bauthard
e67853ce9d
Merge pull request #228 from harsh-bothra/patch-11
...
Create CVE-2017-6361.yaml
2020-07-10 14:22:29 +05:30
bauthard
2a37e53ed4
Update CVE-2017-6360.yaml
2020-07-10 14:19:05 +05:30
bauthard
2bc59cd709
Update CVE-2017-6361.yaml
2020-07-10 14:17:33 +05:30
bauthard
f5b2e1b794
Update CVE-2017-7529.yaml
2020-07-10 13:51:33 +05:30
Florian Pfitzer
965e5947cd
improve CVE-2017-7529 detection
2020-07-09 13:12:36 +02:00
Harsh Bothra
aa2fa6a6c2
Create CVE-2017-6361.yaml
...
Command Injection in authLogin.cgi 'reboot_notice_msg'
2020-07-09 12:40:32 +05:30
Harsh Bothra
704fb54ecc
Create CVE-2017-6360.yaml
...
Command Injection in userConfig.cgi cloudPersonalSmtp 'hash'
2020-07-09 12:37:53 +05:30
dw1
10592308d3
🔨 Fix false-positives - CVE-2018-20824
2020-07-09 03:47:36 +07:00
dw1
0ab076bf9a
🔨 Update matchers causes false-positives - CVE-2020-8115
2020-07-09 03:22:44 +07:00
dw1
3206089f45
🔨 Update payload due to false-positives - CVE-2020-13167
2020-07-09 03:02:14 +07:00
bauthard
eb87a5ddb8
Removing CVE-2018-6389
...
as it's an invalid issue.
2020-07-08 23:16:18 +05:30
bauthard
c47a4d881d
Merge pull request #215 from harsh-bothra/patch-8
...
Create CVE-2019-3396.yaml
2020-07-08 23:11:43 +05:30
bauthard
441cdd039d
Update CVE-2019-3396.yaml
2020-07-08 23:10:14 +05:30
bauthard
db19560721
Update CVE-2020-10199.yaml
2020-07-08 22:51:50 +05:30
Aditya Soni
849ac3599d
Create CVE-2020-10199.yaml
2020-07-08 20:41:50 +05:30
Ice3man543
ed4e9e7feb
Fixed default condition OR to AND in false-positives
2020-07-08 17:08:57 +05:30
bauthard
f2bfdbfb9f
Merge pull request #216 from secureITmania/secureITmania-patch-1
...
Update CVE-2020-9757 logic
2020-07-08 15:19:51 +05:30
bauthard
7044a9116c
Update CVE-2020-5284.yaml
2020-07-08 14:15:47 +05:30
bauthard
38bc600e99
Update CVE-2020-5284.yaml
2020-07-08 14:15:18 +05:30
bauthard
336bac5e1a
Merge pull request #219 from dwisiswant0/add-cves-and-workflows
...
Add CVE-2020-13167, CVE-2020-7209 & Workflows
2020-07-08 09:46:45 +05:30
dw1
577e3cb429
📝 Remove trailing spaces
2020-07-08 02:55:24 +07:00
dw1
b0aec24951
🔥 Add LinuxKI Toolset RCE - CVE-2020-7209
2020-07-08 02:28:16 +07:00
dw1
5f42e15fcb
🔥 Add Netsweeper WebAdmin PreAuth RCE - CVE-2020-13167
2020-07-08 02:26:15 +07:00
secureITmania
cc260b27b0
Update CVE-2020-9757.yaml
...
template logic changed
2020-07-07 14:09:32 +05:30
Harsh Bothra
ab6bfa0107
Create CVE-2019-3396.yaml
...
Atlassian Confluence Path Traversal/RCE
2020-07-07 12:54:27 +05:30
bauthard
d58fb83331
Merge pull request #214 from harsh-bothra/patch-6
...
Create CVE-2019-17382.yaml
2020-07-07 11:56:49 +05:30
bauthard
5cfdcf0064
adding matchers-condition
...
when we are looking to match two condition, we should add matchers-condition, as the default check is OR which will results into false positive results.
