pussycat0x
153a00af52
Add files via upload
2021-11-05 13:45:21 +05:30
Pradeepch99
8c5987b2b2
Update CVE-2021-36260.yaml
2021-11-05 08:44:19 +05:30
ImNightmaree
acc8d46849
Updates "whoami" regex
...
Fixes #3060
2021-11-03 17:43:48 +00:00
GitHub Action
ba5d199dbb
Auto Generated CVE annotations [Tue Nov 2 20:23:01 UTC 2021] 🤖
2021-11-02 20:23:01 +00:00
sandeep
36bda42c27
misc update
2021-11-03 01:49:51 +05:30
Prince Chaddha
94c49907ce
Update CVE-2021-38704.yaml
2021-11-02 23:35:14 +05:30
Prince Chaddha
3541fb5754
Update CVE-2021-38704.yaml
2021-11-02 23:25:17 +05:30
Prince Chaddha
19ca42a3d6
Update CVE-2021-38704.yaml
2021-11-02 23:23:11 +05:30
Prince Chaddha
5e774b4e9b
Create CVE-2021-38704.yaml
2021-11-02 23:16:22 +05:30
Sandeep Singh
c2a167939e
Merge pull request #3031 from gy741/rule-add-v70
...
Create CVE-2021-31682.yaml
2021-10-31 17:09:29 +05:30
sandeep
fe6dbc8b4d
misc update
2021-10-31 16:56:16 +05:30
GitHub Action
4cc2a7a205
Auto Generated CVE annotations [Sat Oct 30 11:41:59 UTC 2021] 🤖
2021-10-30 11:41:59 +00:00
sandeep
8c3f98c767
fixed invalid template syntax
2021-10-30 16:47:35 +05:30
GwanYeong Kim
43629d5f49
Create CVE-2021-31682.yaml
...
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-30 19:36:29 +09:00
sandeep
9a7111c936
updating author details
2021-10-29 22:16:25 +05:30
sandeep
1fdf1ce10a
name update
2021-10-29 21:36:05 +05:30
sandeep
d6fbf8b35c
misc updates
2021-10-29 21:33:59 +05:30
GitHub Action
4236ca70b5
Auto Generated CVE annotations [Fri Oct 29 12:45:06 UTC 2021] 🤖
2021-10-29 12:45:07 +00:00
Dhiyaneshwaran
afbd8f0448
Create CVE-2021-20837.yaml
2021-10-29 18:13:32 +05:30
Sandeep Singh
ba04bc0d3a
Merge pull request #3022 from projectdiscovery/CVE-2021-36260
...
Added Hikvision RCE (CVE-2021-36260)
2021-10-29 17:09:01 +05:30
GitHub Action
b46d572636
Auto Generated CVE annotations [Fri Oct 29 10:29:18 UTC 2021] 🤖
2021-10-29 10:29:18 +00:00
sandeep
f635c80512
Adding metadata
2021-10-29 14:49:58 +05:30
sandeep
a451cfb48a
misc update
2021-10-29 14:24:20 +05:30
sandeep
8f4a90f33a
Added Hikvision RCE (CVE-2021-36260)
2021-10-29 13:47:09 +05:30
Prince Chaddha
3aadf53a95
Merge pull request #3014 from Mad-robot/patch-2
...
Create CVE-2021-42566.yaml
2021-10-29 00:29:05 +05:30
Prince Chaddha
e58e1ef96d
Update CVE-2021-42566.yaml
2021-10-29 00:25:45 +05:30
Prince Chaddha
7f9490d762
Update CVE-2021-42565.yaml
2021-10-29 00:25:12 +05:30
Prince Chaddha
263fb400e9
Update CVE-2021-42566.yaml
2021-10-29 00:22:29 +05:30
SaN ThosH
ca73e75974
Create CVE-2021-42566.yaml
2021-10-27 20:13:56 +05:30
SaN ThosH
0675ba8c67
Update and rename CVE-2021-42566.yaml to CVE-2021-42565.yaml
2021-10-27 20:10:59 +05:30
SaN ThosH
bbe3e7b542
Create CVE-2021-42566.yaml
2021-10-27 20:08:59 +05:30
sandeep
2d19236680
misc update
2021-10-27 18:21:06 +05:30
sandeep
6490a968b3
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205)
2021-10-27 18:01:04 +05:30
sandeep
2fa9791bdc
misc update
2021-10-26 14:32:23 +05:30
sandeep
1986e1211d
Adding condition between word matcher
2021-10-26 14:25:37 +05:30
Dwi Siswanto
9773130879
Remove blank lines
2021-10-26 15:31:41 +07:00
Dwi Siswanto
bf7070dbc7
Add CVE-2021-42258
2021-10-26 15:26:22 +07:00
Prince Chaddha
1db2405c25
Create CVE-2021-36749.yaml
2021-10-25 17:30:48 +05:30
GitHub Action
ed4d1afd12
Auto Generated CVE annotations [Fri Oct 22 09:40:47 UTC 2021] 🤖
2021-10-22 09:40:47 +00:00
Prince Chaddha
b39200b8e4
Update CVE-2021-33044.yaml
2021-10-21 15:47:46 +05:30
Philippe Delteil
56b0f60d5a
Update CVE-2021-41773.yaml
...
Fixes false positive due to IPS/
'Request denied by WatchGuard Firewall.</p><p><b> Reason: </b> IPS detected for "WEB Apache HTTP Server Path traversal (CVE-2021-41773)"'
2021-10-21 00:57:23 -03:00
GitHub Action
f05e7364ca
Auto Generated CVE annotations [Wed Oct 20 22:40:20 UTC 2021] 🤖
2021-10-20 22:40:20 +00:00
Prince Chaddha
10ebb22fb8
Merge pull request #2910 from gy741/rule-add-v65
...
Create CVE-2021-20031.yaml
2021-10-19 18:23:40 +05:30
Prince Chaddha
181dda73ec
Update CVE-2021-33044.yaml
2021-10-19 17:44:06 +05:30
GwanYeong Kim
02655a9f22
Create CVE-2021-33044.yaml
...
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-19 12:50:07 +09:00
sandeep
3175b12b22
Additional matcher
2021-10-19 03:19:32 +05:30
sandeep
33badb66d1
oob tags update
2021-10-19 02:10:26 +05:30
Prince Chaddha
9e37e202bd
Update CVE-2021-20031.yaml
2021-10-18 20:55:47 +05:30
Prince Chaddha
6346c6e93a
Update CVE-2021-20031.yaml
2021-10-18 20:52:36 +05:30
GwanYeong Kim
c7fc202ef1
Create CVE-2021-20031.yaml
...
A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-18 08:24:29 +09:00
GitHub Action
dc22f77a50
Auto Generated CVE annotations [Sun Oct 17 02:21:14 UTC 2021] 🤖
2021-10-17 02:21:14 +00:00
GitHub Action
1833c3de19
Auto Generated CVE annotations [Thu Oct 14 20:34:25 UTC 2021] 🤖
2021-10-14 20:34:25 +00:00
sandeep
1ef07b6ad9
Added CVE-2021-40438
2021-10-15 01:29:52 +05:30
sandeep
46fafc5a16
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates into pr/2893
2021-10-14 20:11:47 +05:30
sandeep
ac9cbb54b0
tags update
2021-10-14 20:10:59 +05:30
GitHub Action
b025811dd2
Auto Generated CVE annotations [Thu Oct 14 14:40:51 UTC 2021] 🤖
2021-10-14 14:40:51 +00:00
sandeep
58ebf6b043
Merge branch 'master' of https://github.com/nrathaus/nuclei-templates into pr/2893
2021-10-14 20:09:00 +05:30
sandeep
aad97c084c
misc update
2021-10-14 20:08:44 +05:30
GitHub Action
e8a32dbbf7
Auto Generated CVE annotations [Thu Oct 14 14:37:07 UTC 2021] 🤖
2021-10-14 14:37:07 +00:00
sandeep
f9f4e3327e
moving files around
2021-10-14 20:05:25 +05:30
Prince Chaddha
83dd71fe27
Merge pull request #2890 from pdelteil/patch-71
...
