Prince Chaddha
415f37a7a6
Update CVE-2021-27358.yaml
2021-12-24 19:02:18 +05:30
sandeep
f892a053a2
Added Grafana unauthenticated snapshot creation
2021-12-24 17:47:55 +05:30
sandeep
54e064767d
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-12-23 21:46:10 +05:30
sandeep
99f5a47202
minor update
2021-12-23 21:40:28 +05:30
GitHub Action
132108f849
Auto Generated CVE annotations [Thu Dec 23 15:43:46 UTC 2021] 🤖
2021-12-23 15:43:46 +00:00
ImNightmaree
a76a9baaf4
Create CVE-2021-45046 ( #3378 )
...
* Create CVE-2021-45046
* Update and rename CVE-2021-45046 to CVE-2021-45046.yaml
* minor update
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-23 21:11:50 +05:30
Mohamed Elbadry
d2d47bfcb0
Update CVE-2021-44228.yaml - Extract DNS interaction IP ( #3396 )
...
* Update CVE-2021-44228.yaml
* lint fix
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-22 18:17:30 +05:30
GitHub Action
d253ff84ef
Auto Generated CVE annotations [Wed Dec 22 06:47:35 UTC 2021] 🤖
2021-12-22 06:47:35 +00:00
pussycat0x
8a77db7919
unauthorized Puppet Node Manager ( #3388 )
...
* Add files via upload
* Update unauthorized-puppet-node-manager-detect.yaml
* Add files via upload
* Add files via upload
* Update CVE-2021-40859.yaml
* misc updates
* minor updates
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-22 12:16:05 +05:30
GitHub Action
10ba4de0d7
Auto Generated CVE annotations [Tue Dec 21 12:32:40 UTC 2021] 🤖
2021-12-21 12:32:40 +00:00
Prince Chaddha
b622f5145d
Merge pull request #3383 from projectdiscovery/princechaddha-patch-2
...
Create CVE-2021-26085.yaml
2021-12-21 18:00:47 +05:30
Prince Chaddha
0c1a5e2c23
Merge pull request #3386 from Akokonunes/patch-93
...
Create CVE-2018-15138.yaml
2021-12-21 17:32:38 +05:30
Prince Chaddha
97b4a8a0e8
Update and rename CVE-2018-15138.yaml to cves/2018/CVE-2018-15138.yaml
2021-12-21 17:25:16 +05:30
GitHub Action
19bfb84638
Auto Generated CVE annotations [Tue Dec 21 11:06:14 UTC 2021] 🤖
2021-12-21 11:06:14 +00:00
GitHub Action
7fe5c23627
Auto Generated CVE annotations [Mon Dec 20 14:33:22 UTC 2021] 🤖
2021-12-20 14:33:22 +00:00
Prince Chaddha
b8ee43e27a
Create CVE-2021-26085.yaml
2021-12-20 15:20:14 +05:30
Prince Chaddha
d40c6cbaa3
Merge pull request #3377 from daffainfo/patch-284
...
Create CVE-2015-2166.yaml
2021-12-20 13:04:30 +05:30
Prince Chaddha
d5c43bb502
Update CVE-2015-2166.yaml
2021-12-20 13:02:41 +05:30
Prince Chaddha
9461383161
Update CVE-2015-0554.yaml
2021-12-20 13:01:11 +05:30
Prince Chaddha
2c279c7388
Update CVE-2015-2166.yaml
2021-12-20 12:56:36 +05:30
Muhammad Daffa
bee031da45
Create CVE-2015-2166.yaml
2021-12-19 20:33:58 +07:00
Muhammad Daffa
e3c0539174
Create CVE-2015-0554.yaml
2021-12-19 20:23:13 +07:00
Prince Chaddha
ca6146a4af
Update CVE-2021-44228.yaml
2021-12-19 14:52:29 +05:30
Ganoes
5f271045d1
CVE-2016-6210 - Fix typo in the regex ( #3365 )
...
* CVE-2016-6210 - Fix typo in the regex
* minor variable update
Co-authored-by: ganoes <karel.rozhon@etnetera.cz>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-18 14:58:35 +05:30
Prince Chaddha
fc566d27a8
Create CVE-2021-45092.yaml ( #3372 )
...
* Create CVE-2021-45092.yaml
* Added Thinfinity Iframe Injection
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
* Added Thinfinity VirtualUI User Enumeration
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
* added missing tag
Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
2021-12-18 14:32:44 +05:30
Abhiram V
dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers ( #3334 )
...
