Prince Chaddha
86989129d1
Update netgear-wnap320-rce.yaml
2021-07-26 13:38:38 +05:30
GwanYeong Kim
c72190c4bf
Create netgear-wnap320-rce.yaml
...
vulnerabilities in the web-based management interface of Netgear WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 08:35:22 +09:00
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Prince Chaddha
2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
...
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
Prince Chaddha
bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
...
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
Prince Chaddha
ac45802ef5
Update kevinlab-bems-sqli.yaml
2021-07-24 12:10:46 +05:30
Prince Chaddha
2631f55550
Update kevinlab-bems-backdoor.yaml
2021-07-24 12:07:27 +05:30
Prince Chaddha
9a46592f71
Update kevinlab-bems-sqli.yaml
2021-07-24 11:59:35 +05:30
Prince Chaddha
87b4c2e98b
Update kevinlab-bems-sqli.yaml
2021-07-24 11:47:05 +05:30
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
9617bc5815
matcher update
2021-07-24 03:25:22 +05:30
sandeep
47ea40bc55
Update kevinlab-bems-backdoor.yaml
2021-07-24 03:17:53 +05:30
Sandeep Singh
b346584002
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:25:13 +05:30
Sandeep Singh
1909e3f628
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:37 +05:30
Sandeep Singh
59f90ffffa
Merge pull request #2150 from pussycat0x/master
...
New templates added
2021-07-24 00:09:43 +05:30
sandeep
79e15e7123
Update wordpress-wpcourses-info-disclosure.yaml
2021-07-24 00:07:50 +05:30
sandeep
43dccef185
generic improvements
2021-07-24 00:06:13 +05:30
sandeep
97aa239d52
Merge branch 'master' of https://github.com/pussycat0x/nuclei-templates into pr/2037
2021-07-24 00:00:55 +05:30
sandeep
3960d1f295
strict matchers
2021-07-23 23:59:54 +05:30
Sandeep Singh
38c2b6d4a9
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:58 +05:30
Sandeep Singh
bdfee95603
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:33 +05:30
Sandeep Singh
6ebd1a36e0
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:28 +05:30
Sandeep Singh
edc62d15a4
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:20 +05:30
Sandeep Singh
5170f4962b
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:14 +05:30
Sandeep Singh
1feaaded28
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:26 +05:30
Sandeep Singh
750a86c500
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:14 +05:30
Sandeep Singh
04b71d9335
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:06 +05:30
Sandeep Singh
b82ac4b3fc
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:40:56 +05:30
sandeep
28d7d26953
Update wp-sfwd-lms-listing.yaml
2021-07-23 23:39:46 +05:30
Prince Chaddha
ca49fb21c7
Merge pull request #2154 from pdelteil/patch-25
...
Update coldfusion-debug-xss.yaml
2021-07-23 20:54:31 +05:30
Prince Chaddha
2dfa3d2e82
Update visual-tools-dvr-rce.yaml
2021-07-23 20:46:49 +05:30
Prince Chaddha
1dd4e3c846
Update visual-tools-dvr-rce.yaml
2021-07-23 15:15:23 +05:30
GwanYeong Kim
2c77510faa
Create visual-tools-dvr-rce.yaml
...
vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 08:47:29 +09:00
Philippe Delteil
abacdafb4f
Update coldfusion-debug-xss.yaml
...
The term adobe is more general than coldfusion. Since Coldfusion is a product of Adobe.
2021-07-22 19:44:57 -04:00
pussycat0x
d3ff29daaa
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:13 +05:30
pussycat0x
6987e1ffee
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:05 +05:30
pussycat0x
eac08288e8
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:33 +05:30
pussycat0x
05846a34c7
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:13 +05:30
pussycat0x
a81e3b53cb
Add files via upload
2021-07-22 19:42:25 +05:30
GwanYeong Kim
69db0862ee
Create kevinlab-bems-backdoor.yaml
...
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 22:13:00 +09:00
GwanYeong Kim
a4ec6a2b11
Create kevinlab-bems-sqli.yaml
...
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 21:46:18 +09:00
Prince Chaddha
5455222476
Merge pull request #2140 from pussycat0x/master
...
New templates added
2021-07-22 17:53:25 +05:30
Prince Chaddha
c17763ac20
Update and rename wp-plugineasy-media-gallery-pro-listing.yaml to easy-media-gallery-pro-listing.yaml
2021-07-22 17:45:43 +05:30
pussycat0x
f00f5eeaa9
Add files via upload
2021-07-22 08:04:21 +05:30
Prince Chaddha
111da22943
Update dedecms-membergroup-sqli.yaml
2021-07-21 18:34:37 +05:30
Prince Chaddha
403a73d1c7
Merge pull request #1085 from pikpikcu/patch-125
...