Update CVE-2021-41773.yaml
2021-10-14 16:25:15 +05:30
GitHub Action
e1adf856e4
Auto Generated CVE annotations [Thu Oct 14 10:52:45 UTC 2021] 🤖
2021-10-14 10:52:45 +00:00
Philippe Delteil
742677870a
Update CVE-2021-41773.yaml
...
shodan query added
2021-10-14 03:52:10 -03:00
Prince Chaddha
1e4fae76a3
Update CVE-2021-40978.yaml
2021-10-14 09:23:48 +05:30
PikPikcU
b22eb1ba01
Create CVE-2021-40978.yaml
2021-10-14 08:37:46 +07:00
GitHub Action
708adea285
Auto Generated CVE annotations [Wed Oct 13 08:57:56 UTC 2021] 🤖
2021-10-13 08:57:56 +00:00
sandeep
665e3f15e5
dynamic match
2021-10-10 18:27:15 +05:30
sandeep
9b1c57506b
Updating CVE-2021-41773 / CVE-2021-42013 to include RCE check
2021-10-10 06:00:43 +05:30
GitHub Action
462a599f56
Auto Generated CVE annotations [Fri Oct 8 13:57:22 UTC 2021] 🤖
2021-10-08 13:57:22 +00:00
Sandeep Singh
b58e2973ca
Merge pull request #2855 from geeknik/patch-34
...
Create CVE-2021-39327.yaml
2021-10-08 19:25:53 +05:30
sandeep
0e51fefd4b
misc update
2021-10-08 19:23:59 +05:30
GitHub Action
87c57ed4ac
Auto Generated CVE annotations [Fri Oct 8 13:40:21 UTC 2021] 🤖
2021-10-08 13:40:21 +00:00
Geeknik Labs
9e913ddb8e
Update CVE-2021-39327.yaml
2021-10-08 08:36:01 -05:00
Geeknik Labs
cc38e20d14
Create CVE-2021-39327.yaml
2021-10-08 08:31:41 -05:00
sandeep
b2fec03884
misc update
2021-10-08 02:42:44 +05:30
Naveen Sunkavally
dce764380c
yaml typo
2021-10-07 15:36:29 -04:00
Naveen Sunkavally
9384dd235e
template for CVE-2021-42013.yaml
2021-10-07 14:17:29 -04:00
SaN ThosH
a04df98f6f
Update CVE-2021-41878.yaml
2021-10-07 08:26:09 +05:30
Prince Chaddha
590e7d128b
Update CVE-2021-41878.yaml
2021-10-06 23:57:24 +05:30
Prince Chaddha
f0c69c4d83
Update CVE-2021-41878.yaml
2021-10-06 23:56:54 +05:30
Prince Chaddha
b204eedff5
Update CVE-2021-41467.yaml
2021-10-06 23:55:26 +05:30
SaN ThosH
7f9bb46eb8
Create CVE-2021-41878.yaml
2021-10-06 13:52:02 +05:30
SaN ThosH
b38a29fcce
Create CVE-2021-41467.yaml
2021-10-06 12:41:01 +05:30
Prince Chaddha
796ccd1d9d
Update CVE-2021-41773.yaml
2021-10-05 20:36:02 +05:30
sandeep
311f1b006c
more sources
2021-10-05 20:33:10 +05:30
sandeep
876a83371f
misc update
2021-10-05 20:32:16 +05:30
Muhammad Daffa
47720d5da6
Create CVE-2021-41773.yaml
2021-10-05 21:49:36 +07:00
Prince Chaddha
223d49db9c
Merge pull request #2786 from geeknik/patch-29
...
Create CVE-2021-41826.yaml
2021-10-05 09:34:43 +05:30
meme-lord
98f51394a7
Update CVE-2021-38314.yaml
...
Added my blog post on how to PoC it to the references
2021-10-04 18:20:43 +01:00
Prince Chaddha
ed07a99242
Update CVE-2021-41826.yaml
2021-10-04 22:20:00 +05:30
Prince Chaddha
5ede21e686
Merge pull request #2810 from gy741/rule-add-v64
...
Create CVE-2021-1499.yaml
2021-10-04 21:38:21 +05:30
Prince Chaddha
9c89100c2d
Update CVE-2021-1499.yaml
2021-10-04 21:36:06 +05:30
Prince Chaddha
5620395c94
Update CVE-2021-1499.yaml
2021-10-04 20:09:39 +05:30
Prince Chaddha
7182361020
Merge pull request #2814 from daffainfo/patch-234
...
Create CVE-2021-41649.yaml
2021-10-04 19:39:12 +05:30
Prince Chaddha
c8f24c940c
Merge pull request #2813 from daffainfo/patch-233
...
Create CVE-2021-41648.yaml
2021-10-04 19:38:49 +05:30
Prince Chaddha
8492360296
Update CVE-2021-41648.yaml
2021-10-04 19:34:16 +05:30
Prince Chaddha
0f5d9ac24d
Update CVE-2021-41649.yaml
2021-10-04 19:32:07 +05:30
GitHub Action
937db784ee
Auto Generated CVE annotations [Sun Oct 3 20:44:21 UTC 2021] 🤖
2021-10-03 20:44:21 +00:00
sandeep
6ab5ea4a63
Update CVE-2021-33357.yaml
2021-10-04 02:10:33 +05:30
sandeep
23c1cf45ce
Added working payload
2021-10-04 02:07:21 +05:30
sandeep
b2fa48e6a4
Update CVE-2021-33357.yaml
2021-10-03 22:41:42 +05:30
PikPikcU
90b924199d
Create CVE-2021-33357.yaml
2021-10-03 19:37:22 +07:00
Muhammad Daffa
c64937c70e
Update and rename CVE-2021-41648.yaml to CVE-2021-41649.yaml
2021-10-03 17:46:22 +07:00
Muhammad Daffa
c6fbeaebc5
Create CVE-2021-41648.yaml
2021-10-02 22:22:04 +07:00
Muhammad Daffa
670e3fe100
Create CVE-2021-41648.yaml
2021-10-02 22:16:40 +07:00
Sandeep Singh
f033458524
misc update
2021-10-02 18:02:45 +05:30
GitHub Action
ed2c42e833
Auto Generated CVE annotations [Sat Oct 2 12:30:44 UTC 2021] 🤖
2021-10-02 12:30:44 +00:00
GwanYeong Kim
1b3807a94d
Create CVE-2021-1499.yaml
...
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-02 16:33:51 +09:00
sandeep
aec246bf5b
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into CVE-2021-1497
2021-10-02 05:18:04 +05:30
Muhammad Daffa
3af984c55d
Create CVE-2021-40960.yaml
2021-10-01 21:52:29 +07:00
Geeknik Labs
5c802b1772
Create CVE-2021-41826.yaml
...
Add CVE-2021-41826, PlaceOS 1.2109.1 - Open Redirection
2021-09-30 12:19:17 -05:00
GitHub Action
c139eab58f
Auto Generated CVE annotations [Thu Sep 30 10:40:57 UTC 2021] 🤖
2021-09-30 10:40:57 +00:00
Prince Chaddha
e432ffe3cf
Merge pull request #2772 from pikpikcu/patch-291
...
Create CVE-2021-41381.yaml
2021-09-30 16:09:11 +05:30
Prince Chaddha
1a4635eaff
Update CVE-2021-41381.yaml
2021-09-30 15:58:53 +05:30
GitHub Action
61e41f9997
Auto Generated CVE annotations [Thu Sep 30 10:24:26 UTC 2021] 🤖
2021-09-30 10:24:26 +00:00
Prince Chaddha
5a94410f04
Update CVE-2021-40870.yaml
2021-09-30 15:50:41 +05:30
PikPikcU
8060293ebe
Create CVE-2021-40870.yaml
2021-09-30 13:57:47 +07:00
PikPikcU
006d368aca
Create CVE-2021-41381.yaml
2021-09-30 13:30:48 +07:00
sullo
a4563e5909
Add check for CVE-2021-1497
2021-09-29 17:49:02 -04:00
sullo
715c8de5c0
Changed CVE-2021-1497 to CVE-2021-1498 per original advisory. Added ref to original advisory.
