Merge pull request #1926 from pbssubhash/master

Adding CVE's Exploitation attempt detection: Year - 2010

rules/web/web_cve-2010-0943_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-0943 Exploitation Attempt
+id: f28d6faa-4163-4967-b397-414aab6cbe41
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component com_jashowcase - Directory Traversal:Directory traversal
+  vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  in a jashowcase action to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-0944_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-0944 Exploitation Attempt
+id: 55d082fa-118a-4649-8e06-bf342de0ba84
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component com_jcollection - Directory Traversal:Directory traversal
+  vulnerability in the JCollection (com_jcollection) component for Joomla! allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-0985_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-0985 Exploitation Attempt
+id: 624c389f-24aa-44c2-b702-c2b58eb18ff9
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component com_abbrev - Local File Inclusion:Directory traversal
+  vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla!
+  allows remote attackers to include and execute arbitrary local files via a .. (dot
+  dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1219_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1219 Exploitation Attempt
+id: c05d288c-1f70-4090-8f86-9739afedb14b
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component com_janews - Local File Inclusion:Directory traversal
+  vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote
+  attackers to read arbitrary local files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1304_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1304 Exploitation Attempt
+id: 6bc9b1ee-a560-4944-84d7-02d45d99cdb1
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component User Status - Local File Inclusion:Directory traversal
+  vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1305_exploitation_attempt.yml

@@ -0,0 +1,27 @@
+title: CVE-2010-1305 Exploitation Attempt
+id: 4c450e3e-b786-4bf6-bbf4-f2f44546d61e
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component JInventory 1.23.02 - Local File Inclusion:Directory
+  traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component
+  1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1306_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1306 Exploitation Attempt
+id: 613ccec4-9812-4cc7-a2f5-bf88383cf83d
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Picasa 2.0 - Local File Inclusion:Directory traversal
+  vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla!
+  allows remote attackers to read arbitrary local files via a .. (dot dot) in the
+  controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1307_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1307 Exploitation Attempt
+id: d2bcd27a-de8c-465b-889a-62588138feaa
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Magic Updater - Local File Inclusion:Directory traversal
+  vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1308_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1308 Exploitation Attempt
+id: 4cf2d8e5-2b82-484e-b412-bb5fcfb519eb
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component SVMap 1.1.1 - Local File Inclusion:Directory traversal
+  vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1312_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1312 Exploitation Attempt
+id: fc07dc98-780f-4493-98ce-6e1b7c9742e2
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component News Portal 1.5.x - Local File Inclusion:Directory
+  traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1313_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1313 Exploitation Attempt
+id: 4287d3e9-5ba8-4a00-925b-bce992e8b2d5
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion:Directory
+  traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and
+  1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers
+  to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1314_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1314 Exploitation Attempt
+id: 0ce79c5d-cb0c-4800-a040-a0c8c7ad45d1
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Highslide 1.5 - Local File Inclusion:Directory traversal
+  vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla!
+  allows remote attackers to read arbitrary files via a .. (dot dot) in the controller
+  parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1345_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1345 Exploitation Attempt
+id: b92bc21b-e649-4695-8f7c-8b881e33ed1c
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Cookex Agency CKForms - Local File Inclusion:Directory
+  traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1353_exploitation_attempt.yml