2020-07-07 11:56:01 +05:30
bauthard
0a207f55cc
Update CVE-2020-10204.yaml
2020-07-07 11:49:48 +05:30
Harsh Bothra
76745f7dcb
Create CVE-2019-17382.yaml
...
Zabbix Authentication Bypass to access Dashboard
2020-07-07 09:47:27 +05:30
Aditya Soni
9c8104f937
Create CVE-2020-10204.yaml
2020-07-07 01:54:18 +05:30
bauthard
2499aaa0a6
Update CVE-2018-1247.yaml
2020-07-07 00:37:01 +05:30
bauthard
24eafa3648
updated matcher
2020-07-07 00:34:27 +05:30
bauthard
ebb2f1f3ac
Merge pull request #210 from harsh-bothra/patch-5
...
Create CVE-2018-11759.yaml
2020-07-06 22:44:05 +05:30
bauthard
ba2fe4bf75
Update CVE-2018-11759.yaml
2020-07-06 22:43:45 +05:30
bauthard
1714fa6674
Merge pull request #209 from harsh-bothra/patch-4
...
Create CVE-2020-5405.yaml
2020-07-06 22:41:09 +05:30
bauthard
8362fb3dc2
Update CVE-2020-5405.yaml
2020-07-06 22:40:05 +05:30
bauthard
63289fb700
Merge pull request #205 from dwisiswant0/update-cve-2020-5902
...
Update RAW payloads due to can't use helper function - CVE-2020-5902
2020-07-06 22:19:31 +05:30
Harsh Bothra
8b4cf6bd46
Create CVE-2018-11759.yaml
...
Apache Tomcat JK Status Manager Access
2020-07-06 21:58:42 +05:30
Harsh Bothra
ebcf1ec0f6
Create CVE-2020-5405.yaml
...
Spring Cloud Directory Traversal
2020-07-06 21:52:18 +05:30
Techbrunch
59661b1eb6
Update CVE-2019-8451.yaml
...
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
Techbrunch
3a44d74762
Create CVE-2019-8451.yaml
...
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.
# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00
dw1
d19f00bf82
❌ Update RAW payloads due to can't use helper function
2020-07-06 21:45:44 +07:00
bauthard
8ef6e99ab3
Merge pull request #200 from dwisiswant0/update-cve-2020-5902
...
Update CVE-2020-5902 matchers & requests
2020-07-06 19:15:28 +05:30
dw1
2479e51afb
📝 Fix indentation on RAW requests
2020-07-06 18:28:20 +07:00
dw1
f4da7bec43
🔨 Update CVE-2020-5902 matchers & requests to reduce false-positive results
2020-07-06 18:14:01 +07:00
bauthard
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
bauthard
295f836a39
updated condition
2020-07-06 13:54:03 +05:30
SaN ThosH
dfe6244c7e
Update CVE-2020-5902.yaml
2020-07-05 21:51:24 +05:30
SaN ThosH
0fe4c5ee3d
Update CVE-2020-5902.yaml
2020-07-05 21:47:48 +05:30
SaN ThosH
4f63a86229
Update CVE-2020-5902.yaml
2020-07-05 21:45:24 +05:30
SaN ThosH
06388ed981
Create CVE-2018-3714.yaml
...
https://hackerone.com/reports/309124
2020-07-05 21:19:09 +05:30
SaN ThosH
193d536685
CVE-2020-5902 F5 BIG-IP TMUI
...