2021-09-29 13:05:43 -04:00
Prince Chaddha
aac4c689b5
Update CVE-2021-24276.yaml
2021-09-29 00:24:48 +05:30
Prince Chaddha
58e6ee07a9
Update CVE-2021-24275.yaml
2021-09-29 00:22:52 +05:30
Prince Chaddha
c0912f3a08
Update CVE-2021-24226.yaml
2021-09-29 00:21:25 +05:30
Prince Chaddha
b1d6874462
Update CVE-2021-24274.yaml
2021-09-29 00:20:48 +05:30
Prince Chaddha
23d3993c46
Update CVE-2021-24226.yaml
2021-09-29 00:18:37 +05:30
GitHub Action
53651864fc
Auto Generated CVE annotations [Tue Sep 28 17:13:05 UTC 2021] 🤖
2021-09-28 17:13:05 +00:00
Dhiyaneshwaran
b4ea85bcb7
Create CVE-2021-24274.yaml
2021-09-28 22:41:56 +05:30
Dhiyaneshwaran
48f33d66f4
Update CVE-2021-24276.yaml
2021-09-28 22:41:24 +05:30
GitHub Action
0b79b925c9
Auto Generated CVE annotations [Tue Sep 28 17:08:48 UTC 2021] 🤖
2021-09-28 17:08:48 +00:00
Dhiyaneshwaran
a484d974a1
Create CVE-2021-24276.yaml
2021-09-28 22:37:40 +05:30
GitHub Action
f122f2c7b3
Auto Generated CVE annotations [Tue Sep 28 17:04:46 UTC 2021] 🤖
2021-09-28 17:04:46 +00:00
Dhiyaneshwaran
ed8bc69c87
Create CVE-2021-24275.yaml
2021-09-28 22:33:24 +05:30
GitHub Action
22cabd2ba8
Auto Generated CVE annotations [Tue Sep 28 16:57:55 UTC 2021] 🤖
2021-09-28 16:57:55 +00:00
Dhiyaneshwaran
b91abeab09
Create CVE-2021-24226.yaml
2021-09-28 22:26:37 +05:30
Prince Chaddha
e9e1492823
Merge pull request #2757 from daffainfo/patch-230
...
Create CVE-2021-40868.yaml
2021-09-28 15:47:34 +05:30
Prince Chaddha
436bcecfe9
Merge pull request #2755 from DhiyaneshGeek/master
...
CVE-2021-39320
2021-09-28 15:44:56 +05:30
GitHub Action
783be71a1c
Auto Generated CVE annotations [Tue Sep 28 10:14:40 UTC 2021] 🤖
2021-09-28 10:14:40 +00:00
Prince Chaddha
af85d5f6cc
Update CVE-2021-39320.yaml
2021-09-28 15:43:21 +05:30
Prince Chaddha
779302f717
Update CVE-2021-40868.yaml
2021-09-28 15:35:46 +05:30
GitHub Action
6a38e21a98
Auto Generated CVE annotations [Tue Sep 28 10:05:39 UTC 2021] 🤖
2021-09-28 10:05:39 +00:00
Geeknik Labs
ca7a035303
Update CVE-2021-3654.yaml
...
add reference
2021-09-27 20:58:51 -05:00
Geeknik Labs
2b635a352e
Create CVE-2021-3654.yaml
2021-09-27 20:53:50 -05:00
Muhammad Daffa
3fd4dfacde
Create CVE-2021-40868.yaml
2021-09-28 07:42:28 +07:00
GitHub Action
6f3678a7e8
Auto Generated CVE annotations [Mon Sep 27 17:17:13 UTC 2021] 🤖
2021-09-27 17:17:13 +00:00
Dhiyaneshwaran
f0dda40b1b
Create CVE-2021-39320.yaml
2021-09-27 22:45:53 +05:30
GitHub Action
fb776417b5
Auto Generated CVE annotations [Mon Sep 27 10:27:40 UTC 2021] 🤖
2021-09-27 10:27:40 +00:00
Prince Chaddha
09a75b8d74
Update CVE-2021-3577.yaml
2021-09-25 11:28:27 +05:30
GwanYeong Kim
7d57a07d86
Create CVE-2021-3577.yaml
...
Vulnerabilities in the interface of Motorola Baby Monitors could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:13:24 +09:00
Sandeep Singh
2c07be1945
Merge pull request #2737 from oscarintherocks/CVE-2021-40875
...
Added CVE-2021-40875 Template
2021-09-23 15:31:46 +05:30
sandeep
24376a47e7
Added shodan query
2021-09-23 15:30:58 +05:30
sandeep
b39b785461
misc update
2021-09-23 15:29:04 +05:30
GitHub Action
49f53e2e56
Auto Generated CVE annotations [Thu Sep 23 06:09:32 UTC 2021] 🤖
2021-09-23 06:09:32 +00:00
Prince Chaddha
e3dc2ef1ec
Update CVE-2021-39316.yaml
2021-09-23 10:58:40 +05:30
Muhammad Daffa
2df403879a
Create CVE-2021-39316.yaml
2021-09-23 07:07:52 +07:00
Óscar Marín
ff844ba63c
Added CVE-2021-40875 Template
2021-09-22 21:10:03 +02:00
sandeep
f1b6b4dc9b
improved matchers
2021-09-22 15:33:51 +05:30
PR3R00T
1bed5c9351
New VMWare Vcenter File upload check.
...
https://kb.vmware.com/s/article/85717 - taking the attached python script as validation.
2021-09-22 09:05:36 +01:00
sandeep
ff1537d7da
fixing tags typos
2021-09-21 15:43:08 +05:30
Sandeep Singh
39041648fb
Merge pull request #2718 from sullo/master
...
Typos and incorrect matcher information
2021-09-21 15:34:53 +05:30
GitHub Action
5219dd00b8
Auto Generated CVE annotations [Tue Sep 21 08:07:26 UTC 2021] 🤖
2021-09-21 08:07:26 +00:00
Sandeep Singh
7373045e14
Merge pull request #2691 from meme-lord/master
...
Added CVE-2021-38314 ( Redux Framework )
2021-09-21 13:35:30 +05:30
sandeep
27d8d4e4ec
misc update
2021-09-21 13:33:21 +05:30
sullo
b57620cce2
Typo and language corrections
2021-09-20 15:25:11 -04:00
Sandeep Singh
0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update
2021-09-18 18:19:07 +05:30
sandeep
320919c177
Merge branch 'master' of https://github.com/meme-lord/nuclei-templates into pr/2566
2021-09-17 18:47:28 +05:30
sandeep
8369de26de
misc update
2021-09-17 18:38:19 +05:30
GitHub Action
1f833a4e27
Auto Generated CVE annotations [Fri Sep 17 12:44:33 UTC 2021] 🤖
2021-09-17 12:44:33 +00:00
Prince Chaddha
0d9d58a46b
Update CVE-2021-30049.yaml
2021-09-17 17:56:34 +05:30
Muhammad Daffa
2bed4d9a92
Update CVE-2021-30049.yaml
2021-09-17 18:57:55 +07:00
Muhammad Daffa
ffafbe02f6
Create CVE-2021-30049.yaml
2021-09-17 18:55:39 +07:00
GitHub Action
d877a465c7
Auto Generated CVE annotations [Fri Sep 17 09:53:01 UTC 2021] 🤖
2021-09-17 09:53:01 +00:00
Prince Chaddha
e61dfc88ff
Merge pull request #2683 from daffainfo/patch-218
...