Create dedecms-carbuyaction-fileinclude.yaml
2021-07-21 18:27:45 +05:30
Prince Chaddha
f5fc07dd72
Merge pull request #1581 from pikpikcu/patch-168
...
Create hiboss-rce
2021-07-21 18:27:38 +05:30
Prince Chaddha
08541f08c4
Update dedecms-carbuyaction-fileinclude.yaml
2021-07-21 18:26:36 +05:30
Prince Chaddha
00ce088daf
Merge pull request #1334 from projectdiscovery/princechaddha-patch-3
...
Create sangfor-edr-auth-bypass.yaml
2021-07-21 18:18:08 +05:30
Prince Chaddha
8d953c45ea
Update sangfor-edr-auth-bypass.yaml
2021-07-21 18:14:42 +05:30
Prince Chaddha
da1ef3b031
Merge pull request #1568 from pikpikcu/patch-166
...
Create h3c-imc-rce
2021-07-21 18:11:11 +05:30
Dhiyaneshwaran
08f160f0e2
Create nginx-merge-slashes-path-traversal.yaml
2021-07-21 13:46:40 +05:30
GwanYeong Kim
16750fd9a2
Create magicflow-lfi.yaml
...
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-21 14:18:00 +09:00
Muhammad Daffa
21809132da
Renamed to CVE-2021-24340.yaml
2021-07-20 13:36:04 +07:00
sandeep
13e5528c46
duplicate update
2021-07-20 11:40:23 +05:30
Muhammad Daffa
d27fb4c3b0
Renamed CVE-2020-8771.yaml
2021-07-20 12:49:16 +07:00
sandeep
4dbf36813d
removing duplicate template
2021-07-20 00:43:39 +05:30
Sandeep Singh
6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
...
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep
13d26d8c6d
moving files around
2021-07-20 00:10:30 +05:30
Muhammad Daffa
68efee3702
Merge branch 'projectdiscovery:master' into master
2021-07-19 19:48:57 +07:00
Muhammad Daffa
7a99c2db48
Rename to CVE-2018-16283
2021-07-19 19:47:31 +07:00
sandeep
96d7a23ccd
removed duplicate
2021-07-19 18:15:42 +05:30
sandeep
a88710e503
Removed duplicate template
2021-07-19 16:56:45 +05:30
Prince Chaddha
574245af0d
Update wp-socialfit-xss.yaml
2021-07-19 11:43:07 +05:30
Prince Chaddha
5fcbd0e446
Update wp-slideshow-xss.yaml
2021-07-19 11:42:34 +05:30
Prince Chaddha
f77f66d1e6
Update wp-phpfreechat-xss.yaml
2021-07-19 11:41:40 +05:30
Prince Chaddha
4df08a33c4
Update wp-nextgen-xss.yaml
2021-07-19 11:41:15 +05:30
Prince Chaddha
0329b1b2fb
Update wp-knews-xss.yaml
2021-07-19 11:40:45 +05:30
Prince Chaddha
e14b31489b
Update wp-flagem-xss.yaml
2021-07-19 11:40:14 +05:30
Prince Chaddha
705f431c1c
Update wp-finder-xss.yaml
2021-07-19 11:39:33 +05:30
Prince Chaddha
57c3f3ec20
Update wp-custom-tables-xss.yaml
2021-07-19 11:38:50 +05:30
Prince Chaddha
ac66db36f3
Update wp-church-admin-xss.yaml
2021-07-19 11:38:22 +05:30
GwanYeong Kim
19fa522fec
Create mirai-unknown-rce.yaml
...
The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 22:44:29 +09:00
sandeep
63ae086b67
Payload + matcher update
2021-07-17 23:02:43 +05:30
sandeep
fc38b27176
minor update
2021-07-17 16:32:15 +05:30
Prince Chaddha
33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
...
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Sandeep Singh
fbc281f0a1
Merge pull request #2027 from projectdiscovery/yapi-rce
...
