daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,542 Commits
12 Branches
0 Tags
148 MiB
Commit Graph

3360 Commits (f9861715ab39c45ed714775b32a063a6fe738e3a)

Author SHA1 Message Date
Prince Chaddha 415f37a7a6
Update CVE-2021-27358.yaml 2021-12-24 19:02:18 +05:30
sandeep f892a053a2 Added Grafana unauthenticated snapshot creation 2021-12-24 17:47:55 +05:30
sandeep 54e064767d Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-12-23 21:46:10 +05:30
sandeep 99f5a47202 minor update 2021-12-23 21:40:28 +05:30
GitHub Action 132108f849 Auto Generated CVE annotations [Thu Dec 23 15:43:46 UTC 2021] 🤖 2021-12-23 15:43:46 +00:00
ImNightmaree a76a9baaf4
Create CVE-2021-45046 (#3378) 
* Create CVE-2021-45046

* Update and rename CVE-2021-45046 to CVE-2021-45046.yaml

* minor update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-23 21:11:50 +05:30
Mohamed Elbadry d2d47bfcb0
Update CVE-2021-44228.yaml - Extract DNS interaction IP (#3396) 
* Update CVE-2021-44228.yaml

* lint fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 18:17:30 +05:30
GitHub Action d253ff84ef Auto Generated CVE annotations [Wed Dec 22 06:47:35 UTC 2021] 🤖 2021-12-22 06:47:35 +00:00
pussycat0x 8a77db7919
unauthorized Puppet Node Manager (#3388) 
* Add files via upload

* Update unauthorized-puppet-node-manager-detect.yaml

* Add files via upload

* Add files via upload

* Update CVE-2021-40859.yaml

* misc updates

* minor updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-22 12:16:05 +05:30
GitHub Action 10ba4de0d7 Auto Generated CVE annotations [Tue Dec 21 12:32:40 UTC 2021] 🤖 2021-12-21 12:32:40 +00:00
Prince Chaddha b622f5145d
Merge pull request #3383 from projectdiscovery/princechaddha-patch-2 
Create CVE-2021-26085.yaml
 2021-12-21 18:00:47 +05:30
Prince Chaddha 0c1a5e2c23
Merge pull request #3386 from Akokonunes/patch-93 
Create CVE-2018-15138.yaml
 2021-12-21 17:32:38 +05:30
Prince Chaddha 97b4a8a0e8
Update and rename CVE-2018-15138.yaml to cves/2018/CVE-2018-15138.yaml 2021-12-21 17:25:16 +05:30
GitHub Action 19bfb84638 Auto Generated CVE annotations [Tue Dec 21 11:06:14 UTC 2021] 🤖 2021-12-21 11:06:14 +00:00
GitHub Action 7fe5c23627 Auto Generated CVE annotations [Mon Dec 20 14:33:22 UTC 2021] 🤖 2021-12-20 14:33:22 +00:00
Prince Chaddha b8ee43e27a
Create CVE-2021-26085.yaml 2021-12-20 15:20:14 +05:30
Prince Chaddha d40c6cbaa3
Merge pull request #3377 from daffainfo/patch-284 
Create CVE-2015-2166.yaml
 2021-12-20 13:04:30 +05:30
Prince Chaddha d5c43bb502
Update CVE-2015-2166.yaml 2021-12-20 13:02:41 +05:30
Prince Chaddha 9461383161
Update CVE-2015-0554.yaml 2021-12-20 13:01:11 +05:30
Prince Chaddha 2c279c7388
Update CVE-2015-2166.yaml 2021-12-20 12:56:36 +05:30
Muhammad Daffa bee031da45
Create CVE-2015-2166.yaml 2021-12-19 20:33:58 +07:00
Muhammad Daffa e3c0539174
Create CVE-2015-0554.yaml 2021-12-19 20:23:13 +07:00
Prince Chaddha ca6146a4af
Update CVE-2021-44228.yaml 2021-12-19 14:52:29 +05:30
Ganoes 5f271045d1
CVE-2016-6210 - Fix typo in the regex (#3365) 
* CVE-2016-6210 - Fix typo in the regex

* minor variable update

Co-authored-by: ganoes <karel.rozhon@etnetera.cz>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-18 14:58:35 +05:30
Prince Chaddha fc566d27a8
Create CVE-2021-45092.yaml (#3372) 
* Create CVE-2021-45092.yaml

* Added Thinfinity Iframe Injection

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* Added Thinfinity VirtualUI User Enumeration