Workreap WordPress theme - unauthenticated RCE
2021-09-17 15:21:40 +05:30
Prince Chaddha
90e5aaf04a
Update CVE-2021-38314.yaml
2021-09-17 15:20:33 +05:30
sandeep
84c91cbfc3
misc update
2021-09-17 14:03:42 +05:30
Sandeep Singh
fe1f734ceb
Merge pull request #2681 from daffainfo/patch-217
...
OMIGOD - Open Management Infrastructure RCE
2021-09-17 13:45:46 +05:30
sandeep
728e36a99d
Update CVE-2021-38647.yaml
2021-09-17 13:42:40 +05:30
sandeep
e26a1bb759
misc update
2021-09-17 13:42:22 +05:30
Muhammad Daffa
b9cb5a8d72
Update CVE-2021-38647.yaml
2021-09-17 12:56:55 +07:00
Muhammad Daffa
6eed1c1f29
Update CVE-2021-38647.yaml
2021-09-17 05:49:53 +07:00
GitHub Action
0c18bafa42
Auto Generated CVE annotations [Thu Sep 16 17:31:46 UTC 2021] 🤖
2021-09-16 17:31:46 +00:00
Prince Chaddha
a3a750bc56
Merge pull request #2670 from pikpikcu/patch-271
...
Create CVE-2021-37833.yaml
2021-09-16 23:00:32 +05:30
GitHub Action
9b31b06493
Auto Generated CVE annotations [Thu Sep 16 17:29:49 UTC 2021] 🤖
2021-09-16 17:29:49 +00:00
Prince Chaddha
e442502fc5
Merge pull request #2672 from pikpikcu/patch-273
...
Added Jannah WordPress theme POC
2021-09-16 22:58:22 +05:30
Prince Chaddha
1ba6b92a13
Update CVE-2021-37833.yaml
2021-09-16 22:58:05 +05:30
Prince Chaddha
14dd731ba2
Update CVE-2021-24407.yaml
2021-09-16 22:51:39 +05:30
Prince Chaddha
684d541115
Update CVE-2021-24364.yaml
2021-09-16 22:51:27 +05:30
Prince Chaddha
ac93a8acaf
Update CVE-2021-24407.yaml
2021-09-16 22:46:36 +05:30
Prince Chaddha
d0df2974fd
Update CVE-2021-24499.yaml
2021-09-16 22:42:22 +05:30
GitHub Action
c40be75a13
Auto Generated CVE annotations [Thu Sep 16 17:04:58 UTC 2021] 🤖
2021-09-16 17:04:58 +00:00
Prince Chaddha
03ec41a0f6
Merge pull request #2671 from pikpikcu/patch-272
...
Create CVE-2021-35265.yaml
2021-09-16 22:33:42 +05:30
Prince Chaddha
d3c6985d3e
Update CVE-2021-35265.yaml
2021-09-16 22:31:41 +05:30
Sandeep Singh
77a468e9c7
Update and rename CVE-2021-38314.yml to CVE-2021-38314.yaml
2021-09-16 21:59:41 +05:30
Sandeep Singh
32d0a0d99d
Update CVE-2021-38314.yml
2021-09-16 21:56:49 +05:30
sandeep
676b51d20c
Metadata attribute update
2021-09-16 21:24:33 +05:30
meme-lord
ea4b5a5c81
Added Redux Framework 2021 CVE
2021-09-16 15:08:12 +01:00
GitHub Action
77c3dc36ac
Auto Generated CVE annotations [Thu Sep 16 13:13:57 UTC 2021] 🤖
2021-09-16 13:13:57 +00:00
Prince Chaddha
55d676dc77
Update CVE-2021-40539.yaml
2021-09-16 18:18:51 +05:30
Muhammad Daffa
da9e132232
Update CVE-2021-40539.yaml
2021-09-16 16:10:20 +07:00
Muhammad Daffa
3e2c882d84
Create CVE-2021-40539.yaml
2021-09-16 11:07:34 +07:00
Muhammad Daffa
e0cacf21df
Create CVE-2021-24499.yaml
2021-09-16 08:07:40 +07:00
sandeep
a7fbdb10ae
misc update - WIP
2021-09-15 22:00:09 +05:30
Muhammad Daffa
f168c83b44
Update CVE-2021-38647.yaml
2021-09-15 23:16:39 +07:00
Muhammad Daffa
03aa89e4de
Create CVE-2021-38647.yaml
2021-09-15 23:10:58 +07:00
GitHub Action
40b630e5cd
Auto Generated CVE annotations [Wed Sep 15 10:50:34 UTC 2021] 🤖
2021-09-15 10:50:34 +00:00
Prince Chaddha
d89b82f810
Update CVE-2021-24342.yaml
2021-09-15 14:35:51 +05:30
PikPikcU
88c319a148
Update CVE-2021-24342.yaml
2021-09-15 12:04:51 +07:00
PikPikcU
7a88129ee8
Update CVE-2021-24407.yaml
2021-09-15 12:03:37 +07:00
PikPikcU
9cf31a5078
Update CVE-2021-24364.yaml
2021-09-15 12:03:20 +07:00
PikPikcU
643623211c
Create CVE-2021-24342.yaml
2021-09-15 12:02:38 +07:00
PikPikcU
936ec94e23
Create CVE-2021-24407.yaml
2021-09-15 11:51:50 +07:00
PikPikcU
04ab1bb769
Create CVE-2021-24364.yaml
2021-09-15 11:45:52 +07:00
PikPikcU
3ca80153b3
Create CVE-2021-35265.yaml
2021-09-15 11:36:38 +07:00
PikPikcU
fde477de48
Update CVE-2021-37833.yaml
2021-09-15 11:32:11 +07:00
PikPikcU
796093ae5d
Create CVE-2021-37833.yaml
2021-09-15 11:26:23 +07:00
GitHub Action
d39ba8391e
Auto Generated CVE annotations [Tue Sep 14 15:20:20 UTC 2021] 🤖
2021-09-14 15:20:20 +00:00
sandeep
6e5255514d
misc update
2021-09-14 20:47:58 +05:30
sandeep
5b09b9ca11
misc update
2021-09-14 20:15:44 +05:30
Prince Chaddha
ede2e49751
Update CVE-2021-21287.yaml
2021-09-14 16:52:28 +05:30
PikPikcU
4b1bca299d
Create CVE-2021-21287.yaml
2021-09-14 17:31:27 +07:00
sandeep
acbb038e01
misc update
2021-09-14 01:22:44 +05:30
sandeep
162928ed27
Update CVE-2021-26295.yaml
2021-09-12 17:16:47 +05:30
sandeep
34bba4e794
misc update
2021-09-12 17:10:52 +05:30
Ice3man543
e9f728c321
Added cve annotations + severity adjustments
2021-09-10 16:56:40 +05:30
Sandeep Singh
cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags
2021-09-10 12:32:47 +05:30
Philippe Delteil
bcc55f6a3f
Update CVE-2021-26084.yaml
...
Some targets worked without the ?SpaceKey=x
2021-09-09 17:38:22 -03:00
sandeep
bd24dc198e
Coverage for all templates using tags
2021-09-09 19:08:13 +05:30
sandeep
609705f676
removed extra headers not required for template
2021-09-08 17:47:19 +05:30
Prince Chaddha
c87a4b2022
Merge pull request #2594 from push4d/CVE-2021-20114
...
Add files via upload
2021-09-06 17:52:37 +05:30
Prince Chaddha
54e5eea581
Update CVE-2021-20114.yaml
2021-09-06 17:48:01 +05:30
Prince Chaddha
e1ab21616f
Update CVE-2021-20114.yaml
2021-09-06 17:30:51 +05:30
Prince Chaddha
0f5c79bc6e
Merge pull request #2582 from daffainfo/patch-198
...
Create CVE-2021-29625.yaml
2021-09-06 16:56:43 +05:30
push4d
47a892d375
Add files via upload
2021-09-06 13:21:29 +02:00
Prince Chaddha
21a7fc63a5
Update CVE-2021-29625.yaml
2021-09-06 15:16:12 +05:30
sullo
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
Muhammad Daffa
062487f9e8
Create CVE-2021-29625.yaml
2021-09-05 17:12:40 +07:00
Sandeep Singh
f168615b37
Merge pull request #2554 from projectdiscovery/CVE-2021-22145
...
