admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix-conflict

Browse Source
This commit is contained in:
Prince Chaddha
2022-10-25 19:10:49 +05:30
parent 6958f78ee7
commit 9ed84adaa6
21 changed files with 69 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2017/CVE-2017-1000029.yaml
View File

@@ -31,4 +31,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/06/09
# Enhanced by mp on 2022/10/24

2
cves/2019/CVE-2019-18957.yaml
View File

@@ -6,11 +6,11 @@ info:
severity: medium
description: |
MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
reference:
- https://seclists.org/bugtraq/2019/Nov/23
- https://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-18957
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

2
cves/2020/CVE-2020-17526.yaml
View File

@@ -6,12 +6,12 @@ info:
severity: high
description: |
Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.
remediation: Change default value for [webserver] secret_key config.
reference:
- https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
- https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E
- http://www.openwall.com/lists/oss-security/2020/12/21/1
- https://nvd.nist.gov/vuln/detail/CVE-2020-17526
remediation: Change default value for [webserver] secret_key config.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score: 7.7

8
cves/2021/CVE-2021-1499.yaml
View File

@@ -1,15 +1,15 @@
id: CVE-2021-1499
info:
name: Cisco HyperFlex HX Data Platform - File Upload Vulnerability
name: Cisco HyperFlex HX Data Platform - Arbitrary File Upload
author: gy741
severity: medium
description: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
description: Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.
reference:
- https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
- https://nvd.nist.gov/vuln/detail/CVE-2021-1499
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz
- http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-1499
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
@@ -53,3 +53,5 @@ requests:
- '"filename:'
- '/tmp/passwd9'
condition: and
# Enhanced by md on 2022/10/20

2
cves/2021/CVE-2021-24236.yaml
View File

@@ -44,10 +44,10 @@ requests:
------WebKitFormBoundaryIYl2Oz8ptq5OMtbU
Content-Disposition: form-data; name="url"
------WebKitFormBoundaryIYl2Oz8ptq5OMtbU
Content-Disposition: form-data; name="checkbox"
yes
------WebKitFormBoundaryIYl2Oz8ptq5OMtbU
Content-Disposition: form-data; name="naam"

2
cves/2021/CVE-2021-45046.yaml
View File

@@ -13,7 +13,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9
cvss-score: 9.0
cve-id: CVE-2021-45046
cwe-id: CWE-502
tags: cve,cve2021,rce,oast,log4j,injection

6
cves/2022/CVE-2022-1574.yaml
View File

@@ -1,11 +1,11 @@
id: CVE-2022-1574
info:
name: HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
name: WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
author: theamanrawat
severity: critical
description: |
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server.
WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
reference:
- https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
- https://wordpress.org/plugins/html2wp/
@@ -50,3 +50,5 @@ requests:
- "status_code_2 == 200"
- "contains(body_2, 'File Upload success')"
condition: and
# Enhanced by md on 2022/10/20

6
cves/2022/CVE-2022-40684.yaml
View File

@@ -14,9 +14,9 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2022-40684
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-40684
cwe-id: CWE-306
cvss-score: 9.6
cve-id: CVE-2022-27593
cwe-id: CWE-288
tags: cve,cve2022,fortinet,fortigate,fortios,fortiproxy,auth-bypass,kev
requests:

9
exposed-panels/laravel-filemanager.yaml
View File

@@ -1,11 +1,16 @@
id: laravel-filemanager
info:
name: Laravel FileManager Panel Detect
name: Laravel File Manager - Panel Detect
author: princechaddha
severity: info
description: Laravel File Manager panel was detected.
reference:
- https://github.com/UniSharp/laravel-filemanager
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: laravel,filemanager,fileupload
requests:
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/10/20

9
exposed-panels/roxy-fileman.yaml
View File

@@ -1,9 +1,14 @@
id: roxy-fileman
info:
name: Roxy Fileman Detect
name: Roxy File Manager - Detect
author: liquidsec,DhiyaneshDk
description: Roxy File Manager was detected.
severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
google-query: intitle:"Roxy file manager"
@@ -32,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/10/20

9
misconfiguration/cx-cloud-upload-detect.yaml
View File

@@ -1,9 +1,14 @@
id: cx-cloud-upload-detect
info:
name: CX Cloud Unauthenticated Upload Detect
name: CX Cloud Unauthenticated Upload - Detect
author: dhiyaneshDk
description: CX Cloud unauthenticated upload was detected.
severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: fileupload
requests:
@@ -15,3 +20,5 @@ requests:
words:
- "<HEAD><TITLE>Display file upload form to the user</TITLE></HEAD>"
condition: and
# Enhanced by md on 2022/10/20