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

* added missing tag

Co-Authored-By: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Daniel Mofer <7999779+danielmofer@users.noreply.github.com>
 2021-12-18 14:32:44 +05:30
Abhiram V dd40419ea5
Updated CVE-2021-44228 with most common vulnerable headers (#3334) 
* Updated with common headers which can be exploited

Reference : https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
These headers are collected from above blog in Detecting the Vulnerability part

* fix: lint update

* Update CVE-2021-44228.yaml

* Update CVE-2021-44228.yaml

* Updated changed matchers and extractors regex according to v8.7.3 update

* payload updates for CVE-2021-44228

- more injection points
- a fixed regex to extract uppercase hostnames
- standardized payloads
- printed injection points

Source - https://twitter.com/0xceba/status/1471664540542648322

Co-Authored-By: 0xceba <44234156+0xceba@users.noreply.github.com>
Co-Authored-By: Abhiram V <61599526+Anon-Artist@users.noreply.github.com>

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: 0xceba <44234156+0xceba@users.noreply.github.com>
 2021-12-18 10:51:45 +05:30
sandeep b8fa0d5857 update: added more reference 2021-12-15 21:26:35 +05:30
Geeknik Labs 9c169bd682
Create CVE-2021-44528.yaml (#3342) 2021-12-15 20:43:07 +05:30
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
sandeep 34d4557dad update: making it compatible with self-hosted interactsh server 2021-12-14 03:21:47 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298) 
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
 2021-12-14 02:22:26 +05:30
Nicolas 1411edf332
Updated CVE-2021-44228.yaml (#3335) 
Co-authored-by: olacin <olacin@users.noreply.github.com>
 2021-12-13 20:24:06 +05:30
Prince Chaddha fe4ec9185f
Merge pull request #3325 from 5tr1x/patch-1 
Add X-Forwarded-For and Authentication headers
 2021-12-12 17:31:07 +05:30
Prince Chaddha 1824aef5f5
Update and rename CVE-2018-7467.yaml to cves/2018/CVE-2018-7467.yaml 2021-12-12 16:53:17 +05:30
5tr1x 5dc71681c5
Add X-Forwarded-For and Authentication headers 2021-12-11 15:43:22 -06:00
Mohamed Elbadry 33fbe53930
Create CVE-2021-44228.yaml (#3319) 
* Create CVE-2021-44228.yaml

* fix: syntax fix

* update: added additional path based payload

* update: strict matcher + pulling hostname information of the system

* update: added path based payload

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-12 00:56:50 +05:30
Muhammad Daffa 18d54f5204
Edit magmi workflow (#3312) 2021-12-09 23:28:33 +05:30
GitHub Action a19b941193 Auto Generated CVE annotations [Wed Dec 8 11:18:20 UTC 2021] 🤖 2021-12-08 11:18:20 +00:00
Sandeep Singh 2521cb62bf
Added CVE-2021-43798 (#3296) 
* Added CVE-2021-43798

* updated with default plugin list

* Update grafana-file-read.yaml
 2021-12-08 16:46:47 +05:30
Prince Chaddha 548980ae5b
Update CVE-2021-40856.yaml 2021-12-08 10:25:18 +05:30
GwanYeong Kim 48c6834de6 Create CVE-2021-40856.yaml 
Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-08 09:54:30 +09:00
Prince Chaddha 7905d1dfd7
Merge pull request #3281 from daffainfo/master 
Add 10 templates and edit 1 workflows netsweeper
 2021-12-07 13:59:14 +05:30
Prince Chaddha 684abeb93e
Update CVE-2014-9618.yaml 2021-12-07 13:42:19 +05:30
Prince Chaddha 2fcb784fcf
Update CVE-2014-9617.yaml 2021-12-07 13:38:32 +05:30
Prince Chaddha 6d73776e5d
Update CVE-2014-9615.yaml 2021-12-07 13:25:57 +05:30
Prince Chaddha 7bee8bedd9
Update CVE-2014-9614.yaml 2021-12-07 13:13:49 +05:30
Prince Chaddha ac1439c40f
Update CVE-2014-9608.yaml 2021-12-07 13:05:50 +05:30
Prince Chaddha 891a922592
Update CVE-2014-9609.yaml 2021-12-07 12:56:58 +05:30
Prince Chaddha c3f2e61e48
Update CVE-2014-9608.yaml 2021-12-07 12:55:09 +05:30
Prince Chaddha 881ea5dd3c
Update CVE-2014-9607.yaml 2021-12-07 12:48:33 +05:30