Added CVE-2021-22145
2021-09-03 14:47:13 +05:30
Sandeep Singh
6daa8a3d3e
Merge pull request #1883 from johnjhacking/patch-3
...
Create Netmask SSRF Template
2021-09-03 13:17:08 +05:30
sandeep
eea43b6304
Update CVE-2021-28918.yaml
2021-09-03 13:14:24 +05:30
sandeep
f81851b53b
few fixes
2021-09-03 13:10:35 +05:30
Sandeep Singh
c78d1bae92
Merge pull request #2555 from pdelteil/patch-46
...
Update CVE-2021-26084.yaml
2021-09-03 12:42:18 +05:30
sandeep
2d104a0053
Added multiple endpoint support
2021-09-03 12:40:20 +05:30
John Jackson
56af312e25
Added an additional check
...
Hello, when you get the change, please check the changes. I removed some of the methods and cleaned it up + made a matcher for /etc/passwd. Thanks!
2021-09-02 22:48:24 -06:00
Prince Chaddha
c38cb4a7b2
Update and rename CVE-2021-34370.yaml to cves/2021/CVE-2021-34370.yaml
2021-09-03 09:16:36 +05:30
Sandeep Singh
cdd022c29d
Merge pull request #2550 from projectdiscovery/adding-sfm
...
Added stop-at-first-match in applicable templates
2021-09-02 23:09:21 +05:30
Philippe Delteil
fb0aabfe96
Update CVE-2021-26084.yaml
...
Extra paths were I did found vulnerable assets
2021-09-02 13:35:07 -04:00
sandeep
c2048eb6b5
Added CVE-2021-22145
...
Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-02 22:07:29 +05:30
sandeep
c266084621
Added stop-at-first-match in applicable templates
2021-09-02 17:29:10 +05:30
Prince Chaddha
0832288afb
Merge pull request #2536 from projectdiscovery/CVE-2021-31856
...
Create CVE-2021-31856.yaml
2021-09-02 17:03:42 +05:30
Sandeep Singh
71531d8467
Merge pull request #2444 from pikpikcu/patch-257
...
Added CVE-2021-32819
2021-09-02 00:35:45 +05:30
sandeep
6c1dc4de74
avoiding lint warnings
2021-09-02 00:28:41 +05:30
sandeep
38b456eb34
safe payload + reference
2021-09-02 00:04:06 +05:30
Prince Chaddha
ff05dfd60b
Create CVE-2021-31856.yaml
2021-09-01 17:45:54 +05:30
sandeep
8d5172ed62
Removed unused headers
...
Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-01 02:11:40 +05:30
sandeep
f1f5add797
Added CVE-2021-26084
...
Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-01 02:10:27 +05:30
Prince Chaddha
eb820fe1f2
Update CVE-2021-24288.yaml
2021-08-31 11:07:38 +05:30
Prince Chaddha
886c06b53e
Rename CVE-2021-24288.yaml to cves/2021/CVE-2021-24288.yaml
2021-08-31 10:57:44 +05:30
Noam Rathaus
0e9ce643db
Updated
2021-08-30 12:51:47 +03:00
sandeep
ac68ef0e9a
misc updates
2021-08-29 14:44:12 +05:30
Noam Rathaus
5f446d4553
Updated description
2021-08-29 09:47:35 +03:00
Noam Rathaus
5526895971
Fix description
2021-08-29 09:45:32 +03:00
Noam Rathaus
f6e9fea5c4
Update the description
2021-08-29 09:43:37 +03:00
forgedhallpass
a4250b8f2f
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-26 15:04:14 +03:00
sandeep
7a2138a8c8
few updates
2021-08-26 15:27:01 +05:30
sandeep
9ada252cdb
misc update
2021-08-26 15:25:05 +05:30
Bùi Đại Gia
7a468632dc
Create CVE-2021-26086.yaml
2021-08-26 10:45:56 +07:00
sandeep
05305904ef
more strict matchers
2021-08-26 02:43:53 +05:30
forgedhallpass
110f9c9ddd
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-24 20:38:11 +03:00
Sandeep Singh
9e4b63b669
Merge pull request #2475 from pajoda/CVE-2021-37538
...
Create CVE-2021-37538.yaml
2021-08-24 18:35:53 +05:30
sandeep
5410d9ab85
minor update
2021-08-24 18:35:13 +05:30
Prince Chaddha
8361cbe8c3
Update CVE-2021-21234.yaml
2021-08-24 15:19:47 +05:30
Prince Chaddha
bdd2f700be
Update CVE-2021-21234.yaml
2021-08-24 14:16:14 +05:30
PikPikcU
63e208e3d7
Update CVE-2021-21234.yaml
2021-08-24 14:47:25 +07:00
pajoda
11b6899c9e
Create CVE-2021-37538.yaml
2021-08-24 01:42:35 +00:00
sandeep
91a429c5d1
minor update
2021-08-21 01:12:52 +05:30
PikPikcU
611d5f76dd
Create CVE-2021-32819.yaml
2021-08-20 20:19:00 +07:00
forgedhallpass
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
sandeep
3f803deb28
more updates
2021-08-20 02:14:42 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
Sandeep Singh
2510c01fac
Merge pull request #2419 from dwisiswant0/add/CVE-2021-38751
...
Add CVE-2021-38751
2021-08-19 20:09:48 +05:30
forgedhallpass
97d4f8705b
Fixed mistakes/typos
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass
0b432b341b
Added comments with URLs under the "references" field
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
Dwi Siswanto
33ec4eddbf
Update regEx matcher
2021-08-19 06:39:09 +07:00
Dwi Siswanto
09cf9f35eb
Update matcher using regex instead
2021-08-18 20:54:49 +07:00
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
forgedhallpass
4c920b2552
Rename "references" to "reference" to match the expected template info structure
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha
f021817d65
Update CVE-2021-38702.yaml
2021-08-17 22:06:37 +05:30
Geeknik Labs
888c9a4573
Create CVE-2021-38702.yaml
2021-08-17 08:11:02 -05:00
Prince Chaddha
7bb40042a3
Update CVE-2021-38751.yaml
2021-08-17 17:13:45 +05:30
Prince Chaddha
ec9b83bd1f
Update CVE-2021-38751.yaml
2021-08-17 17:12:51 +05:30
Prince Chaddha
beb11d77e3
Update CVE-2021-32030.yaml
2021-08-17 17:05:12 +05:30
Dwi Siswanto
8fa76f68f6
Add CVE-2021-38751
2021-08-17 02:18:49 +07:00
GwanYeong Kim
c11328da0b
Create CVE-2021-32030.yaml
...
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-16 20:13:22 +09:00
Prince Chaddha
272dec095d
Update CVE-2021-33807.yaml
2021-08-16 13:55:31 +05:30
Muhammad Daffa
b426441cf4
Update CVE-2021-33807.yaml
2021-08-16 06:47:56 +07:00
Muhammad Daffa
fa8c120f90
Create CVE-2021-33807.yaml
2021-08-16 06:47:24 +07:00
sandeep
e9e84a4b36
minor update
2021-08-15 00:57:33 +05:30
pajoda
b15ed3324c
Include path for unpatched old versions
2021-08-14 19:18:15 +00:00
pajoda
5d3d6ca911
Maintain matcher and extractor consistency
2021-08-14 18:56:37 +00:00
pajoda
c9fa891245
Improve template metadata
2021-08-14 16:34:59 +00:00
pajoda
180219cc63
Add CVE-2021-37704 template
2021-08-14 16:22:35 +00:00
Prince Chaddha
09e48ac8b4
Merge pull request #2396 from geeknik/patch-18
...