9
misconfiguration/unauthenticated-popup-upload.yaml
View File

@@ -1,11 +1,16 @@
id: unauthenticated-popup-upload
info:
name: Unauthenticated Popup File Uploader
name: Unauthenticated Popup File Upload - Detect
author: DhiyaneshDk
description: Endpoints where files can be uploaded without authentication were detected.
severity: info
reference:
- https://www.exploit-db.com/ghdb/6671
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: edb,fileupload
requests:
@@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/10/20

4
vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
View File

@@ -6,15 +6,15 @@ info:
severity: critical
description: |
Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.
remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
reference:
- https://issues.apache.org/jira/browse/OFBIZ-12449
- https://ofbiz.apache.org/
- https://logging.apache.org/log4j/2.x/security.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cvss-score: 10.0
cve-id: CVE-2021-44228
cwe-id: CWE-77
metadata:

2
vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml
View File

@@ -16,7 +16,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2021-44228
cwe-id: CWE-917
cwe-id: CWE-77
metadata:
shodan-query: title:"Jamf Pro"
verified: "true"

2
vulnerabilities/other/aspnuke-openredirect.yaml
View File

@@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-601
tags: packetstorm,aspnuke,redirect
tags: aspnuke,redirect
requests:
- method: GET

2
vulnerabilities/other/goanywhere-mft-log4j-rce.yaml
View File

@@ -12,8 +12,8 @@ info:
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2021-44228
cwe-id: CWE-77
cve-id: CVE-2021-44228
metadata:
shodan-query: http.html:"GoAnywhere Managed File Transfer"
verified: "true"

2
vulnerabilities/other/homeautomation-v3-openredirect.yaml
View File

@@ -12,7 +12,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-601
tags: packetstorm,iot,redirect
tags: iot,redirect,homeautomation
requests:
- method: GET

2
vulnerabilities/other/opennms-log4j-jndi-rce.yaml
View File

@@ -53,4 +53,4 @@ requests:
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
# Enhanced by cs on 2022/10/06
# Enhanced by cs on 2022/10/24

6
vulnerabilities/other/ueditor-file-upload.yaml
View File

@@ -1,10 +1,10 @@
id: ueditor-file-upload
info:
name: UEditor Arbitrary File Upload
name: UEditor - Arbitrary File Upload
author: princechaddha
severity: high
description: A vulnerability in UEditor allows remote unauthenticated attackers to upload arbitrary files to the server, this in turn can be used to make the application to execute their content as code.
description: UEditor contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://zhuanlan.zhihu.com/p/85265552
- https://www.freebuf.com/vuls/181814.html
@@ -23,3 +23,5 @@ requests:
words:
- "没有指定抓取源"
part: body
# Enhanced by md on 2022/10/20

5
vulnerabilities/weaver/ecology/ecology-arbitrary-file-upload.yaml
View File

@@ -1,9 +1,10 @@
id: ecology-arbitrary-file-upload
info:
name: Ecology Arbitrary File Upload
name: Ecology - Arbitrary File Upload
author: ritikchaddha
severity: medium
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
metadata:
@@ -36,3 +37,5 @@ requests:
- "status_code_1 == 200"
- "contains(body_2, '319463310816') || status_code_2 == 200"
condition: and
# Enhanced by md on 2022/10/20

7
vulnerabilities/wordpress/3dprint-arbitrary-file-upload.yaml
View File

@@ -1,11 +1,12 @@
id: 3dprint-arbitrary-file-upload
info:
name: 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload
name: 3DPrint Lite <1.9.1.5 - Arbitrary File Upload
author: SecTheBit
severity: high
description: |
The p3dlite_handle_upload AJAX action of the plugin does not have any authorisation and does not check the uploaded file, allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.
3DPrint Lite before 1.9.1.5 contains an arbitrary file upload vulnerability. The p3dlite_handle_upload AJAX action of the plugin does not have any authorization and does not check the uploaded file. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: .htaccess prevents the files from being accessed on Web servers such as Apache.
reference:
- https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282
- https://www.exploit-db.com/exploits/50321
@@ -44,3 +45,5 @@ requests:
- "status_code_2 == 200"
- "contains(body_2, '3DPrint-arbitrary-file-upload')"
condition: and
# Enhanced by md on 2022/10/20