daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/other
History
GwanYeong Kim a2cec40a5d Create goip-1-lfi.yaml 
Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 		2022-02-18 21:33:17 +09:00
..
74cms-sqli.yaml Create 74cms-sqli.yaml 2021-04-06 23:59:29 +05:30
accent-microcomputers-lfi.yaml Update and rename accent-microcomputers-lfi.yaml to vulnerabilities/other/accent-microcomputers-lfi.yaml 2022-01-03 10:24:12 +05:30
acme-xss.yaml Update Severity 2021-09-20 12:11:56 +07:00
antsword-backdoor.yaml Update antsword-backdoor.yaml 2022-02-01 01:52:39 +05:30
asanhamayesh-lfi.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
aspnuke-openredirect.yaml misc tag updates 2021-04-06 12:16:11 +05:30
bems-api-lfi.yaml Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml 2021-08-03 19:55:25 +05:30
beward-ipcamera-disclosure.yaml Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 2021-08-19 16:59:12 +03:00
bitrix-open-redirect.yaml misc update 2021-10-14 19:31:57 +05:30
blue-ocean-excellence-lfi.yaml Update blue-ocean-excellence-lfi.yaml 2021-05-31 15:44:21 +05:30
buffalo-config-injection.yaml Satisfying the linter (all errors and warnings) 2021-08-19 17:44:46 +03:00
bullwark-momentum-lfi.yaml more metadata update 2021-10-22 23:24:21 +05:30
cacti-weathermap-file-write.yaml Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
caucho-resin-info-disclosure.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
chamilo-lms-sqli.yaml matcher and payload update 2021-04-28 19:44:28 +05:30
chamilo-lms-xss.yaml Payload and matcher fix 2021-04-28 14:42:10 +05:30
ckan-dom-based-xss.yaml Update ckan-dom-based-xss.yaml 2021-06-10 17:27:21 +05:30
clockwatch-enterprise-rce.yaml Network template updates & fixes (#3497) 2022-01-07 12:58:37 +05:30
coldfusion-debug-xss.yaml Description 2021-08-02 14:30:22 +03:00
commax-biometric-auth-bypass.yaml Better description 2021-10-14 16:27:26 +03:00
commax-credentials-disclosure.yaml Update and rename commax-cctv-rtsp-credentials-disclosure.yaml to commax-credentials-disclosure.yaml 2021-09-25 11:32:31 +05:30
comtrend-password-exposure.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
concrete-xss.yaml Satisfying the linter (all errors and warnings) 2021-08-19 17:44:46 +03:00
core-chuangtian-cloud-rce.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
couchdb-adminparty.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
cs-cart-unauthenticated-lfi.yaml Add description 2021-10-19 12:56:40 +03:00
dedecms-carbuyaction-fileinclude.yaml Add description 2021-10-14 16:28:41 +03:00
dedecms-membergroup-sqli.yaml Add description 2021-10-14 15:55:59 +03:00
dedecms-openredirect.yaml Update dedecms-openredirect.yaml 2021-02-20 23:12:14 +05:30
dicoogle-pacs-lfi.yaml Update and rename dicoogle-pacs-lfi.yaml to vulnerabilities/other/dicoogle-pacs-lfi.yaml 2021-12-24 19:23:04 +05:30
discourse-xss.yaml xss matchers update 2021-03-04 21:32:34 +05:30
dlink-850L-info-leak.yaml Satisfying the linter (all errors and warnings) 2021-08-19 17:44:46 +03:00
duomicms-sql-injection.yaml more typos 2021-03-10 19:45:41 +05:30
ecology-filedownload-directory-traversal.yaml Create ecology-filedownload-directory-traversal.yaml 2021-04-23 18:50:11 +05:30
ecology-springframework-directory-traversal.yaml Create ecology-springframework-directory-traversal.yaml 2021-04-23 18:52:08 +05:30
ecshop-sqli.yaml Add description 2021-11-23 12:09:00 +02:00
eibiz-lfi.yaml Update and rename eibiz-server-3-8-0-lfi.yaml to vulnerabilities/other/eibiz-lfi.yaml 2021-11-18 21:52:30 +05:30
empirecms-xss.yaml Update empirecms-xss.yaml 2021-04-05 22:13:16 +05:30
erp-nc-directory-traversal.yaml matcher improvements 2021-04-14 01:53:24 +05:30
etouch-v2-sqli.yaml Fixed mistakes/typos in the templates. 2021-08-19 15:30:14 +03:00
ewebs-arbitrary-file-reading.yaml Add description 2021-10-17 15:52:26 +03:00