Create CVE-2021-37573.yaml
2021-08-14 14:43:11 +05:30
Prince Chaddha
b5123f5abe
Update CVE-2021-37573.yaml
2021-08-14 14:40:52 +05:30
Prince Chaddha
4c811a4dc2
Update CVE-2021-3017.yaml
2021-08-14 14:03:43 +05:30
Prince Chaddha
09284afb09
Update CVE-2021-3017.yaml
2021-08-14 13:58:04 +05:30
Prince Chaddha
916d421b98
Update CVE-2021-3017.yaml
2021-08-14 13:56:56 +05:30
PikPikcU
29e8c790fc
Create CVE-2021-3017.yaml
2021-08-14 13:32:59 +07:00
Geeknik Labs
344fba3089
Update CVE-2021-37573.yaml
2021-08-13 17:17:35 -05:00
Geeknik Labs
eed8e2e573
Update CVE-2021-37573.yaml
2021-08-13 17:17:18 -05:00
Geeknik Labs
1ea3dfe3b7
Create CVE-2021-37573.yaml
2021-08-13 17:14:13 -05:00
SaN ThosH
035ee06740
Update CVE-2021-35464.yaml
2021-08-13 16:22:36 +05:30
sandeep
c537e2ccd4
minor update
2021-08-12 22:09:42 +05:30
Sandeep Singh
a0275a9aeb
Merge pull request #2370 from evait-security/master
...
add ProxyShell detection template
2021-08-12 22:08:59 +05:30
sandeep
b69cd23cf4
minor updates
2021-08-12 21:24:09 +05:30
sandeep
a69a8718c7
removing extra headers
2021-08-12 14:11:49 +05:30
sandeep
7c076d7e0e
Added CVE-2021-20092
2021-08-11 18:28:37 +05:30
sandeep
b64f472b91
Added CVE-2021-20091
2021-08-11 17:58:20 +05:30
sandeep
76d184331c
minor update
2021-08-11 17:57:58 +05:30
sandeep
74a17976a8
Update CVE-2021-20090.yaml
2021-08-10 22:23:57 +05:30
sandeep
d84eb0fd7e
Added CVE-2021-20090
2021-08-10 22:21:46 +05:30
Paul Werther
36e43b66ec
follow redirect, compare body instead of status code, eliminate false positives
2021-08-10 10:53:58 +02:00
Paul Werther
ff558bd94e
add second url for more stable detection
2021-08-10 10:17:37 +02:00
Paul Werther
99d41391e7
add ProxyShell detection template
2021-08-10 09:59:06 +02:00
sandeep
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
sandeep
28f1036194
minor update
2021-08-08 22:57:07 +05:30
sandeep
b59341b273
minor update
2021-08-06 21:23:46 +05:30
sandeep
34f905286a
moving files around
2021-08-05 12:52:50 +05:30
sandeep
40f3693456
Added page specific matcher
2021-08-04 21:32:50 +05:30
Prince Chaddha
c7871dc7a6
Merge pull request #2021 from daffainfo/patch-59
...
Create CVE-2021-24235.yaml
2021-08-04 20:02:01 +05:30
Prince Chaddha
98e5c69560
Update CVE-2021-24235.yaml
2021-08-04 20:00:11 +05:30
sandeep
515d469506
strict matchers
2021-08-04 12:10:24 +05:30
Sandeep Singh
5965a3e44c
Merge pull request #2319 from dwisiswant0/add/CVE-2021-37216
...
Add CVE-2021-37216
2021-08-03 20:40:52 +05:30
sandeep
a3347504fe
minor update
2021-08-03 20:18:40 +05:30
sandeep
1b5420bc4b
updated matcher
2021-08-03 20:14:14 +05:30
Prince Chaddha
62bcd6932d
Merge pull request #2198 from gy741/rule-add-v43
...
Create CVE-2021-32305.yaml
2021-08-03 20:02:32 +05:30
Dwi Siswanto
f59905ced2
Add CVE-2021-37216
2021-08-03 21:31:33 +07:00
Muhammad Daffa
63cda4e1ef
Update CVE-2021-24235.yaml
2021-08-03 14:58:19 +07:00
sandeep
e2b20b8f01
Adding metadata
2021-08-02 23:16:05 +05:30
Sandeep Singh
249c39af51
Merge pull request #2299 from httpvoid/master
...
Add CVE-2021-29484 - Ghost CMS DOM XSS
2021-08-02 23:13:22 +05:30
Harsh Jaiswal
3f8e3ce2d0
Update cves/2021/CVE-2021-29484.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-02 23:05:35 +05:30
Prince Chaddha
7aa7401f3a
Merge pull request #2278 from gy741/rule-add-v44
...
Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30
sandeep
a1d73379aa
Added CVE-2021-27561
2021-08-02 18:25:13 +05:30
Prince Chaddha
c670df2925
Update CVE-2021-21816.yaml
2021-08-02 17:57:09 +05:30
Prince Chaddha
5c7a745e04
Merge pull request #2298 from gy741/rule-add-v47
...
Create CVE-2021-3297.yaml
2021-08-02 17:18:29 +05:30
Prince Chaddha
27f96f96c4
Update CVE-2021-3297.yaml
2021-08-02 17:12:42 +05:30
Prince Chaddha
2c0ecb01b3
Update CVE-2021-3297.yaml
2021-08-02 17:09:52 +05:30
Prince Chaddha
bae8422cfb
Update CVE-2021-3297.yaml
2021-08-02 17:06:07 +05:30
Noam Rathaus
37608a954c
Description
2021-08-02 12:56:17 +03:00
Noam Rathaus
6950d325e6
Update description
2021-08-02 12:55:21 +03:00
rootxharsh
6f2d74337e
Add CVE-2021-29484.yaml
2021-08-02 13:28:24 +05:30
GwanYeong Kim
bfa043e51f
Create CVE-2021-3297.yaml
...
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 16:35:38 +09:00
Sandeep Singh
81572ce596
Merge pull request #2292 from geeknik/patch-4
...
Update CVE-2021-31581.yaml
2021-08-02 02:09:32 +05:30
Sandeep Singh
b04dc13dcd
Update CVE-2021-31581.yaml
2021-08-02 02:08:28 +05:30
Sandeep Singh
d416aea142
Merge pull request #2279 from gy741/rule-add-v45
...
Create CVE-2021-36380.yaml
2021-08-02 01:36:56 +05:30
sandeep
ebf1653d65
Update CVE-2021-36380.yaml
2021-08-02 01:33:10 +05:30
Sandeep Singh
76fb40314a
Merge pull request #2277 from pikpikcu/patch-241
...
Update CVE-2021-3223
2021-08-02 01:15:39 +05:30
sandeep
5c22441bac
Update CVE-2021-3223.yaml
2021-08-02 01:11:43 +05:30
Geeknik Labs
9cbb151600
Update CVE-2021-31581.yaml
...
Fixes https://github.com/projectdiscovery/nuclei-templates/issues/2285 . 👍🏻
2021-08-01 10:59:39 -05:00
Noam Rathaus
03dfb4bff6
More references
2021-08-01 09:16:33 +03:00
Noam Rathaus
3de7af6018
Better reference
2021-08-01 09:14:14 +03:00
GwanYeong Kim
0678e7d233
Create CVE-2021-36380.yaml
...
The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 03:10:49 +09:00
GwanYeong Kim
5b3529bad5
Create CVE-2021-21816.yaml
...
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-01 02:42:48 +09:00
PikPikcU
ae672521d9
Update CVE-2021-3223.yaml
2021-07-31 16:12:48 +07:00
GwanYeong Kim
12b832cc36
Create CVE-2021-32305.yaml
...
