 20:25:34 +05:30
sandeep
6f9c901ca7
misc updates
2021-03-03 11:58:28 +05:30
PikPikcU
a236c53d68
Update CVE-2021-21315.yaml
2021-03-03 00:43:48 +07:00
PD-Team
883bfacbdd
Merge pull request #993 from geeknik/patch-43
...
Create CVE-2021-27132.yaml
2021-03-02 21:45:35 +05:30
PikPikcU
723ea55285
Create CVE-2021-21315.yaml
2021-03-02 11:02:08 +00:00
sandeep
c56ba05165
Update CVE-2021-27330.yaml
2021-03-02 14:20:19 +05:30
sandeep
5b690a9003
improving matcher
2021-03-02 12:36:11 +05:30
Geeknik Labs
15f52ad586
Update CVE-2021-27132.yaml
...
omg typo
2021-03-01 20:34:15 +00:00
Geeknik Labs
9a598c5335
Update CVE-2021-27132.yaml
2021-03-01 14:17:25 +00:00
Geeknik Labs
a07d7bca4e
Create CVE-2021-27132.yaml
2021-03-01 14:15:30 +00:00
PikPikcU
da44a0face
Create CVE-2021-27330.yaml
2021-03-01 11:46:14 +00:00
PD-Team
2b1c3aa29c
Merge pull request #985 from dwisiswant0/add/cves/2021/CVE-2021-3378
...
Add FortiLogger Unauthenticated Arbitrary File Upload
2021-03-01 14:20:36 +05:30
sandeep
bea2bfee01
Added complete poc
2021-03-01 14:15:16 +05:30
sandeep
f0e0bcfd04
Update CVE-2021-3378.yaml
2021-03-01 12:50:00 +05:30
sandeep
4a4c9c3437
misc update
2021-03-01 12:27:18 +05:30
Dwi Siswanto
bb60b70454
🔨 Add missing matchers-condition
2021-03-01 07:33:25 +07:00
Dwi Siswanto
998216b8c0
🔥 Add CVE-2021-3378
2021-03-01 07:32:59 +07:00
sandeep
530658c9da
Update CVE-2021-3129.yaml
2021-02-27 23:56:53 +05:30
sandeep
6cb87158a7
improved matcher
2021-02-27 23:54:39 +05:30
sandeep
705b0d05f3
Update CVE-2021-3129.yaml
2021-02-27 18:31:48 +05:30
sandeep
dcd939ad97
Update CVE-2021-3129.yaml
2021-02-27 18:30:16 +05:30
sandeep
d6e5c4df85
Update CVE-2021-3129.yaml
2021-02-27 18:27:42 +05:30
sandeep
0781aa3d66
Adding CVE-2021-3129
2021-02-27 18:26:57 +05:30
sandeep
586d4c7e8d
Update CVE-2021-25281.yaml
2021-02-26 18:12:25 +05:30
sandeep
125f592c47
adding condition
2021-02-26 17:55:38 +05:30
SaN ThosH
c11420de46
Update CVE-2021-25281.yaml
2021-02-26 14:35:50 +05:30
SaN ThosH
d308f8734d
Update CVE-2021-25281.yaml
2021-02-26 14:32:59 +05:30
SaN ThosH
d719d890a0
Create CVE-2021-25281.yaml
2021-02-26 14:32:30 +05:30
Dwi Siswanto
6d514eee84
🔥 Add CVE-2021-21972
2021-02-25 07:37:02 +07:00
PikPikcU
e1768ccede
Added CVE-2021-26710 ( #822 )
...
* Created CVE-2021-26710 🔥
2021-02-09 18:28:32 +05:30
PikPikcU
cb926dc3b9
Added CVE-2021-26722 🔥 ( #821 )
2021-02-08 01:39:58 +05:30
PikPikcU
316f0d5daa
Added CVE-2021-26723 🔥 ( #819 )
2021-02-07 21:11:09 +05:30
PD-Team
00d26c0608
Added tags to cves 😎 ( #813 )
...
* Added tags to cves 😎
2021-02-06 01:14:41 +05:30
PD-Team
33ae9284e2
Update CVE-2021-22122.yaml
2021-02-04 19:43:13 +05:30
Dwi Siswanto
2cae0785ca
🔥 Add CVE-2021-22122
2021-02-04 20:33:19 +07:00
PD-Team
b33a15f3e2
Update CVE-2021-25646.yaml
2021-02-03 21:42:03 +05:30
PikPikcU
85db9df19d
CVE-2021-25646
2021-02-03 09:24:49 +00:00
PikPikcU
aa7420713b
Create CVE-2021-3019.yaml
2021-01-30 12:22:35 +00:00
PD-Team
865c778d4b
few updates
2021-01-29 23:35:27 +05:30
pudsec
5e7ae851f1
Added CVE-2021-22873
2021-01-24 19:37:25 +08:00