3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
...
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
d151d60ced
Update favicon-detection.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:38:03 +09:00
aae443949f
Create targa-camera-ssrf.yaml
...
Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 16:02:58 +09:00
5778ee8eda
Create targa-camera-lfi.yaml
...
The ANPR camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the Download Archive in Storage page using get_file.php script is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks and aid the attacker to disclose clear-text credentials resulting in authentication bypass.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-24 15:54:02 +09:00
f32521ad9d
Merge pull request #2113 from daffainfo/patch-92
...
Create CVE-2020-29227.yaml
2021-07-24 12:22:54 +05:30
af4081d0ec
Update CVE-2020-29227.yaml
2021-07-24 12:17:56 +05:30
956eb6691f
Update CVE-2020-29227.yaml
2021-07-24 12:16:30 +05:30
f40aca136b
Update CVE-2020-29227.yaml
2021-07-24 12:15:24 +05:30
bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
...
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
ac45802ef5
Update kevinlab-bems-sqli.yaml
2021-07-24 12:10:46 +05:30
2631f55550
Update kevinlab-bems-backdoor.yaml
2021-07-24 12:07:27 +05:30
9a46592f71
Update kevinlab-bems-sqli.yaml
2021-07-24 11:59:35 +05:30
87b4c2e98b
Update kevinlab-bems-sqli.yaml
2021-07-24 11:47:05 +05:30
406dee74e8
Update kevinlab-device-detect.yaml
2021-07-24 11:42:39 +05:30
677c8b97dd
Merge pull request #2156 from gy741/rule-add-v36
...
Create CVE-2020-13117.yaml
2021-07-24 11:40:54 +05:30
31f62d59ce
Update CVE-2020-13117.yaml
2021-07-24 11:39:47 +05:30
63c48c7712
Merge pull request #2152 from daffainfo/patch-100
...
Create CVE-2011-3315.yaml
2021-07-24 11:36:58 +05:30
b4c25f41cb
Merge pull request #2153 from daffainfo/patch-101
...
Create CVE-2013-5528.yaml
2021-07-24 11:36:34 +05:30
a2787a379d
Update CVE-2011-3315.yaml
2021-07-24 11:35:35 +05:30
d3a6f527c8
Merge pull request #2159 from andysvints/glpi-default-creds
...
Add GLPI default credentials check template
2021-07-24 11:34:00 +05:30
aa1be682a7
Update glpi-default-credential.yaml
2021-07-24 11:32:06 +05:30
07ed2eec19
Update glpi-default-credential.yaml
2021-07-24 10:54:35 +05:30
3bca104ff6
Merge pull request #2163 from daffainfo/patch-102
...
Create CVE-2012-4889.yaml
2021-07-24 10:30:21 +05:30
62ba69390c
Update CVE-2012-4889.yaml
2021-07-24 10:00:22 +05:30
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
dddd079706
Update CVE-2012-4889.yaml
2021-07-24 07:20:53 +07:00
f8033758a1
Create CVE-2012-4889.yaml
2021-07-24 07:18:30 +07:00
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
9617bc5815
matcher update
2021-07-24 03:25:22 +05:30
47ea40bc55
Update kevinlab-bems-backdoor.yaml
2021-07-24 03:17:53 +05:30
b1d8ab1193
more matchers update
2021-07-24 03:13:09 +05:30
1ea3b8a8bf
matcher updates
2021-07-24 03:03:31 +05:30
9788ebbf27
more matcher updates
2021-07-24 02:54:09 +05:30
19533bcc08
removed content type check to avoid valid matches
2021-07-24 02:53:11 +05:30
15b6a9eac4
Added CSRF handling
2021-07-24 02:49:55 +05:30
f0ae660728
Merge pull request #2149 from MaKyOtOx/patch-1
...
Create mantis-detect.yaml
2021-07-24 02:17:18 +05:30
ef0d5da7ce
Update mantis-detect.yaml
2021-07-24 02:16:22 +05:30
ebab9b8ae2
Update exposed-panels/mantis-detect.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 02:15:43 +05:30
2b4002f0f0
Merge pull request #2162 from geeknik/patch-9
...
Update nginx-config.yaml
2021-07-24 02:08:01 +05:30
4795c084e1
Update nginx-config.yaml
...
fixes a false positive
2021-07-23 15:18:51 -05:00
2788c9429f
matchers update
2021-07-24 01:03:06 +05:30
327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
a957dc230c
Update exposures/files/snyk-ignore-file-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:51:05 +05:30
96c78d8695
additional negative matcher
2021-07-24 00:39:30 +05:30
1f4f8ce332
matcher update
2021-07-24 00:30:53 +05:30
840d3ee4e3
Update github-workflows-disclosure.yaml
...
removing content type check as this might miss valid results with no content type in response
2021-07-24 00:26:56 +05:30
b346584002
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:25:13 +05:30
5f4127cdaf
Update exposures/files/ruby-on-rails-secret-token-disclosure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:45 +05:30
Muhammad Daffa
Prince Chaddha
GwanYeong Kim
Prince Chaddha
sandeep
Geeknik Labs