* Updated with common headers which can be exploited
Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part
* fix: lint update
* Update CVE-2021-44228.yaml
* Update CVE-2021-44228.yaml
* Updated changed matchers and extractors regex according to v8.7.3 update
* payload updates for CVE-2021-44228
- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points
Source - https://twitter.com/0xceba/status/1471664540542648322
Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
2021-12-18 10:51:45 +05:30
sandeep
b8fa0d5857
update: added more reference
2021-12-15 21:26:35 +05:30
Geeknik Labs
9c169bd682
Create CVE-2021-44528.yaml ( #3342 )
2021-12-15 20:43:07 +05:30
sandeep
c9ddd7a0ae
update: id + reference update
2021-12-14 21:07:46 +05:30
sandeep
34d4557dad
update: making it compatible with self-hosted interactsh server
2021-12-14 03:21:47 +05:30
Evan Rubinstein
dddb0bbb82
Added CVE-2021-24997 ( #3298 )
...
* Added CVE-39226
* Added CVE-39226
* Delete CVE-39226.yaml
* Renamed CVE-39226 to CVE-2021-39226
Fixed naming error
* Added Wp-Guppy-Information-Disclosure template
* Removed File
Found better descriptor
* Added CVE-2021-24997
Added WordPress Guppy Information Disclosure CVE
* Fixed CVE-2021-24997
Fixed YAML formatting
* Fixed Typo
URL Path had an extra double quote
* Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] 🤖
* Deleted Blank Space
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Added CVE-2021-43496
* Update CVE-2021-43496.yaml
* fix: syntax update
* Added New Vuln
* Update CVE-2021-24997.yaml
* Update CVE-2021-43496.yaml
* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml
* fix: lints update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
Nicolas
1411edf332
Updated CVE-2021-44228.yaml ( #3335 )
...
Co-authored-by: olacin <olacin@users.noreply.github.com>
2021-12-13 20:24:06 +05:30
Prince Chaddha
fe4ec9185f
Merge pull request #3325 from 5tr1x/patch-1
...
Add X-Forwarded-For and Authentication headers
2021-12-12 17:31:07 +05:30
Prince Chaddha
1824aef5f5
Update and rename CVE-2018-7467.yaml to cves/2018/CVE-2018-7467.yaml
2021-12-12 16:53:17 +05:30
5tr1x
5dc71681c5
Add X-Forwarded-For and Authentication headers
2021-12-11 15:43:22 -06:00
Mohamed Elbadry
33fbe53930
Create CVE-2021-44228.yaml ( #3319 )
...
* Create CVE-2021-44228.yaml
* fix: syntax fix
* update: added additional path based payload
* update: strict matcher + pulling hostname information of the system
* update: added path based payload
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-12 00:56:50 +05:30
Muhammad Daffa
18d54f5204
Edit magmi workflow ( #3312 )
2021-12-09 23:28:33 +05:30
GitHub Action
a19b941193
Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖
2021-12-08 11:18:20 +00:00
Sandeep Singh
2521cb62bf
Added CVE-2021-43798 ( #3296 )
...
* Added CVE-2021-43798
* updated with default plugin list
* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
Prince Chaddha
548980ae5b
Update CVE-2021-40856.yaml
2021-12-08 10:25:18 +05:30
GwanYeong Kim
48c6834de6
Create CVE-2021-40856.yaml
...
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-08 09:54:30 +09:00
Prince Chaddha
7905d1dfd7
Merge pull request #3281 from daffainfo/master
...
Add 10 templates and edit 1 workflows netsweeper
2021-12-07 13:59:14 +05:30
Prince Chaddha
684abeb93e
Update CVE-2014-9618.yaml
2021-12-07 13:42:19 +05:30
Prince Chaddha
2fcb784fcf
Update CVE-2014-9617.yaml
2021-12-07 13:38:32 +05:30
Prince Chaddha
6d73776e5d
Update CVE-2014-9615.yaml
2021-12-07 13:25:57 +05:30
Prince Chaddha
7bee8bedd9
Update CVE-2014-9614.yaml
2021-12-07 13:13:49 +05:30
Prince Chaddha
ac1439c40f
Update CVE-2014-9608.yaml
2021-12-07 13:05:50 +05:30
Prince Chaddha
891a922592
Update CVE-2014-9609.yaml
2021-12-07 12:56:58 +05:30
Prince Chaddha
c3f2e61e48
Update CVE-2014-9608.yaml
2021-12-07 12:55:09 +05:30
Prince Chaddha
881ea5dd3c
Update CVE-2014-9607.yaml
2021-12-07 12:48:33 +05:30