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 09:24:35 +09:00
sandeep
9c66387f0f
More CVEs Template
2021-07-26 22:48:45 +05:30
sandeep
b990243906
uniform tags
2021-07-26 14:25:43 +05:30
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Muhammad Daffa
3d90fd1047
Fix wrong regex matcher
2021-07-24 17:10:02 +07:00
sandeep
e97e2a4f2a
Template update
2021-07-24 06:22:48 +05:30
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
7d72783090
WIP improvements
2021-07-22 16:32:37 +05:30
sandeep
938fdeec8f
Added CVE-2021-34429 and fixed related templates
2021-07-22 15:23:19 +05:30
Dhiyaneshwaran
8d8f39c26f
Create CVE-2021-32820.yaml
2021-07-21 10:40:13 +05:30
Prince Chaddha
7020d17f13
Merge pull request #2107 from daffainfo/patch-90
...
Create CVE-2021-23241.yaml
2021-07-20 17:26:37 +05:30
sandeep
8f8105bb99
Update CVE-2021-23241.yaml
2021-07-20 16:00:00 +05:30
Prince Chaddha
41c9c3e3f9
Update CVE-2021-23241.yaml
2021-07-20 14:25:37 +05:30
Prince Chaddha
86a7fad73a
Update CVE-2021-23241.yaml
2021-07-20 14:23:39 +05:30
Prince Chaddha
1fc173982d
Update CVE-2021-21479.yaml
2021-07-20 14:22:31 +05:30
Muhammad Daffa
c63bb91bdb
Create CVE-2021-23241.yaml
2021-07-20 15:52:10 +07:00
Prince Chaddha
94511129f6
Merge pull request #2076 from dwisiswant0/GHSL-2020-227
...
Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479
2021-07-20 14:20:31 +05:30
Prince Chaddha
d738d2c9a3
Update CVE-2021-21479.yaml
2021-07-20 14:18:21 +05:30
Prince Chaddha
b10b8a61b8
Update CVE-2021-21479.yaml
2021-07-20 14:16:30 +05:30
Prince Chaddha
0af69ac0fd
Update CVE-2021-21479.yaml
2021-07-20 14:15:45 +05:30
Muhammad Daffa
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
Prince Chaddha
eb15971f16
Merge pull request #2096 from geeknik/patch-4
...
Create CVE-2021-26475.yaml
2021-07-20 11:53:45 +05:30
Sandeep Singh
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep
9d19d5fb5b
description update
2021-07-20 00:12:01 +05:30
sandeep
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30
Geeknik Labs
39acc90454
Create CVE-2021-26475.yaml
...
CVE-2021-26475 -- EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
2021-07-19 08:34:21 -05:00
sandeep
eec253fdd8
minor update
2021-07-19 16:53:47 +05:30
Prince Chaddha
707083438e
Update CVE-2021-24389.yaml
2021-07-19 11:37:51 +05:30
Prince Chaddha
751f4e099c
Update CVE-2021-24335.yaml
2021-07-19 11:37:18 +05:30
Prince Chaddha
c8ee50bd9b
Update CVE-2021-24320.yaml
2021-07-19 11:36:45 +05:30
Prince Chaddha
06a82e2c78
Update CVE-2021-24298.yaml
2021-07-19 11:36:11 +05:30
Suman Kar
77fd227376
Update CVE-2021-24498.yaml
2021-07-19 10:45:58 +05:30
Suman Kar
556a94136b
Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-07-19 10:40:50 +05:30
Sandeep Singh
f9c8314092
Merge pull request #2077 from gy741/rule-add-v27
...
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
2021-07-18 23:17:40 +05:30
sandeep
c56680cef3
Additional matcher
2021-07-18 23:14:19 +05:30
Sandeep Singh
9971674b36
Update CVE-2021-21479.yaml
2021-07-18 22:54:34 +05:30
sandeep
3088fb5431
Removing CVE-2021-24213
...
As per blog - https://bentl.ee/posts/cve-givewp/
> This vulnerability requires user interaction from an admin in order to be exploited.
2021-07-18 22:39:37 +05:30
sandeep
76e95ac1e5
Minor improvements
2021-07-18 22:36:15 +05:30
Dhiyaneshwaran
22fa4de8d8
Update CVE-2021-21307.yaml
2021-07-18 19:33:28 +05:30
Dhiyaneshwaran
e692d81999
Update CVE-2021-21307.yaml
2021-07-18 19:24:46 +05:30
Dhiyaneshwaran
0a8d2ffdcc
Create CVE-2021-21307.yaml
2021-07-18 19:19:19 +05:30
GwanYeong Kim
4414ff60db
Create Advantech R-SeeNet Multiple Reflected XSS vulnerabilities
...
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 22:12:01 +09:00
Dhiyaneshwaran
0a01f0cd79
Create CVE-2021-24213.yaml
2021-07-18 16:44:57 +05:30
Dwi Siswanto
e4b2316bf0
Add CVE-2021-21479
2021-07-18 11:11:56 +07:00
Prince Chaddha
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Muhammad Daffa
9360b48a90
Create CVE-2021-24235.yaml
2021-07-15 18:03:53 +07:00
Prince Chaddha
456f5d6b15
Merge pull request #2014 from daffainfo/patch-57
...
Create CVE-2021-24320.yaml
2021-07-15 14:51:34 +05:30
Prince Chaddha
d00d4f37f5
Update CVE-2021-24320.yaml
2021-07-15 14:43:35 +05:30
Prince Chaddha
39def9b6e1
Merge pull request #2008 from daffainfo/patch-53
...
Create CVE-2021-24335.yaml
2021-07-15 14:35:27 +05:30
Prince Chaddha
d73599eb3c
Merge pull request #2006 from daffainfo/patch-51
...
Create CVE-2021-24389.yaml
2021-07-15 14:32:09 +05:30
Prince Chaddha
799e7109c3
Update CVE-2021-24389.yaml
2021-07-15 14:30:23 +05:30
Prince Chaddha
7a1e276d7b
Update CVE-2021-24335.yaml
2021-07-15 14:27:55 +05:30
Prince Chaddha
2f41c4de62
Update CVE-2021-24298.yaml
2021-07-15 14:15:49 +05:30
GwanYeong Kim
1c729ab1ea
Create CVE-2021-31755.yaml
...
Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 15:09:26 +09:00
Muhammad Daffa
031cd24480
Create CVE-2021-24298.yaml
2021-07-15 10:52:21 +07:00
Muhammad Daffa
ca75afe52c
Create CVE-2021-24320.yaml
2021-07-15 10:38:35 +07:00
Muhammad Daffa
e34ec6c05c
Create CVE-2021-24335.yaml
2021-07-15 07:06:50 +07:00
Muhammad Daffa
6a0d2d2b90
Create CVE-2021-24389.yaml
2021-07-15 06:54:35 +07:00
sandeep
b6ec1c2abb
Added reference
2021-07-13 19:22:59 +05:30
Sandeep Singh
b4e21feadd
Rename cve-2021-24472.yaml to CVE-2021-24472.yaml
2021-07-13 19:21:21 +05:30
sandeep
6d6b30e9cf
matcher update
2021-07-13 19:20:10 +05:30
Suman Kar
9aeac41fbc
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-07-13 18:42:05 +05:30
Sandeep Singh
9a09d52520
Merge pull request #1951 from gy741/rule-add-v22
...
Create CVE-2021-33544.yaml
2021-07-13 16:30:44 +05:30
Sandeep Singh
43d4644164
Update CVE-2021-33544.yaml
2021-07-13 16:29:55 +05:30
Sandeep Singh
bb53177a74
Update CVE-2021-33544.yaml
2021-07-13 16:26:33 +05:30
Sandeep Singh
89e1a8da93
Merge pull request #1962 from dwisiswant0/hotfix/CVE-2020-24148
2021-07-13 05:01:01 +05:30
Dwi Siswanto
a91516cbb5
Misplaced of CVE-2020-24148
2021-07-13 05:24:03 +07:00
Sandeep Singh
e23f378fe8
Merge pull request #1943 from gy741/rule-add-v21
...
Create CVE-2021-30497.yaml
2021-07-13 01:00:59 +05:30
Sandeep Singh
dec41b5631
Merge pull request #1950 from dwisiswant0/add/CVE-2020-24148
...