Added Yapi RCE
2021-07-16 17:27:37 +05:30
sandeep
6d27a6fe8e
payload update
2021-07-16 00:34:38 +05:30
SaN ThosH
07db6737e5
Update wordpress-woocommerce-sqli.yaml
2021-07-16 00:08:42 +05:30
Prince Chaddha
9b7a57bf15
Update wordpress-woocommerce-sqli.yaml
2021-07-15 23:35:02 +05:30
Sandeep Singh
9286c79bc1
Rename optiLink-ont1gew-gpon-rce.yaml to optilink-ont1gew-gpon-rce.yaml
2021-07-15 23:15:45 +05:30
sandeep
6bf13454ae
Update optiLink-ont1gew-gpon-rce.yaml
2021-07-15 23:15:22 +05:30
sandeep
382534fedc
Update wordpress-woocommerce-sqli.yaml
2021-07-15 22:58:43 +05:30
rootxharsh
ede6df8fa4
Add WooCommerce SQLi Template
2021-07-15 17:02:19 +00:00
sandeep
642f71278d
Added Yapi RCE
2021-07-15 22:11:22 +05:30
sandeep
6fcbe11064
Update oscommerce-rce.yaml
2021-07-15 18:29:24 +05:30
sandeep
9e7bf184b7
minor update
2021-07-15 18:28:08 +05:30
Suman Kar
e9b5b8fceb
osCommerce 2.3.4.1 - Remote Code Execution
2021-07-15 18:11:26 +05:30
Prince Chaddha
ba64446d08
Update nativechurch-wp-theme-lfd.yaml
2021-07-15 17:43:45 +05:30
Prince Chaddha
a95133ee3d
Update and rename nativechurch-wp-theme-lfd.yaml to vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml
2021-07-15 15:16:37 +05:30
Prince Chaddha
615db88ce6
Merge pull request #2004 from daffainfo/patch-49
...
Create wp-custom-tables-xss.yaml
2021-07-15 14:53:41 +05:30
Prince Chaddha
7cecd5aa3e
Update wp-custom-tables-xss.yaml
2021-07-15 14:34:40 +05:30
Prince Chaddha
22ecd2a192
Merge pull request #2016 from DhiyaneshGeek/master
...
Severity Update
2021-07-15 14:14:38 +05:30
Prince Chaddha
887e7bcfab
Update wordpress-updraftplus-pem-key.yaml
2021-07-15 14:13:25 +05:30
Dhiyaneshwaran
69b04c8a98
Update wordpress-updraftplus-pem-key.yaml
2021-07-15 13:51:19 +05:30
GwanYeong Kim
1eb999ce02
Create optiLink-ont1gew-gpon-rce.yaml
...
vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:57:34 +09:00
Muhammad Daffa
ad3f81bc95
Create wp-custom-tables-xss.yaml
2021-07-15 06:21:50 +07:00
Sandeep Singh
11dc9db49e
Merge pull request #1997 from skar4444/sassy-update
...
Update-sassy-social-share-xss
2021-07-14 20:56:57 +05:30
sandeep
117b0558a9
Update sassy-social-share.yaml
2021-07-14 20:55:05 +05:30
Prince Chaddha
5182b88b54
Merge pull request #1871 from projectdiscovery/huijietong-cloud-fileread
...
Create huijietong-cloud-fileread.yaml
2021-07-14 19:27:43 +05:30
Prince Chaddha
ecd98c6403
Merge pull request #1967 from daffainfo/patch-31
...
Create wp-slideshow-xss.yaml
2021-07-14 19:15:07 +05:30
Prince Chaddha
55ea2242b7
Rename vulnerabilities/wp-slideshow-xss.yaml to vulnerabilities/wordpress/wp-slideshow-xss.yaml
2021-07-14 19:14:06 +05:30
Prince Chaddha
9fb7e17c0d
Merge pull request #1966 from daffainfo/patch-30
...
Create wp-nextgen-xss.yaml
2021-07-14 19:10:26 +05:30
Prince Chaddha
933c1d5f05
Merge pull request #1965 from daffainfo/patch-29
...
Create wp-flagem-xss.yaml
2021-07-14 19:09:34 +05:30
Suman Kar
00f1e65d50
Update-sassy-social-share-xss
2021-07-14 17:01:59 +05:30
sandeep
7e258fcae2
template-fix
2021-07-14 16:07:09 +05:30
Muhammad Daffa
69dd5ae8a0
Adding some path
2021-07-13 18:24:23 +07:00
Muhammad Daffa
6b8a398a76
Create wp-slideshow-xss.yaml
2021-07-13 18:20:25 +07:00
Muhammad Daffa
62cb5ce2bc
Create wp-nextgen-xss.yaml
2021-07-13 18:17:14 +07:00
Muhammad Daffa
c751aca059
Create wp-flagem-xss.yaml
2021-07-13 18:15:43 +07:00
Sandeep Singh
83ee761691
Merge pull request #1957 from projectdiscovery/hasura-graphql-ssrf
...
Create hasura-graphql-ssrf.yaml
2021-07-13 15:58:27 +05:30
sandeep
c8c49c5046
Update hasura-graphql-ssrf.yaml
2021-07-13 15:58:06 +05:30
sandeep
5fe872788f
minor update
2021-07-13 15:57:10 +05:30
Sandeep Singh
e167cf0ab9
Merge pull request #1937 from daffainfo/patch-20
...
Create wp-phpfreechat-xss.yaml
2021-07-13 15:45:53 +05:30
Sandeep Singh
df0e4b7117
Merge pull request #1938 from daffainfo/patch-21
...