@@ -0,0 +1,25 @@
+title: CVE-2010-1353 Exploitation Attempt
+id: 3a9f4835-3518-40e9-91bc-ebb1d918c055
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component LoginBox - Local File Inclusion:Directory traversal
+  vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1354_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1354 Exploitation Attempt
+id: 841e7037-c68e-40d1-9fd4-d08fee87f124
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component VJDEO 1.0 - Local File Inclusion:Directory traversal
+  vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1470_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1470 Exploitation Attempt
+id: 91dcce8a-b0dc-49e8-a766-9bd0d234d397
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Web TV 1.0 - Local File Inclusion:Directory traversal
+  vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote
+  attackers to read arbitrary files and possibly have unspecified other impact via
+  a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1471_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1471 Exploitation Attempt
+id: c25e9c8b-5bc3-4eda-a29e-62ed09349442
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Address Book 1.5.0 - Local File Inclusion:Directory
+  traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for
+  Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the
+  controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1472_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1472 Exploitation Attempt
+id: d189b718-577a-4826-ba75-7965be24403f
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Horoscope 1.5.0 - Local File Inclusion:Directory traversal
+  vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla!
+  allows remote attackers to read arbitrary files via a .. (dot dot) in the controller
+  parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1473_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1473 Exploitation Attempt
+id: 51848efa-1963-4f90-b9ca-e614ab66c848
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Advertising 0.25 - Local File Inclusion:Directory traversal
+  vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows
+  remote attackers to read arbitrary files and possibly have unspecified other impact
+  via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1474_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1474 Exploitation Attempt
+id: dcb1e22b-b95e-40b0-a95c-620baf73e56d
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion:Directory traversal
+  vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla!
+  allows remote attackers to read arbitrary files and possibly have unspecified other
+  impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1475_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1475 Exploitation Attempt
+id: 58505c84-2d43-4686-9fd3-497a7e4f89a3
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion:Directory
+  traversal vulnerability in the Preventive & Reservation (com_preventive) component
+  1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have
+  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1476_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1476 Exploitation Attempt
+id: a095b6d3-0c40-4719-aa55-01dcb47bc03f
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion:Directory
+  traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5
+  for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the view parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1494_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1494 Exploitation Attempt
+id: 4c7ff51e-47cb-4f89-8a1c-ec71be8d811a
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component AWDwall 1.5.4 - Local File Inclusion:Directory traversal
+  vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1495_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1495 Exploitation Attempt
+id: d87e5c39-a7ed-4f34-8be1-ad1697f3d7d7
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Matamko 1.01 - Local File Inclusion:Directory traversal
+  vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1532_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1532 Exploitation Attempt
+id: 2abfc7f1-cf26-44c4-a3ff-5033bfe6b855
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion:Directory
+  traversal vulnerability in the givesight PowerMail Pro (com_powermail) component
+  1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have
+  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1533_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1533 Exploitation Attempt
+id: a97dbf8e-5234-4821-9033-d1209c55415c
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component TweetLA 1.0.1 - Local File Inclusion:Directory traversal
+  vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1534_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1534 Exploitation Attempt
+id: 2a9be005-a6b9-4cdc-aa9e-4d08ba721143
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Shoutbox Pro - Local File Inclusion:Directory traversal
+  vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1535_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1535 Exploitation Attempt
+id: ce1c278f-5c58-4846-93eb-3fd21ed6b41c
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion:Directory traversal
+  vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows
+  remote attackers to read arbitrary files and possibly have unspecified other impact
+  via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1601_exploitation_attempt.yml