Version:
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
2020-07-05 13:41:58 +05:30
dw1
695afb7a96
✏️ Rename to CVE-2019-16759
2020-07-05 14:20:36 +07:00
dw1
40e627d9db
🔨 Escaping payload - CVE-2020-7961
2020-07-04 23:29:12 +07:00
dw1
56e21957a3
🔨 Update payload & matchers - CVE-2020-7961
2020-07-04 22:55:40 +07:00
med pro
c40cd5259f
Create CVE-2019-15043.yaml
2020-07-04 14:05:56 +01:00
dw1
fc3bc06f65
🔥 Add SEOmatic SSTI (CVE-2020-9757)
2020-07-04 00:56:51 +07:00
dw1
53a9952dc7
🔥 Add Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read (CVE-2020-8982)
2020-07-04 00:56:16 +07:00
dw1
b427cfc641
🔥 TYPO3 XSS (CVE-2020-8091)
2020-07-04 00:55:17 +07:00
dw1
919d657c41
🔥 Add Liferay Portal Unauthenticated RCE (CVE-2020-8982)
2020-07-04 00:54:34 +07:00
dw1
5756349c14
⚡ Add Apache Tomcat RCE by deserialization - CVE-2020-9484
2020-07-03 12:39:02 +07:00
dw1
caf833c28e
🔧 Fix for false-positive CVE-2018-16341 results
2020-07-02 17:45:29 +07:00
bauthard
14494ba4d3
Update CVE-2019-8449.yaml
2020-07-02 15:36:11 +05:30
bauthard
906e6e918d
Update CVE-2017-7529.yaml
2020-06-30 16:54:48 +05:30
Harsh Bothra
dbaa71a763
Create CVE-2017-7529.yaml
...
Remote Integer Overflow in Nginx allows an attacker to extract sensitive information from memory buffer by triggering specially crafted requests.
2020-06-30 16:44:33 +05:30
bauthard
2f59c74b28
Update CVE-2019-8449.yaml
2020-06-30 16:31:20 +05:30
bauthard
fc95489690
Update CVE-2019-8449.yaml
2020-06-30 16:13:35 +05:30
Harsh Bothra
d6027b67d2
Create CVE-2019-8449.yaml
...
CVE-2019-8449 which allows an Unauthenticated Attacker to enumerate all the users and their information such as Username, Avatars, Emails, Keys, etc.
Reference - https://www.doyler.net/security-not-included/more-jira-enumeration
2020-06-30 16:06:15 +05:30
bauthard
ba30333045
updating trailing space
2020-06-30 15:55:45 +05:30
Harsh Bothra
53a47cc1bc
Create CVE-2018-11409.yaml
...
CVE-2018-11409 allows an unauthenticated user to get sensitive information such as license key from a Splunk instance by appending /__raw/services/server/info/server-info?output_mode=json to a query.
2020-06-30 15:49:43 +05:30
bauthard
b9ea4ecaf3
Update CVE-2020-12720.yaml
2020-06-30 02:04:13 +05:30
bauthard
c718848a88
Update CVE-2020-8512.yaml
2020-06-30 01:59:13 +05:30
bauthard
01378933c6
Update CVE-2020-12720.yaml
2020-06-29 19:25:45 +05:30
bauthard
75e2166cc5
updating CVE-2020-12720
2020-06-29 19:24:56 +05:30
bauthard
084a745600
added CVE-2020-8512
2020-06-26 09:14:54 +05:30
bauthard
2d56871bd0
Update CVE-2019-3799.yaml
2020-06-23 03:22:51 +05:30
bauthard
2d8efb04ba
Update CVE-2018-20824.yaml
2020-06-23 03:21:54 +05:30
bauthard
d8a79274ae
Update CVE-2018-19439.yaml
2020-06-23 03:17:00 +05:30
bauthard
b7103a2197
Pushing newly added cves
2020-06-22 19:05:37 +05:30
bauthard
32d9373273
adding more path with recent PR
2020-06-22 03:50:29 +05:30
bauthard
3b3ab42984
Merge pull request #144 from maverickNerd/master
...
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config
2020-06-18 16:48:30 +05:30
Sachin Grover
68450463c2
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config Server
2020-06-18 10:16:29 +00:00
bauthard
48e9534630
Removing CVE-2020-7473
...
I will try to find a more stable syntax and will add it again.