eyelock-nano-lfd.yaml Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
eyou-email-rce.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
fanruanoa2012-disclosure.yaml Spelling 2021-06-06 10:35:09 +03:00
fatpipe-auth-bypass.yaml Update and rename fatpipe-networks-warp-auth-bypass.yaml to fatpipe-auth-bypass.yaml 2021-09-30 17:18:21 +05:30
fatpipe-backdoor.yaml Better description 2021-10-14 16:31:27 +03:00
feifeicms-lfr.yaml Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 2021-08-18 14:44:27 +03:00
finereport-path-traversal.yaml Product name 2021-04-26 09:07:57 +03:00
flir-path-traversal.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
geovision-geowebserver-lfi.yaml Previous reference is no longer available 2021-10-14 16:05:47 +03:00
geovision-geowebserver-xss.yaml Add description 2021-10-14 16:32:34 +03:00
global-domains-lfi.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
global-domains-xss.yaml Create global-domains-xss.yaml 2021-12-18 14:51:08 +05:30
gloo-unauth.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
goip-1-lfi.yaml Create goip-1-lfi.yaml 2022-02-18 21:33:17 +09:00
groupoffice-lfi.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
gsoap-lfi.yaml Update gsoap-lfi.yaml 2021-09-06 17:34:51 +05:30
h3c-imc-rce.yaml Fixed h3c-imc-rce.yaml (#3401) 2021-12-23 20:23:42 +05:30
hashicorp-consul-rce.yaml oob tags update 2021-10-19 02:10:26 +05:30
hasura-graphql-psql-exec.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
hasura-graphql-ssrf.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
hiboss-rce.yaml Description 2021-10-14 16:35:40 +03:00
hjtcloud-arbitrary-file-read.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
hjtcloud-rest-arbitrary-file-read.yaml strict matcher 2021-06-01 16:08:41 +05:30
homeautomation-v3-openredirect.yaml Add description 2021-10-17 15:54:19 +03:00
hrsale-unauthenticated-lfi.yaml Rename hrsale-unauthenticated-lfi.yaml to vulnerabilities/other/hrsale-unauthenticated-lfi.yaml 2021-11-13 23:37:32 +05:30
huawei-hg659-lfi.yaml Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 2021-08-18 14:44:27 +03:00
huawei-router-auth-bypass.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
huijietong-cloud-fileread.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
icewarp-webclient-rce.yaml Update icewarp-webclient-rce.yaml 2021-07-10 09:18:32 +05:30
interlib-fileread.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
java-melody-xss.yaml Update and rename vulnerabilities/JavaMelody/java-melody-xss.yaml to vulnerabilities/other/java-melody-xss.yaml 2022-01-24 13:15:23 +05:30
jeewms-lfi.yaml Removing extra space from raw HTTP request 2021-12-22 13:33:51 +01:00
jfrog-unauth-build-exposed.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
jinfornet-jreport-lfi.yaml Update and rename jinfornet-jreport-lfi.yaml to vulnerabilities/other/jinfornet-jreport-lfi.yaml 2022-01-03 10:01:12 +05:30
joomla-com-fabrik-lfi.yaml minor update 2021-05-07 14:53:34 +05:30
kafdrop-xss.yaml Give description 2021-05-25 14:35:41 +03:00
karel-ip-phone-lfi.yaml lint fix 2021-10-14 19:50:43 +05:30
kevinlab-bems-backdoor.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
kevinlab-bems-sqli.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
kevinlab-hems-backdoor.yaml Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
keycloak-xss.yaml Update keycloak-xss.yaml 2021-10-09 08:46:17 +05:30
kyocera-m2035dn-lfi.yaml Update and rename kyocera-rx-ecosys-m2035dn-lfi.yaml to vulnerabilities/other/kyocera-m2035dn-lfi.yaml 2022-02-15 02:10:30 +05:30
landray-oa-fileread.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
lotuscms-rce.yaml minor updates 2021-07-04 17:09:45 +05:30
lucee-xss.yaml Add description 2021-10-19 13:17:58 +03:00
luftguitar-arbitrary-file-upload.yaml Add description 2021-10-19 13:03:41 +03:00
maccmsv10-backdoor.yaml Add description 2021-10-26 15:22:21 +03:00
