40bb93faff
Merge pull request #1773 from pikpikcu/patch-184
...
Create CVE-2020-3580.yaml
2021-06-28 21:44:36 +05:30
40782db039
Merge pull request #1771 from gy741/rule-add-v7
...
Create CVE-2021-3223.yaml
2021-06-28 21:43:59 +05:30
b97811a143
Update CVE-2021-3223.yaml
2021-06-28 21:43:04 +05:30
bce647b441
Added CVE-2015-8813
2021-06-28 17:14:03 +05:30
bae4998f81
Merge pull request #1766 from gy741/rule-add-v6
...
Create CVE-2021-21234.yaml
2021-06-25 16:50:36 +05:30
2d40d90715
Update CVE-2021-21234.yaml
2021-06-25 12:53:22 +05:30
dd98451110
Update CVE-2018-16299.yaml
2021-06-25 12:45:04 +05:30
fca70dd2c7
Update and rename CVE-2018-16299.yaml to cves/2018/CVE-2018-16299.yaml
2021-06-25 12:43:55 +05:30
d1e4b5c510
minor updates
2021-06-25 10:51:00 +05:30
426abedcfa
severity updates as per CVE database
2021-06-25 00:05:59 +05:30
e4e8e6e148
Merge pull request #1776 from pikpikcu/patch-187
...
Create CVE-2021-28169.yaml
2021-06-25 00:02:51 +05:30
a736120dc0
minor updates
2021-06-25 00:02:05 +05:30
e84c784fa2
Merge pull request #1689 from nrathaus/master
...
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
a9a161f8c6
Update CVE-2021-28164.yaml
2021-06-24 23:56:33 +05:30
809668943f
minor changes
2021-06-24 23:54:29 +05:30
b97d012636
Create CVE-2021-28169.yaml
2021-06-24 16:00:02 +00:00
19d80d9d0a
Create CVE-2020-3580.yaml
2021-06-24 15:34:19 +00:00
e7bb4bff23
Create CVE-2021-3223.yaml
...
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 21:07:17 +09:00
37261f7a2f
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml
2021-06-24 16:52:04 +05:30
cc0dd04ac2
Create CVE-2021-21234.yaml
...
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-06-24 14:36:45 +09:00
35cf8d1378
Merge pull request #1221 from projectdiscovery/princechaddha-patch-6
...
Create CVE-2018-9995.yaml
2021-06-24 02:33:20 +05:30
0fbbfdd364
Update CVE-2018-9995.yaml
2021-06-24 02:32:23 +05:30
9479826132
Merge pull request #1747 from Udyz/patch-3
...
Create CVE-2021-21389
2021-06-24 02:26:23 +05:30
416bafe2fa
misc changes
2021-06-24 02:24:58 +05:30
9386111906
making status check generic both case
2021-06-24 00:13:58 +05:30
459dd6b84b
misc changes
2021-06-23 23:48:34 +05:30
67c4713f13
Added status to CVE-2012-3153
2021-06-23 08:26:37 -05:00
6b358f38a9
Merge pull request #1751 from realistic-security/master
...
Create two "Oracle Forms & Reports" Vulnerabilities
2021-06-22 19:43:04 +05:30
672acb880e
Updated Oracle Forms & Reports CVE-2012-3153
2021-06-22 14:53:26 +01:00
04a7fda94a
Update CVE-2021-21389.yaml
2021-06-22 19:12:35 +07:00
014ca91e15
hmm just simple check...
...
sorry i just know little bit english...
2021-06-22 19:07:00 +07:00
1c4a2a56a7
Merge pull request #1734 from darrenmartyn/patch-1
...
Create CVE-2019-4781.yaml
2021-06-22 13:21:04 +05:30
2539c830ac
Update CVE-2019-7481.yaml
2021-06-22 13:20:06 +05:30
c87238c37a
Update CVE-2019-7481.yaml
2021-06-22 13:18:51 +05:30
dcaef6a836
Rename CVE-2021-21389 to CVE-2021-21389.yaml
2021-06-22 04:05:42 +05:30
3844df9fc8
misc changes
2021-06-21 18:09:16 +05:30
ec835a0bc5
Create CVE-2012-3152, CVE-2012-3153
2021-06-21 09:48:42 +01:00
8b43919211
Update CVE-2020-11930.yaml
2021-06-21 14:15:45 +05:30
216b484aec
Update CVE-2020-11930.yaml
2021-06-21 14:15:09 +05:30
ebc202adcb
Create CVE-2020-11930.yaml
2021-06-21 14:11:20 +05:30
0d5a57bc23
Create CVE-2021-21389
2021-06-21 12:33:14 +07:00
c7a11cd1b1
Added CVE-2020-11110
2021-06-20 20:00:19 +05:30
1465ad8c76
Merge pull request #1740 from Akokonunes/patch-9
...
Create CVE-2018-18775.yaml
2021-06-20 16:51:09 +05:30
a2623f5e9d
Update CVE-2018-18775.yaml
2021-06-20 16:49:24 +05:30
b874963894
moved to cves
2021-06-20 16:47:21 +05:30
00ad7ee3db
Moved to cves
2021-06-20 16:43:44 +05:30
bb6fa66dd9
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-06-20 13:56:54 +03:00
80d159c277
Update CVE-2019-7481.yaml
2021-06-19 22:44:05 +01:00
7c65c33396
Update CVE-2019-7481.yaml
...
maybe yaml lint thing doesn't hate me now
2021-06-19 22:42:10 +01:00
722a2bd60c
Update and rename CVE-2019-4781.yaml to CVE-2019-7481.yaml
2021-06-19 21:39:08 +01:00
Sandeep Singh
sandeep
Prince Chaddha
Prince Chaddha
PikPikcU
GwanYeong Kim
Wyatt Dahlenburg
Sidahmed
lulz
Dhiyaneshwaran
Noam Rathaus
darrenmartyn