2020-06-18 00:00:00 +05:30
Sachin Grover
fea47dd3f5
Add CVE-2018-1000129 and version detection is enabled for port 8080 also
2020-06-17 09:18:49 +00:00
Aditya Soni
d72794b4d8
Create CVE-2018-1271.yaml
2020-06-03 06:23:25 +05:30
Fabian Affolter
d3b7f6b54c
Update syntax
2020-05-25 09:49:06 +02:00
bauthard
5d5647b05e
updated CVE-2019-5418
2020-05-24 03:55:32 +00:00
bauthard
999fbd9daf
updating severity
2020-05-24 09:20:13 +05:30
Andrea
c0bf01de1a
improve wp cve admin
2020-05-23 10:09:09 +02:00
Andrea
4132f3d7af
Merge remote-tracking branch 'upstream/master'
2020-05-23 10:08:02 +02:00
bauthard
7a6e1d181b
added CVE-2020-12720 vBulletin SQLI
2020-05-22 03:24:16 +05:30
bauthard
4a33940a37
Added CVE-2020-12720 vBulletin SQLI
2020-05-22 03:17:20 +05:30
Regala
03e957b0df
Update CVE-2020-7473.yaml
2020-05-19 13:55:49 +01:00
Regala
a2433d86a4
Update CVE-2020-7473.yaml
...
Updated to support 2xx and 3xx status code, as well as accepting redirects just in case.
2020-05-19 11:45:31 +01:00
Regala
5316f5dbcc
Update CVE-2020-7473.yaml
...
This is to avoid false positives. I think it would be better to only match 2xx and 3xx status code (don't know if nuclei supports this terminology)
2020-05-18 11:14:04 +01:00
bauthard
601b3c086d
Merge pull request #87 from 73735/front-page-misconfig.yaml
...
Add front-page-misconfig.yaml
2020-05-16 15:38:39 +05:30
João Teles
7a37488076
Update CVE-2020-7473.yaml
...
Ready guys. Now the template will check for size. I didn't implement the "HEAD" method because the nuclei is not supported.
2020-05-15 20:59:23 -03:00
Nadino92
7b88d4258e
adding 2 cves and crxde
2020-05-14 19:54:02 +02:00
bauthard
0d5b682e94
updating cve names
2020-05-08 18:40:02 +00:00
Andrea
fc797a94e1
fix crash for {{
2020-05-08 18:31:59 +02:00
Michael Blake
339ac74114
Prevent false-positives for CVE-2019-19368
2020-05-07 21:47:47 -07:00
Michael Blake
fe2efe6124
CVE-2019-14974 check and severity update
2020-05-07 21:45:25 -07:00
Joao Teles
d22d0745d2
Add CVE-2020-7473.yaml
2020-05-07 10:15:25 -03:00
organiccrap
413c126c29
pending pull
2020-04-22 14:42:01 +08:00
Prince Chaddha
dc58dc9f0d
Update CVE-2018-1247.yaml
2020-04-20 17:49:55 +05:30
bauthard
01d665867f
Update CVE-2019-8903.yaml
2020-04-15 17:38:14 +05:30
bauthard
7a676dc859
Update CVE-2020-5284.yaml
2020-04-15 17:36:26 +05:30
bauthard
1c6ae2caeb
Update CVE-2019-10475.yaml
2020-04-10 02:24:19 +05:30
bauthard
8314cf90b7
fixing the template
2020-04-10 02:15:42 +05:30
bauthard
4d5bdb15e4
updating temp
2020-04-10 01:51:15 +05:30
bauthard
50b1085603
updating matchers
2020-04-09 20:09:41 +05:30
bauthard
84c9d6581b
fixing the template
2020-04-09 18:32:30 +05:30
bauthard
cf61253752