magicflow-lfi.yaml Add description 2021-10-19 13:10:34 +03:00
mcafee-epo-rce.yaml Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
metinfo-lfi.yaml Add description 2021-10-26 15:27:16 +03:00
microstrategy-ssrf.yaml Update microstrategy-ssrf.yaml 2021-10-17 07:46:32 +05:30
mida-eframework-xss.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
minimouse-lfi.yaml Add description 2021-10-19 13:10:29 +03:00
mirai-unknown-rce.yaml oob tags update 2021-10-19 02:10:26 +05:30
mpsec-lfi.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
ms-exchange-server-reflected-xss.yaml Update tags (#3530) 2022-01-13 10:49:53 +05:30
myucms-lfr.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
natshell-path-traversal.yaml matcher update 2021-05-17 19:49:24 +05:30
natshell-rce.yaml misc changes 2021-05-28 11:12:36 +05:30
netgear-router-auth-bypass.yaml Remove: 2022-01-25 14:38:53 -05:00
netgear-router-exposure.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
netgear-wnap320-rce.yaml oob tags update 2021-10-19 02:10:26 +05:30
netis-info-leak.yaml Add description 2021-10-13 11:56:10 +03:00
nginx-merge-slashes-path-traversal.yaml Add description 2021-10-13 12:00:39 +03:00
nginx-module-vts-xss.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
ns-asg-file-read.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
nuuo-file-inclusion.yaml fixed invalid template syntax 2021-10-30 16:47:35 +05:30
nuuo-nvrmini2-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
oa-tongda-path-traversal.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
oa-v9-uploads-file.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
odoo-cms-redirect.yaml Moving files around 2021-06-02 12:22:24 +05:30
oliver-library-lfi.yaml Update and rename oliver-library-server-lfi.yaml to oliver-library-lfi.yaml 2021-12-18 14:23:57 +05:30
opensis-lfi.yaml Improve description 2021-10-13 12:01:33 +03:00
opensns-rce.yaml Add description 2021-10-26 15:27:57 +03:00
openvpn-hhi.yaml Add description 2021-10-19 13:17:58 +03:00
optilink-ont1gew-gpon-rce.yaml Update tags (#3538) 2022-01-16 02:08:21 +05:30
pacsone-server-lfi.yaml Update and rename pacsone-server-6-6-2-lfi.yaml to vulnerabilities/other/pacsone-server-lfi.yaml 2021-12-21 17:32:19 +05:30
parentlink-xss.yaml few updates 2021-03-14 17:07:52 +05:30
pdf-signer-ssti-to-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
php-timeclock-xss.yaml misc update 2021-06-10 14:53:31 +05:30
php-zerodium-backdoor-rce.yaml Add description 2021-10-27 14:05:11 +03:00
phpwiki-lfi.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
pmb-directory-traversal.yaml Make description more clear 2021-10-21 08:55:02 +03:00
pmb-local-file-disclosure.yaml Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
powercreator-cms-rce.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
processmaker-lfi.yaml Add description 2021-10-24 12:38:06 +03:00
qcubed-xss.yaml Add description 2021-10-21 14:13:53 +03:00
qi-anxin-netkang-next-generation-firewall-rce.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
qihang-media-disclosure.yaml Update and rename qihang-media-web-credentials-disclosure.yaml to qihang-media-disclosure.yaml 2021-10-01 16:26:25 +05:30
qihang-media-lfi.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
rce-shellshock-user-agent.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
rconfig-rce.yaml Add description 2021-10-27 14:06:15 +03:00
resin-cnnvd-200705-315.yaml Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 2021-08-18 14:44:27 +03:00
resin-inputfile-fileread.yaml Add reference 2021-08-09 16:10:10 +03:00
resin-viewfile-lfr.yaml Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string 2021-08-18 14:44:27 +03:00
rockmongo-xss.yaml Add description 2021-10-26 15:22:21 +03:00
ruijie-eg-rce.yaml Non-broken link 2021-10-25 09:57:47 +03:00
ruijie-networks-lfi.yaml Add description 2021-10-26 15:22:21 +03:00