Create wp-finder-xss.yaml
2021-07-13 15:42:29 +05:30
Sandeep Singh
67a679860e
Update wp-finder-xss.yaml
2021-07-13 15:41:44 +05:30
Sandeep Singh
500f0b70f8
Merge pull request #1936 from daffainfo/patch-19
...
Create wp-knews-xss.yaml
2021-07-13 15:36:57 +05:30
Sandeep Singh
08f2cfea0b
Merge pull request #1924 from daffainfo/master
...
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
2021-07-13 15:29:49 +05:30
sandeep
a8be22ad0a
Removed as it requires admin login
2021-07-13 15:28:48 +05:30
Sandeep Singh
5a2d81e578
Merge pull request #1935 from daffainfo/patch-18
...
Create wp-church-admin-xss.yaml
2021-07-13 15:22:31 +05:30
sandeep
06efff9ddd
minor update
2021-07-13 15:21:26 +05:30
Sandeep Singh
cb32c05cfa
Merge pull request #1953 from Akokonunes/patch-17
...
Create wordpress-wordfence-lfi.yaml
2021-07-13 15:00:01 +05:30
sandeep
47a07b533b
moving files around
2021-07-13 14:59:11 +05:30
Sandeep Singh
920255635b
Merge pull request #1876 from pussycat0x/master
...
web-ftp
2021-07-13 01:53:15 +05:30
sandeep
8b8663970f
minor update
2021-07-13 01:44:24 +05:30
sandeep
81f1f8badc
minor update
2021-07-13 01:43:52 +05:30
pussycat0x
a1d3678a70
Add files via upload
2021-07-12 23:24:24 +05:30
Prince Chaddha
4ef8ed8e97
Create hasura-graphql-ssrf.yaml
2021-07-12 20:49:09 +05:30
Muhammad Daffa
0e195c4138
Merge branch 'projectdiscovery:master' into master
2021-07-12 14:58:59 +07:00
pussycat0x
0f46d27b60
Add files via upload
2021-07-11 23:45:02 +05:30
Muhammad Daffa
64bdaee44e
Create wp-finder-xss.yaml
2021-07-11 13:23:51 +07:00
Muhammad Daffa
d3f21f1793
Create wp-phpfreechat-xss.yaml
2021-07-11 13:19:01 +07:00
Muhammad Daffa
e6272bf44c
Create wp-knews-xss.yaml
2021-07-11 13:11:03 +07:00
Muhammad Daffa
8a6e78934c
Create wp-church-admin-xss.yaml
2021-07-11 13:07:34 +07:00
Prince Chaddha
361a641483
Update wp-socialfit-xss.yaml
2021-07-11 10:16:24 +05:30
Prince Chaddha
5366b70077
Merge pull request #1931 from daffainfo/patch-16
...
Create wp-securimage-xss.yaml
2021-07-11 10:08:02 +05:30
Prince Chaddha
b830f86384
Update wp-securimage-xss.yaml
2021-07-11 10:02:30 +05:30
Prince Chaddha
b1f755466b
Update wp-ambience-xss.yaml
2021-07-11 09:57:44 +05:30
Muhammad Daffa
cc165287fd
Create wp-ambience-xss.yaml
2021-07-11 09:16:13 +07:00
Muhammad Daffa
ab85fd5eba
Create wp-securimage-xss.yaml
2021-07-11 09:10:35 +07:00
Muhammad Daffa
d0ec1acc76
Create wp-socialfit-xss.yaml
2021-07-11 07:41:04 +07:00
Muhammad Daffa
05bc6366f3
Rename wp-supsystic-backup-lfi to wp-supsystic-backup-lfi.yaml
2021-07-11 07:24:41 +07:00
Muhammad Daffa
04e5e30051
Update and rename wp-upsystic-backup-lfi to wp-supsystic-backup-lfi
2021-07-11 07:24:27 +07:00
Muhammad Daffa
e26b467c76
Create wp-upsystic-backup-lfi
2021-07-11 07:22:38 +07:00
Sandeep Singh
6a99a183cd
Merge pull request #1920 from projectdiscovery/wordpress-user-enum
...
Added wordpress-user-enum
2021-07-10 21:56:17 +05:30
sandeep
b228b35f83
Added wordpress-user-enum
2021-07-10 21:54:31 +05:30
Prince Chaddha
ba90f28231
Merge pull request #1909 from gy741/rule-add-v17
...
Create icewarp-webclient-rce.yaml
2021-07-10 09:23:50 +05:30
Prince Chaddha
a0d643561f
Update icewarp-webclient-rce.yaml
2021-07-10 09:18:32 +05:30
Sandeep Singh
c36a62a120
Update jira-unauthenticated-installed-gadgets.yaml
2021-07-10 01:28:30 +05:30
Sandeep Singh
3f46e48426
Update jira-unauthenticated-installed-gadgets.yaml
2021-07-10 01:26:45 +05:30