Rename uWSGI PHP Plugin Directory Traversal.yaml to CVE-2018-7490.yaml
2020-04-08 22:15:03 +05:30
bauthard
71789aebc0
Rename totaljs-CVE-2019-8903.yaml to CVE-2019-8903.yaml
2020-04-08 22:13:39 +05:30
bauthard
5520abf86d
Rename nextjs-cve-2020-5284.yaml to CVE-2020-5284.yaml
2020-04-08 22:12:59 +05:30
bauthard
7461a3ab47
Rename cve-2019-19781.yaml to CVE-2019-19781.yaml
2020-04-08 22:10:31 +05:30
bauthard
f44cfef0dc
Rename jira-cve-2017-9506.yaml to CVE-2017-9506.yaml
2020-04-08 22:04:08 +05:30
bauthard
fea46895e3
updating file name for uniform structure
2020-04-08 22:02:49 +05:30
bauthard
1735b236d7
added to vulnerabilities section
2020-04-08 22:00:48 +05:30
bauthard
ea6f33f4a4
Update and rename Revive Adserver XSS.yaml to CVE-2020-8115.yaml
2020-04-08 21:52:47 +05:30
bauthard
96af25bc0a
Update and rename RSA Authentication Manager XSS.yaml to CVE-2018-1247.yaml
2020-04-08 21:47:23 +05:30
bauthard
6c961a5604
Update and rename Oracle WebCenter Sites XSS.yaml to CVE-2018-2791.yaml
2020-04-08 21:44:09 +05:30
bauthard
18c4ff7705
Delete Discourse XSS.yaml
2020-04-08 21:41:02 +05:30
bauthard
706f08e57f
Rename Atlassian Confluence Status-List XSS.yaml to CVE-2018-5230.yaml
2020-04-08 21:38:57 +05:30
bauthard
dc7a07563d
Merge pull request #19 from Mad-robot/master
...
new modules
2020-04-08 21:26:50 +05:30
OK
3d3ea4c66b
Merge pull request #1 from projectdiscovery/master
...
pull
2020-04-08 18:29:07 +03:00
OK
fa5055bee9
Rename cve-2019-5418.yaml to CVE-2019-5418.yaml
2020-04-08 18:07:38 +03:00
OK
e7ef65b4b2
Create cve-2019-5418.yaml
2020-04-08 18:07:10 +03:00
SaN ThosH
7a689dbdb8
Merge branch 'master' into master
2020-04-08 20:22:57 +05:30
bauthard
494b356f8c
updating this to avoid f/p result.
2020-04-08 20:12:57 +05:30
SaN ThosH
84fc5f1257
Update Revive Adserver XSS.yaml
2020-04-08 18:55:45 +05:30
SaN ThosH
9dff8ab9d3
Update Discourse XSS.yaml
2020-04-08 18:55:30 +05:30
SaN ThosH
e12987548f
Update CVE-2020-2096.yaml
2020-04-08 18:55:23 +05:30
SaN ThosH
2b54b5149b
Update CVE-2019-19908.yaml
2020-04-08 18:54:57 +05:30
SaN ThosH
b676c85a9d
Update CVE-2019-19368.yaml
2020-04-08 18:54:48 +05:30
SaN ThosH
1c5528d28c
Update CVE-2019-14974.yaml
2020-04-08 18:54:36 +05:30
SaN ThosH
9087aaabce
Update CVE-2019-10475.yaml
2020-04-08 18:54:27 +05:30
SaN ThosH
c23384528b
Update Atlassian Confluence Status-List XSS.yaml
2020-04-08 18:54:03 +05:30
SaN ThosH
317d2d2b5d
Delete CVE-2019-19781.yaml
2020-04-08 18:53:20 +05:30
SaN ThosH
40fa1d414f
Update Revive Adserver XSS.yaml
2020-04-08 18:51:47 +05:30
SaN ThosH
891a6385dc
Update Discourse XSS.yaml
2020-04-08 18:51:22 +05:30
SaN ThosH
b295325f72
Update CVE-2020-2096.yaml
2020-04-08 18:51:01 +05:30
SaN ThosH