ruijie-networks-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
sangfor-edr-auth-bypass.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
sangfor-edr-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
sap-redirect.yaml Add description 2021-10-25 09:58:59 +03:00
sar2html-rce.yaml oob tags update 2021-10-19 02:10:26 +05:30
seacms-rce.yaml Add description 2021-10-26 15:29:20 +03:00
seowon-router-rce.yaml misc updates 2021-11-13 23:01:53 +05:30
servicenow-helpdesk-credential.yaml Added ServiceNow Helpdesk Credential Exposure (#3371) 2021-12-19 23:42:01 +05:30
showdoc-file-upload-rce.yaml removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sick-beard-xss.yaml metadata update 2021-10-22 23:23:25 +05:30
sl-studio-lfi.yaml Update sl-studio-lfi.yaml 2021-12-29 09:20:13 +05:30
sofneta-mecdream-pacs-lfi.yaml Update and rename sofneta-mecdream-pacs-server-lfi.yaml to sofneta-mecdream-pacs-lfi.yaml 2022-01-03 10:21:00 +05:30
solar-log-authbypass.yaml Fix description 2021-10-26 12:45:16 +03:00
sonicwall-sslvpn-shellshock.yaml Add description 2021-10-26 15:28:43 +03:00
spark-webui-unauth.yaml fixed invalid template syntax 2021-10-30 16:47:35 +05:30
sponip-network-system-ping-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
symantec-messaging-gateway.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
tamronos-rce.yaml matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
thinkific-redirect.yaml Update thinkific-redirect.yaml 2021-08-24 14:56:21 +07:00
thruk-xss.yaml Update thruk-xss.yaml 2021-12-09 21:58:15 +05:30
tikiwiki-reflected-xss.yaml Update tikiwiki-reflected-xss.yaml 2021-08-02 21:44:48 +05:30
tpshop-directory-traversal.yaml Correct product name 2021-04-29 09:20:58 +03:00
turbocrm-xss.yaml Add description 2021-10-27 14:04:00 +03:00
twig-php-ssti.yaml Added skip-variables-check for SSTI template 2021-11-09 22:16:37 +05:30
ueditor-file-upload.yaml Add description 2021-10-25 12:58:22 +03:00
unauth-hoteldruid-panel.yaml add description 2021-10-25 10:01:03 +03:00
unauth-spark-api.yaml Add description 2021-10-25 12:55:23 +03:00
unifi-network-log4j-rce.yaml Update nuuno-network-login.yaml (#3701) 2022-02-14 19:53:51 +05:30
vanguard-post-xss.yaml Update vanguard-post-xss.yaml 2021-11-05 21:36:53 +05:30
viewlinc-crlf-injection.yaml Add description 2021-10-25 12:57:40 +03:00
visual-tools-dvr-rce.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
vpms-auth-bypass.yaml Add description 2021-10-25 12:56:03 +03:00
watchguard-credentials-disclosure.yaml Update and rename watchguard-fireware-ad-helper-component-credentials-disclosure.yaml to watchguard-credentials-disclosure.yaml 2021-12-09 21:05:13 +05:30
webui-rce.yaml Add description 2021-10-25 12:54:49 +03:00
wems-manager-xss.yaml Add description 2021-10-25 12:59:08 +03:00
wooyun-2015-148227.yaml Renames vulnerabilities/other/WooYun2015-148227 (#3488) 2022-01-06 12:00:31 +05:30
wooyun-path-traversal.yaml Updated all templates tags with technologies (#3478) 2022-01-05 01:04:16 +05:30
wuzhicms-sqli.yaml Create wuzhicms-sqli.yaml 2021-04-23 18:26:43 +05:30
xdcms-sqli.yaml Create xdcms-sqli.yaml 2021-03-21 10:15:44 +00:00
xerox-efi-lfi.yaml Update xerox-efi-lfi.yaml 2022-01-10 12:07:06 +05:30
yapi-rce.yaml Add description 2021-10-26 15:26:10 +03:00
yarn-resourcemanager-rce.yaml Add description 2021-10-26 15:25:34 +03:00
yishaadmin-lfi.yaml Update and rename yshaadmin-traversal.yaml to yishaadmin-lfi.yaml 2022-02-15 18:33:24 +05:30
zcms-v3-sqli.yaml Create zcms-v3-sqli.yaml 2021-04-23 18:48:00 +05:30
zhiyuan-file-upload.yaml Cleanup some dashboard artifacts 2022-02-04 14:02:53 -05:00
zhiyuan-oa-info-leak.yaml Update zhiyuan-oa-info-leak.yaml 2021-02-24 23:22:23 +05:30
zhiyuan-oa-session-leak.yaml Add description 2021-10-26 15:24:26 +03:00
zimbra-preauth-ssrf.yaml Add description 2021-10-26 15:23:43 +03:00
zms-auth-bypass.yaml Add description 2021-10-26 15:23:43 +03:00