@@ -0,0 +1,25 @@
+title: CVE-2010-1601 Exploitation Attempt
+id: b2dd80fa-e3bf-4321-bc39-c37295d513dd
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component JA Comment - Local File Inclusion:Directory traversal
+  vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1602_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1602 Exploitation Attempt
+id: f042c30f-ec39-4d1f-bc8b-56c94cd870a7
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion:Directory
+  traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for
+  Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1607_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1607 Exploitation Attempt
+id: 699e3765-a82a-4d7c-8214-8e8fe7c57fdd
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component WMI 1.5.0 - Local File Inclusion:Directory traversal
+  vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi)
+  component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary
+  local files via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1657_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1657 Exploitation Attempt
+id: e218a3bd-5583-4737-a993-60c14a6839a8
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component SmartSite 1.0.0 - Local File Inclusion:Directory traversal
+  vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1659_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1659 Exploitation Attempt
+id: dde389b6-a56a-48a6-98f6-a58ea7adc0b6
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion:Directory
+  traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component
+  1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)
+  in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1714_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1714 Exploitation Attempt
+id: 52e333b4-a627-44d5-818d-c222c47568e4
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Arcade Games 1.0 - Local File Inclusion:Directory traversal
+  vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows
+  remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1717_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1717 Exploitation Attempt
+id: 7b5b8495-759b-4ebe-917e-7902579036d9
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component iF surfALERT 1.2 - Local File Inclusion:Directory traversal
+  vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows
+  remote attackers to read arbitrary files and possibly have unspecified other impact
+  via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1718_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1718 Exploitation Attempt
+id: b263bad9-acf2-45d6-a1e7-bfde91cdcf08
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion:Directory
+  traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores)
+  component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary
+  local files via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1719_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1719 Exploitation Attempt
+id: 77d936f8-0b09-4996-bb2e-52893a34f91f
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion:Directory
+  traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for
+  Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1722_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1722 Exploitation Attempt
+id: 26b7051c-48b7-4212-ac5e-c8799fe80bdf
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Online Market 2.x - Local File Inclusion:Directory
+  traversal vulnerability in the Online Market (com_market) component 2.x for Joomla!
+  allows remote attackers to read arbitrary files and possibly have unspecified other
+  impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1875_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1875 Exploitation Attempt
+id: 28aadbf4-5125-4e7c-9f79-c907363bebd2
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Property - Local File Inclusion:Directory traversal
+  vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for
+  Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1953_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1953 Exploitation Attempt
+id: ebcd435e-0ed6-4d35-b08f-d5a875608f82
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion:Directory
+  traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1954_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1954 Exploitation Attempt
+id: 651421c8-279e-4813-954e-64b9d05d1a06
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion:Directory
+  traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component
+  1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a ..
+  (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1955_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1955 Exploitation Attempt
+id: ed851f14-5b09-4463-bd9b-75bade8718ff
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion:Directory
+  traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1956_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1956 Exploitation Attempt
+id: 19d87410-0d59-4176-b0f2-65c2e33c07e7
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion:Directory
+  traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0
+  and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot
+  dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1979_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1979 Exploitation Attempt
+id: 924df1b0-04f2-4e4a-b638-519a6eb3d4e5
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion:Directory
+  traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build
+  880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)
+  in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1980_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1980 Exploitation Attempt
+id: f6af8453-b1d9-4714-a005-fd231d940855
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion:Directory
+  traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr)
+  component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary
+  local files via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1981_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1981 Exploitation Attempt
+id: c0bc20f5-f9f7-4019-83fd-19398acdfb0a
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Fabrik 2.0 - Local File Inclusion:Directory traversal
+  vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote
+  attackers to read arbitrary files via a .. (dot dot) in the controller parameter
+  to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-1983_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-1983 Exploitation Attempt
+id: 113530a7-3288-4f04-887d-127c962e0415
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component redTWITTER 1.0 - Local File Inclusion:Directory traversal
+  vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11
+  for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in
+  the view parameter to index.php
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2033_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2033 Exploitation Attempt
+id: 8081629e-b3a0-4abc-b254-1cdf6cd8f9c8
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla Percha Categories Tree 0.6 - Local File Inclusion:Directory traversal
+  vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x
+  for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2034_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2034 Exploitation Attempt
+id: af8a99cc-e237-405f-a399-dd3d81109c90
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Percha Image Attach 1.1 - Directory Traversal:Directory
+  traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component
+  1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have
+  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2035_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2035 Exploitation Attempt
+id: 58483eec-3415-4b3a-958b-5107727a3388
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal:Directory
+  traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6
+  Beta for Joomla! allows remote attackers to read arbitrary files and possibly have
+  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2036_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2036 Exploitation Attempt
+id: e5fa9960-e1c3-4f95-93c0-66e3c29bd5d8
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal:Directory
+  traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component
+  1.x for Joomla! allows remote attackers to read arbitrary files and possibly have
+  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2122_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2122 Exploitation Attempt
+id: be413e66-166e-42bb-875d-72552abfe774
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component simpledownload 0.9.5 - Local File Disclosure:Directory
+  traversal vulnerability in the SimpleDownload (com_simpledownload) component before
+  0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local
+  files via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2259_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2259 Exploitation Attempt
+id: c26a4ac4-9dff-47b3-a602-70eb83aad468
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component com_bfsurvey - Local File Inclusion:Directory traversal
+  vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote
+  attackers to include and execute arbitrary local files via a .. (dot dot) in the
+  controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2307_exploitation_attempt.yml

