Commit Graph

11 Commits (e09bb5d47892b92e44fb6916c6959fc31a0d95e9)

Author SHA1 Message Date
MostInterestingBotInTheWorld c5a7d79f5a
Dashboard Content Enhancements (#4819)
Dashboard Content Enhancements
2022-07-26 09:45:11 -04:00
Sandeep Singh b59ff42aaf
additional reference to cves templates (#4395)
* additional reference to cves templates

* Update CVE-2006-1681.yaml

* Update CVE-2009-3318.yaml

* Update CVE-2009-4223.yaml

* Update CVE-2010-0942.yaml

* Update CVE-2010-0944.yaml

* Update CVE-2010-0972.yaml

* Update CVE-2010-1304.yaml

* Update CVE-2010-1308.yaml

* Update CVE-2010-1313.yaml

* Update CVE-2010-1461.yaml

* Update CVE-2010-1470.yaml

* Update CVE-2010-1471.yaml

* Update CVE-2010-1472.yaml

* Update CVE-2010-1474.yaml

* removed duplicate references

* misc fix

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com>
2022-05-17 14:48:12 +05:30
forgedhallpass 209538baa6 refactor: Description field uniformization
* info field reorder
* reference values refactored to list
* added new lines after the id and before the protocols
* removed extra new lines
* split really long descriptions to multiple lines (part 1)
* other minor fixes
2022-04-22 13:38:41 +03:00
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
sandeep 767f173f88 minor updates 2021-07-10 18:45:09 +05:30
GwanYeong Kim 3bf1c929ed Create Hongdian Vulnerability
CVE-2021-28149 : Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.

CVE-2021-28150 : Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

CVE-2021-28151 : Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-10 21:16:35 +09:00