Add CVE-2020-24148
2021-07-13 00:52:08 +05:30
GwanYeong Kim
0e1e727bb1
Create CVE-2021-33544.yaml
...
Multiple vulnerabilities in the web-based management interface of Geutebruck could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
CVE-2021-33543 : Authentication Bypass
CVE-2021-33544 : Command injection multiple parameters
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-12 13:10:31 +09:00
Dwi Siswanto
4ea2c71a3d
Add CVE-2020-24148
2021-07-12 09:24:50 +07:00
GwanYeong Kim
c0f5105dcf
Create CVE-2021-30497.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-11 18:31:18 +09:00
sandeep
25dcb930ad
Added CVE-2021-29156
2021-07-11 14:39:41 +05:30
sandeep
01ae482fe8
Added CVE-2021-34621
2021-07-10 22:31:08 +05:30
Sandeep Singh
97023903a0
Merge pull request #1918 from gy741/rule-add-v19
...
Create Hongdian Vulnerability
2021-07-10 21:24:56 +05:30
Sandeep Singh
5ca472b43e
Merge pull request #1880 from gy741/rule-add-v13
...
Create CVE-2021-1497.yaml
2021-07-10 20:55:14 +05:30
sandeep
1cd29628aa
more reference
2021-07-10 20:54:04 +05:30
sandeep
7f37050361
Added HTTP check
2021-07-10 20:53:23 +05:30
sandeep
dd9e85a29c
Added missing condition
2021-07-10 20:47:20 +05:30
sandeep
1e8aa5288f
Update CVE-2021-1497.yaml
2021-07-10 20:45:00 +05:30
sandeep
767f173f88
minor updates
2021-07-10 18:45:09 +05:30
GwanYeong Kim
3bf1c929ed
Create Hongdian Vulnerability
...
CVE-2021-28149 : Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
CVE-2021-28150 : Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
CVE-2021-28151 : Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-10 21:16:35 +09:00
sandeep
c2f87a94c6
Added complete RCE chain
2021-07-10 13:42:09 +05:30
Geeknik Labs
d5cbcec079
Update CVE-2021-22214.yaml
...
dns interaction doesn't prove exploitability
2021-07-07 03:50:13 +00:00
Sandeep Singh
2aa91bbf24
Rename cve-2021-24387.yaml to CVE-2021-24387.yaml
2021-07-06 20:29:47 +05:30
Suman Kar
78617f6012
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
2021-07-06 19:51:53 +05:30
sandeep
59199ad35e
Update CVE-2021-28918.yaml
...
Removed version as multiple reference includes multiple versions.
2021-07-06 12:45:50 +05:30
sandeep
7fb23a24b9
minor update
2021-07-06 12:41:16 +05:30
John Jackson
ede7ca07d0
Fixing Trailing Spaces
...
As stated.
2021-07-06 01:05:03 -06:00
John Jackson
5d74f7e2e4
Update CVE-2021-28918.yaml
...
Fixing trailing spaces.
2021-07-06 01:03:18 -06:00
John Jackson
7dd0795296
Create Netmask SSRF Template
...
The basic test to fuzz for the netmask SSRF vulnerability would be to use an Octal payload that resolves to the localhost. I limited it to 4 basic testing payloads as to not slow down the speed of a full-length CVE directories test.
2021-07-06 00:50:43 -06:00
sandeep
6dd96ede94
Added additional reference
2021-07-06 12:12:09 +05:30
sandeep
fc68a95803
Template Name/ID update as per assigned CVE
2021-07-06 12:07:53 +05:30
GwanYeong Kim
71dd0de29d
Create CVE-2021-1497.yaml
...
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-06 09:30:13 +09:00
Prince Chaddha
56ccb9f3a4
Merge pull request #1822 from Akokonunes/patch-13
...
Create CVE-2021-24210.yaml
2021-07-01 00:00:03 +05:30
Prince Chaddha
f44c3e597f
Update and rename CVE-2021-24210.yaml to cves/2021/CVE-2021-24210.yaml
2021-06-30 23:45:27 +05:30
Prince Chaddha
87a1d1acce
Merge pull request #1823 from Akokonunes/patch-14
...
Create CVE-2021-24406.yaml
2021-06-30 23:44:03 +05:30
Prince Chaddha
6a6607c282
Update and rename CVE-2021-24406.yaml to cves/2021/CVE-2021-24406.yaml
2021-06-30 23:43:06 +05:30
Sandeep Singh
dbcdbe907e
Merge pull request #1797 from Mad-robot/patch-2
...
Create CVE-2021-29203.yaml
2021-06-30 21:27:35 +05:30
sandeep
2d63ddfa20
minor update
2021-06-30 21:27:06 +05:30
Sandeep Singh
3602eebf6c
Merge pull request #1780 from wwilson83H3/master
...
The default request never flagged druid in my env. Replaced with MSF …
2021-06-30 20:32:14 +05:30
Sandeep Singh
d1f47657a9
Update CVE-2021-25646.yaml
2021-06-30 20:31:15 +05:30
Sandeep Singh
cfcb739fbc
more changes
2021-06-30 20:28:41 +05:30
sandeep
498586e854
Added additional matcher and full exploit chain details
2021-06-30 03:01:13 +05:30
SaN ThosH
8b0b2a169d
Update CVE-2021-35464.yaml
2021-06-29 18:02:33 +05:30
SaN ThosH
2d4c8cb434
Create CVE-2021-35464.yaml
2021-06-29 17:26:37 +05:30
Prince Chaddha
8ae56492d8
Update CVE-2021-29203.yaml
2021-06-29 10:13:41 +05:30
Sandeep Singh
40782db039
Merge pull request #1771 from gy741/rule-add-v7
...
Create CVE-2021-3223.yaml
2021-06-28 21:43:59 +05:30
sandeep
b97811a143
Update CVE-2021-3223.yaml
2021-06-28 21:43:04 +05:30
SaN ThosH
cb5c53aef3
Create CVE-2021-29203.yaml
2021-06-26 13:40:30 +05:30
Prince Chaddha
bae4998f81
Merge pull request #1766 from gy741/rule-add-v6
...
Create CVE-2021-21234.yaml
2021-06-25 16:50:36 +05:30
Prince Chaddha
2d40d90715
Update CVE-2021-21234.yaml
2021-06-25 12:53:22 +05:30
sandeep
426abedcfa
severity updates as per CVE database
2021-06-25 00:05:59 +05:30
Sandeep Singh
e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187
...
Create CVE-2021-28169.yaml
2021-06-25 00:02:51 +05:30
sandeep
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
Sandeep Singh
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
sandeep
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
sandeep
809668943f
minor changes
2021-06-24 23:54:29 +05:30
wyatt
16e5ad7fad
The default request never flagged druid in my env. Replaced with MSF request and it flags everytime now
2021-06-24 13:37:45 -04:00
PikPikcU
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
GwanYeong Kim
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
GwanYeong Kim
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
sandeep
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
lulz
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
lulz
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
Sandeep Singh
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
lulz
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
Noam Rathaus
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
Sandeep Singh
9200ac068a
Merge pull request #1714 from skar4444/unauthenticated-CI-lint-API
...
CVE 2021-22214 - Unauthenticated Gitlab SSRF - CI Lint API
2021-06-18 15:08:33 +05:30
sandeep
b301c830a3
final improvements
2021-06-18 15:02:17 +05:30
sandeep
27d67855e8
misc changes
2021-06-18 14:42:13 +05:30
Sandeep Singh
4f0bfc9362
Merge pull request #1705 from projectdiscovery/CVE-2021-28854
...
Added CVE-2021-28854
2021-06-18 12:52:42 +05:30
Prince Chaddha
bfa70bacf5
Update CVE-2021-21975.yaml
2021-06-17 22:55:10 +05:30
Noam Rathaus
01b77a7ed2
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-17 16:54:18 +03:00
Dwi Siswanto
8a1d7bd7d2
Hotfix FP of CVE-2021-24146
2021-06-17 08:16:54 +07:00