8784b1c431
Update CVE-2019-19908.yaml
2020-04-08 18:50:50 +05:30
SaN ThosH
95f0d1e114
Update CVE-2019-19368.yaml
2020-04-08 18:50:31 +05:30
SaN ThosH
bd0f906da3
Update CVE-2019-14974.yaml
2020-04-08 18:50:23 +05:30
SaN ThosH
9ab630ae08
Update CVE-2019-10475.yaml
2020-04-08 18:47:20 +05:30
SaN ThosH
47385eceb7
Update Atlassian Confluence Status-List XSS.yaml
2020-04-08 18:46:19 +05:30
SaN ThosH
144f20ed64
Create CVE-2019-19368.yaml
2020-04-08 18:35:45 +05:30
SaN ThosH
0e1b6cf9d5
Create CVE-2019-19908.yaml
2020-04-08 18:34:46 +05:30
SaN ThosH
88a12cad86
Create CVE-2019-19781.yaml
2020-04-08 18:26:47 +05:30
SaN ThosH
8f82a06c68
Create CVE-2019-14974.yaml
2020-04-08 18:19:45 +05:30
SaN ThosH
77137877b3
Create CVE-2019-10475.yaml
2020-04-08 18:11:36 +05:30
SaN ThosH
4b18712ba2
Update CVE-2018-14728.yaml
2020-04-08 18:05:22 +05:30
SaN ThosH
803b5441a8
Create CVE-2018-14728.yaml
2020-04-08 18:04:50 +05:30
SaN ThosH
a8e4e44c87
Create uWSGI PHP Plugin Directory Traversal.yaml
2020-04-08 17:24:50 +05:30
SaN ThosH
e612c868c8
Create Discourse XSS.yaml
2020-04-08 17:17:44 +05:30
SaN ThosH
167f73c177
Update Twig PHP <2.4.4 template engine - SSTI.yaml
2020-04-08 17:14:13 +05:30
SaN ThosH
aafd628da5
Update Oracle WebCenter Sites XSS.yaml
2020-04-08 17:13:51 +05:30
SaN ThosH
b5d0cbbe02
Create Twig PHP <2.4.4 template engine - SSTI.yaml
2020-04-08 17:12:17 +05:30
SaN ThosH
f6661aa84c
Create Oracle WebCenter Sites XSS.yaml
2020-04-08 17:07:09 +05:30
SaN ThosH
15000e1738
Create Wavemaker Studio 6.6 LFI&SSRF.yaml
2020-04-08 17:04:01 +05:30
SaN ThosH
f8b1bb4db8
Create RSA Authentication Manager XSS.yaml
2020-04-08 16:58:58 +05:30
SaN ThosH
7965a3c544
Create Revive Adserver XSS.yaml
2020-04-08 16:57:13 +05:30
SaN ThosH
bf7b49b974
Create Atlassian Confluence Status-List XSS.yaml
2020-04-08 16:55:25 +05:30
SaN ThosH
d4363e6937
Update totaljs-CVE-2019-8903.yaml
2020-04-08 16:47:49 +05:30
SaN ThosH
5eda31240e
Create CVE-2020-2096.yaml
2020-04-08 16:29:57 +05:30
SaN ThosH
afc0c707e3
Update totaljs-CVE-2019-8903.yaml
2020-04-08 14:15:44 +05:30
SaN ThosH
21f9a8685e
Create CVE-2019-12314.yaml
2020-04-08 14:03:39 +05:30
SaN ThosH
dbd54bb413
Create totaljs-CVE-2019-8903.yaml
2020-04-08 13:06:36 +05:30
organiccrap
86208273d7
citrix cve-2019-19781
2020-04-06 06:27:04 +08:00
Harsh Jaiswal
b1cc565e40
Update nextjs-cve-2020-5284.yaml
2020-04-06 00:04:33 +05:30
rootxharsh
91ace5dba0
Nextjs CVE-2020-5284
2020-04-05 18:24:33 +00:00
$root: Whoami
3c22372fe2
Update CVE-2018-3760.yaml
2020-04-05 23:44:41 +05:30
$root: Whoami
d20aaae0fd
CVE-2018-3760 Rails
...
Sprockets<=3.7.1
2020-04-05 23:31:09 +05:30
Ice3man543
229ea11e8b
Added templates
2020-04-04 23:49:48 +05:30