@@ -0,0 +1,27 @@
+title: CVE-2010-2307 Exploitation Attempt
+id: dd54adb6-05b1-40d6-a609-d5c8f3745853
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM -
+  Directory Traversal:Multiple directory traversal vulnerabilities in the web server
+  for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC
+  allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash),
+  (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /../../etc/passwd
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2682_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2682 Exploitation Attempt
+id: 74bbe7ca-4136-46a2-a5fd-f521b0c773b3
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion:Directory
+  traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15
+  for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified
+  other impact via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2861_exploitation_attempt.yml

@@ -0,0 +1,27 @@
+title: CVE-2010-2861 Exploitation Attempt
+id: b7f12d62-4aa3-48aa-bfbf-5a12966ebed9
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI:Multiple directory traversal
+  vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier
+  allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm,
+  (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm,
+  and (5) enter.cfm in CFIDE/administrator/.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-2920_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-2920 Exploitation Attempt
+id: c4bdce4d-6a3c-4760-be05-a3bf923f7f0e
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion:Directory
+  traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component
+  1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory
+  traversal sequences in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-3426_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-3426 Exploitation Attempt
+id: 4387e23a-0022-454e-8f9a-e2f19b97fbce
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion:Directory
+  traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha
+  3 for Joomla! allows remote attackers to include and execute arbitrary local files
+  via a .. (dot dot) in the controller parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-4231_exploitation_attempt.yml

@@ -0,0 +1,25 @@
+title: CVE-2010-4231 Exploitation Attempt
+id: 7f38b244-d9e1-4ad4-a4c2-326accaefbfd
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Camtron CMNC-200 IP Camera - Directory Traversal:The CMNC-200 IP Camera
+  has a built-in web server that is enabled by default. The server is vulnerable to
+  directory transversal attacks, allowing access to any file on the camera file system.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /../../../../../../../../../../../../../etc/passwd
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-4617_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-4617 Exploitation Attempt
+id: 62a7a20d-34f2-4b54-962b-539f17723730
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: Joomla! Component JotLoader 2.2.1 - Local File Inclusion:Directory traversal
+  vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows
+  remote attackers to read arbitrary files via directory traversal sequences in the
+  section parameter to index.php.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/web/web_cve-2010-5278_exploitation_attempt.yml

@@ -0,0 +1,26 @@
+title: CVE-2010-5278 Exploitation Attempt
+id: a4a899e8-fd7a-49dd-b5a8-7044def72d61
+author: Subhash Popuri (@pbssubhash)
+date: 2021/08/25
+status: experimental
+description: MODx manager - Local File Inclusion:Directory traversal vulnerability
+  in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and
+  possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to
+  read arbitrary files via a .. (dot dot) in the class_key parameter.
+references:
+  - https://github.com/projectdiscovery/nuclei-templates
+logsource:
+  category: webserver
+detection:
+  selection:
+    c-uri|contains:
+      - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
+  condition: selection
+false_positives:
+  - Scanning from Nuclei
+  - Penetration Testing Activity
+  - Unknown
+tags:
+  - attack.initial_access
+  - attack.t1190
+level: critical

rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml

@@ -1,13 +1,13 @@
 title: Powerup Write Hijack DLL
 id: 602a1f13-c640-4d73-b053-be9a2fa58b96
 status: experimental
-description: |
+description:
  Powerup tool's Write Hijack DLL exploits DLL hijacking for privilege escalation.
  In it's default mode, it builds a self deleting .bat file which executes malicious command. 
  The detection rule relies on creation of the malicious bat file (debug.bat by default).
 references:
     - https://powersploit.readthedocs.io/en/latest/Privesc/Write-HijackDll/
-author: pbssubhash
+author: Subhash Popuri (@pbssubhash)
 date: 2021/08/21
 tags:
     - attack.persistence